Laws Information

法規資訊
Title: Enforcement Rules of the Personal Information Protection Act
Am Date: 2016-03-02
Legislative History: Amended on March 2, 2016

Transaction

Amended

Article 9
“Law” referred to in Item 1 of the proviso to Paragraph 1 of Article 6, Item 1 of Paragraph 2 of Article 8, Item 1 of the proviso to Article 16, Item 1 of Paragraph 1 of Article 19, and Item 1 of the proviso to Paragraph 1 of Article 20 of the Act shall mean the laws or regulations specifically and clearly authorized by laws.

Article 10
“Legal duty” referred to in Item 2 and Item 5 of the proviso to Paragraph 1 of Article 6, Item 2 and 3 of Paragraph 2 of Article 8, Item 2 of the proviso to Article 10, Item 1 of Article 15, and Article 16 of the Act shall mean the obligations of government agency prescribed in the following laws:
1. laws and regulations authorized by laws;
2. self-government ordinances;
3. self-government regulations authorized by laws or self-government ordinances; or
4. regulations on the commissioning of matters authorized by laws or central government regulations.

Article 11
“Legal obligation” referred to in Item 2 and Item 5 of the proviso to Paragraph 1 of Article 6, and Item 2 of Paragraph 2 of Article 8 of the Act shall mean the obligations of the non-government agency prescribed by laws or regulations specifically and clearly authorized by laws.

Article 12
“Proper security measures” referred to in Item 2 and Item 5 of the proviso to Paragraph 1 of Article 6, “security and maintenance” referred to in Article 18, and “proper security measures” referred to in Item 2 of Paragraph 1 of Article 19 and Paragraph 1 of Article 27 of the Act shall mean the technical or organizational measures taken by the government agency or the non-government agency for the purpose of preventing personal information from being stolen, altered, damaged, destroyed or disclosed.
The measures prescribed in the preceding paragraph may include the following matters and shall follow the principle of appropriate proportionality to achieve the objective of personal information protection:
1. allocating management personnel and substantial resources;
2. defining the scope of personal information;
3. establishing the mechanism of risk evaluation and management of personal information;
4. establishing the mechanism of preventing, giving notice of, and responding to accidents;
5. establishing an internal management procedure of collecting, processing, and using personal information;
6. managing information security and personnel;
7. promoting acknowledgement, education and training;
8. managing facility security;
9. establishing a mechanism of auditing information security;
10. keeping records of the use, locus information and proof; and
11. Integrated persistent improvements on the security and maintenance of personal information.

Article 13
“The personal information made public by the Party himself/herself” referred to in Item 3 of the proviso to Paragraph 1 of Article 6, Item 2 of Paragraph 2 of Article 9, and Item 3 of Paragraph 1 of Article 19 of the Act shall mean the personal information disclosed by the Party himself/herself to the general public or specific persons.
“Personal information which has been publicizedlegally” referred to in Item 3 of the proviso to Paragraph 1 of Article 6, Item 2 of Paragraph 2 of Article 9, and Item 3 of Paragraph 1 of Article 19 of the Act shall mean personal information which has been declared or announced in accordance with laws or regulations specifically and clearly authorized by laws, or publicized by means of other legal manners.

Article 14
Pursuant to the Electronic Signatures Act, the written consent given by the Party referred to in Item 6 of the proviso to Paragraph 1 of Article 6, and the provisos to Paragraph 2 and Paragraph 3 of Article 11 of the Act can be made by means of electronic record.

Article 15
If the “consent” referred to in Paragraph 2 of Article 7 of the Act is made together with other expressions of intent in the same document, the collector shall make the Party aware of the contents in an appropriate location and confirm the Party’s consent.

Article 17
“The information may not lead to the identification of a specific person” referred to in Item 4 of the proviso to Paragraph 1 of Article 6, Item 4 of Paragraph 2 of Article 9, Item 5 of the exception of Article 16, Item 4 of Paragraph 1 of Article 19, and Item 5 of the exception of Paragraph 1 of Article 20 of the Act shall mean the personal information processed by ways of code, anonymity, hiding parts of information or other manners so as to fail to identify such a specific person.

Article 18
“The major interests of a third person may be affected” referred to in Item 3 of the proviso to Article 10 of the Act shall mean that the life, health, freedom, property or other important interests of a third person may be affected.