TAIWAN Trends and Developments Contributed by: Tsung-Yuan Shen, Rachel Chen and Josh Tsai, Lee and Li Attorneys-at-Law
It is important to note, however, that if AI-generated content reproduces original works included in the AI’s training data, and the user subsequently exploits such content commercially, such as by printing AI-gener - ated images for sale, such acts may constitute unau - thorised reproduction of the underlying copyrighted works. To mitigate the risk of copyright infringement claims, AI users are advised to obtain clear authorisa - tion from the AI model’s developer or manager, con - firming that appropriate licences from the holders of economic rights have been secured and that subli - censing for commercial use is permitted. Personal Data Protection and Information Security In addition to compliance with the Personal Data Protection Act (PDPA), the Ministry of Digital Affairs (MODA) introduced the Regulations on Security Main - tenance and Management of Personal Data Files for Digital-Economy-Related Industries (the “Security Maintenance Regulations”) in 2023 to enhance per - sonal data protection within digital economy sectors such as cloud computing service providers, AI model developers, e-commerce platforms and information service providers. Under such regulations, covered entities are required to establish: (i) a personal data file security maintenance plan; and (ii) appropriate pro - tocols for managing personal data upon cessation of business activities. These measures are designed to prevent unauthorised access, theft, alteration, dam - age, loss or disclosure of personal data. The principal obligations are summarised as follows. Personal data protection management policy and security maintenance plan Entities subject to the Security Maintenance Regula - tions must formulate and implement a comprehensive Personal Data File Security Maintenance Plan, which includes procedures for handling personal data upon business termination (collectively referred to as the “Security Maintenance Plan”). This plan must incor - porate provisions ensuring compliance with the PDPA, such as obligations to provide notice and obtain con - sent, respond to requests for inquiry, inspection or copies, maintain data accuracy and notify affected individuals in the event of a data breach. Additionally, entities must adopt an internal personal data protec - tion management policy and related procedures, and circulate such policy internally to ensure that person -
nel are informed of and adhere to the requirements of such policy. Human resources allocation and personnel management Covered entities are required to allocate adequate management personnel and resources responsible for developing, revising and enforcing their personal data protection management policies and Security Mainte - nance Plans. Furthermore, entities shall: • impose confidentiality obligations on employees; • assign access rights to personal data based on business needs, data sensitivity and operational requirements • periodically review the necessity and appropriate - ness of such access rights; • conduct regular training and awareness pro - grammes; and • upon employee termination, ensure the return and deletion of any personal data accessed or retained during employment. Periodic inspections and risk assessments Entities must regularly take inventory of and verify the status of personal data collected, processed or utilised, and shall clearly define the scope of data governed by the Security Maintenance Plan. Entities are also required to conduct periodic risk assessment of business processes affecting personal data and implement appropriate security measures to address identified risks. Information security management measures When handling personal data, covered entities must employ suitable encryption and protective measures for encrypted data, backup copies and data in tran - sit. For personal data processed directly or indirectly through information and communication systems, entities must implement the following security con - trols: • establish and maintain firewalls, email filtering systems, intrusion detection devices and other safeguards against external network threats, with regular updates;
58 CHAMBERS.COM
Powered by FlippingBook