2011-12-05
Operational Costs may be Increased by Enforcement of the Personal Data Protection Act
Taiwan’s Ministry of Justice (MOJ) announced draft Rules for the Enforcement of the Personal Data Protection Act. Officials also stated that because there are still many suggestions and proposals as to 1) how best to define sensitive personal data, 2) methods of notifying the subject of the data, and 3) penalties for violations, the MOJ will make revisions and submit the draft to the Administrative Yuan by the end of 2011.
The draft rules state that private entities that collect personal data indirectly prior to the enforcement of the newly revised Personal Data Protection Act should notify the subject of the data in writing notice, and or by telephone, fax or email, and such entities should make certain that the subjects of such data subjects have been informed, and these entities cannot use the Internet or post advertisements as a means of notification.
Currently, most personal data collected by private entities is collected indirectly. Although entities may notify the subjects of data by email in order to save costs, in most cases, personal data collected does not include the email addresses of the data subjects. Therefore, private entities will be required to use telephone or written letters to notify the subjects of such data collected. According to statistics, medium or large size banks will need to spend NT$ 10 million in order to comply with this new notification obligation.
In addition, the draft rules delete the old rule, which provided that if the data subject does not reply to the notification after a certain period of time, he is deemed to consent to the collection or use of his personal data. This deletion will certainly increase the costs to private companies, as well.
Search
English