BreachExchange mailing list archives
Taiwan Introduces Enforceable Data Breach Notification Requirements
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 15 Mar 2011 21:27:30 -0400
http://www.insideprivacy.com/international/tawain-introduces-enforceable-data-breach-notification-requirements/ Taiwan's revised Data Protection Act, which is not yet formally effective, is the first privacy-specific statute in the APAC region to contain an enforceable requirement to notify individuals of a data breach incident. To date, no other privacy legislation in the Asia region has imposed an enforceable legislative requirement to communicate a data breach incident to individuals. A few notable aspects of the legal obligations are as follows: The relevant provision requires that, where a public or private sector agency "violates any provision" of the Act, "such that personal data is stolen, disclosed, altered or otherwise impaired," then "the agency, after investigating shall notify the subjects by appropriate means." The requirement does not extend to every breach occurrence, only those that constitute an actual violation of the Data Protection Act. Certain aspects of the data breach provision remain unclear, such as the extent to which organizations may delay the issuance of notices while investigating an incident. There does not appear to be any requirement to notify any supervisory body of the breach incident. Indeed, the Data Protection Act does not name any a single body with oversight over or enforcement responsibility for the Data Protection Act. It appears that enforcement has been left to individual industry ministries, as is the case in Japan. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Taiwan Introduces Enforceable Data Breach Notification Requirements Jake Kouns (Mar 15)