March 17, 2012


Professor Abu Bakar Munir

On April 27, 2010, the Taiwan legislature amended the old Computer Processed Personal Data Protection Act and enacted the new Personal Data Protection Act (PDPA). This new law is expected to enter into force by November 2012.
The PDPA applies to public and private sectors. However, in two “specific circumstances” the PDPA is not applicable; (1) when an individual collects, use or processes personal information in the course of personal activity of a domestic nature, (2) if the audio-visual information is collected, processed or used in public places or public activities and not associated with the other personal information.
Personal information is defined broadly to cover name, date of birth, I.D. Card number, passport number, marital status, family, education, occupation, contact information, social activities and other information which may be used to identify a natural person, both directly and indirectly. The concept of “sensitive data” is introduced.
All types of agencies are subject to the general obligations in articles 5-14, but there are also obligations specific to public agencies in articles 15-18 and to private agencies in articles 19-27. Article 3 of the PDPA provides for the rights of data subjects. The PDPA requires mandatory notification on data breach. Article 12 states that when the personal information is stolen, disclosed, altered or infringed in other ways due to the violation of this Law, the government agency or non-government agency should notify the affected individuals.

The PDPA does not provide for single oversight body and does not create a data protection authority. Enforcement is left to the Ministries responsible for each industry sector. The Act in chapter V provides for provisions on the criminal offences. Interestingly, like the Korean new law, the PDPA allows damages action as well as class action be taken companies and organisations.

March 16, 2012

Lawmakers Focus on Cyberattacks on Infrastructure

During the five-month period between October and February, there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases, according to the Department of Homeland Security, compared with 11 over the same period a year ago. The increase has prompted a new interest in cybersecurity on Capitol Hill, where lawmakers are being prodded by the Obama administration to advance legislation that could require new standards at facilities where a breach could cause significant casualties or economic damage.

Read the article: (Source: The New York Times)

March 1, 2012

French Agency Says Google’s Privacy Policy May Be Illegal

The French data protection authority said that Google’s new privacy policy appeared to violate European Union law, raising the stakes in a showdown with the company only days before it planned to put the new system into effect. Google announced the new policy last month, billing it as a way to streamline and simplify the privacy practices it employed worldwide across about 60 different online services, and to introduce greater clarity for users.

Read the article: (Source: The New York Times)