修個資法能解決頻傳的個資外洩事件嗎?

活動背景

國內近半年來發生了多起重大個資外洩事件,例如全民戶政資料在網路公開兜售、健保資料遭員工不法外洩長達十餘年;企業的個資事件也曾出不窮,例如政商名流的航空公司會員資料遭公開於外國論壇,共享租車服務業者外洩了40萬筆客戶資料,知名百貨業者也遭駭導致90萬筆會員資料外洩,還有多次遭駭客攻擊竊取個資的大型旅行社案例。無論是公部門或私部門,民眾的個人資料外洩似乎已經成為常態,而肇因可能包含了組織人員缺乏資安或個資保護意識、資安防範措施不足等。

來自於民意代表、消費者團體、人權團體,以及主管機關也提出諸多因應方案,歸納來說包括了設立個資保護專責機關、修改《個資法》提高對個資外洩事件之罰則、個資外洩舉證責任移轉至企業,以及主管機關應盡速通報重大個資外洩事件予國發會及數發部等。

行政院會也在4月13日通過「個人資料保護法修正草案」,預計將成立獨立機關「個人資料保護委員會」,另外對於非公務機關洩漏個資事件,修法條文也提高罰鍰兩萬元至兩百萬元,情節重大者可處十萬元以上至一千萬元。

本座談邀請不同領域專家,就近期國內發生的多起包括公務機關及企業的個資外洩事件,探討在因應上,當前個資法修法的方向是否充足?資安法是否有需要調整適用對象範圍?除透過法規來因應,還有沒有其他處理建議?

時間及地點

時間:2023年05月29日(一) , 14:00-16:00

地點:IEAT國際會議中心11樓第一會議室/Webex會議室
****本活動採實體與線上同步進行****

合作單位:
議程

14:00-14:05  活動介紹
14:05-15:45  焦點座談

  • 主持人-黃彥棻  資安主筆(iThome電腦報 )
  • 與談人-
    • 林俊宏 主持律師  (義謙法律事務所 )
    • 涂予尹 會長(台灣人權促進會 )
    • 葉奇鑫 所長(達文西個資暨高科技法律事務所 )
    • 簡宏偉 執行副總經理(勤業眾信聯合會計師事務所 )
      (依姓名筆劃順序排列)

15:45-16:00  現場問答

Will amending the Personal Data Protection Act solve the frequent incident of data leaks?

Background

There have been several large-scale personal data leaks in the country over the past few months, such as the national household registration data being sold on the dark market, illegal leakage of health insurance data by staff for over a decade, airline membership data of several celebrities being disclosed in an overseas forum, and more than 90,000 customer data being hacked from a local department store, just to name a few.

The leakage of personal data seems to have become a norm in Taiwan, possibly because organizations lack awareness of information security or personal data protection.

To tackle the issue, several solutions have been proposed by consumer groups, human rights organizations, and regulatory agencies. These include establishing specialized agencies for personal data protection, amending the Personal Data Protection Act to increase penalties for personal data leaks, transferring the burden of proof for personal data leaks to businesses, and mandating personal data leak incident reporting to the Authority.

Meanwhile, on April 13th, the Executive Yuan passed the “Personal Data Protection Law Amendment,” which will establish an independent agency named the “Personal Data Protection Commission.” In addition, the amendment will raise fines for businesses leaking personal data from up to NT$2 million to NT$10 million.

The panel invites experts from various fields to discuss whether the current direction of the Personal Data Protection Act amendments is sufficient in response to recent major incidents. The panel will also explore the need for adjustments to the scope of the country’s Information Security Act and other suggestions for handling personal data leaks beyond regulatory means.

Time & Venue

Time: 2023/05/29   02:00-04:00PM

Venue: IEAT International Conference Center Meeting 11F Room 1 (No. 350, Songjiang Road, Zhongshan District, Taipei City)

This event is co-organized with

 

Agenda

14:00-14:05  Introduce
14:05-15:45  Panel Discussion

  • Moderator:
    Huang, Yanfen, Chief Writer of Information Security, iThome Weekly
  • Penelists:

    • Lin, Junhong, Leading Lawyer, Cogito Law Office
    • Tu, Yuyin, President of the Taiwan Association for Human Rights.
    • Yeh,Simon, Managing Partner of DaVinci Personal Data and High-Tech Law Firm
    • Howard Jyan, Executive Vice President, Deloitte Touche Tohmatsu Limited
15:45-16:00  Q&A