Taiwan’s cabinet has accepted the National Development Council’s proposed revisions to the Personal Data Protection Act. The proposed modifications are intended to address recent instances of personal data leaks, which have sparked enormous public outrage and prompted widespread calls for higher financial penalties. The proposed reforms, which would increase fines for personal data breaches, will now be sent to the Legislative Yuan for consideration.
Premier Chen Chien-jen stated that the proposed modifications are an essential step in Executive Yuan’s fight against fraud and that decreasing personal data leaks will also contribute to the prevention of the scheme. He urged relevant central government ministries and agencies to improve enforcement in advance of the anticipated establishment of an independent data protection supervisory agency.
He also urged businesses and individuals to improve their information security and personal data protection practices and to work together to secure the public’s personal data.
Premier Chen was briefed last month by the National Development Council (NDC) on ways to prevent personal data leaks by non-government organisations. The NDC outlined three major methods to improve personal data protection systems and strengthen the private sector’s security capabilities. These are:
- Strengthening the functions of the interministerial liaison meeting on personal data protection;
- Heightening penalties for violation of the personal data protection act; and
- Establishing an independent supervisory mechanism for the protection of personal data.
The government’s strategic actions will reinforce routine administrative checks for high-risk organisations, improve systems for monitoring and reporting severe data breaches, and advocate for enhanced penalties and other changes to the Personal Data Protection Act. The formation of an independent supervisory mechanism will also address the current practical issues in managing personal data regulations across many separate organisational authorities.
Premier Chen stated that the government bodies in charge of overseeing various non-governmental organisations should take preventative steps such as producing an administrative inspection plan each year and enhancing routine administrative checks for high-risk entities.
The Ministry of Digital Affairs (MODA) should work with other ministries and agencies to develop technology and categorisation standards, and all relevant ministries and agencies should work with private companies to implement protective measures and raise awareness of personal data security.
The Financial Supervisory Commission should also encourage public enterprises traded on stock exchanges or in over-the-counter markets to obtain data protection management or information security certification.
Interministerial liaison meetings are held on a regular basis to debate and review enhanced data protection measures. Premier Chen stated that the liaison meeting provides a procedural mechanism via which non-government agencies and their supervisory government authorities would be required to conduct the following:
- Report the leak to the NDC and MODA within 24 hours of its detection;
- Open an administrative investigation in conjunction with the National Institute of Cyber Security within three days; and
- Deliver a completed investigation report within 10 days.
Non-government organisations must correct the situation or face penalties under the Personal Data Protection Act.
In terms of increased penalties, the government will evaluate how regulatory authorities in other countries respond to violations of data security laws and regulations and will advocate for revisions to the Act that strengthen penalties and protect victims.
To prevent future leaks, the government will also compel private enterprises to pay greater attention to protection procedures for personal data collecting and raise investment in data security.