A Study of Personal Data Emergency Response Mechanism Required by Law

• Main Authors: Chang, Hsiao-Fang, 張曉芳
• Other Authors: Yeh, Chih-Hsin
• Format: Others
• Language: zh-TW
• Published: 2014
• Online Access: http://ndltd.ncl.edu.tw/handle/2m4p49

碩士 === 東吳大學 === 法律學系 === 102 === With the technological advancement in changing business models, people have more frequent access to personal data in daily life compared to the past, thus exposing them to the much higher risk of personal data leakage. Occurrences of personal data theft have a great impact on the wellbeing of parties concerned, often resulting in loss of money or even endangering life and safety. Hence, it is extremely important for government agencies as well as non-government agencies to establish an appropriate personal data emergency response mechanism in order to timely reduce exposure to risks when personal data incidents take place. However, this matter has not been clearly stipulated in Taiwan’s Personal Information Protection Act. In addition, when a personal data incident is brought up, the first and foremost important matter is to determine whether the leak falls under the scope of personal data. In Taiwan, personal data is currently defined through two concepts; namely, direct identification and indirect identification, the outcome of legislators’ concern for omissions because of the diverseness of personal data. However, the extensiveness of the indirect concept may trouble and limit non-government agencies’ operations. Therefore, definitions of personal data adopted by countries around the world and the personal data emergency response mechanisms used, as well as Taiwan’s Personal Information Protection Act related provisions, were explored. In this study, based on practical work experience, the service company’s personal data emergency response mechanism was evaluated and analyzed to propose comments for modifications, making it more in line with Taiwan’s Personal Information Protection Act provisions. Finally, as for recommendations, based on the analysis results from the two previous chapters on the relevant provisions of personal information protection laws in Taiwan and the other countries, a more appropriate emergency response mechanism was put forth, while the scope of indirect personal data identification was narrowed to propose recommendations for future amendments to Taiwan’s Personal Information Protection Act, in the hope of perfecting personal information protection provisioned by the Personal Information Protection Act and founding the legislative purpose of securing personal information protection.