TAIWAN Trends and Developments Contributed by: Tsung-Yuan Shen, Rachel Chen and Josh Tsai, Lee and Li Attorneys-at-Law
• monitor for abnormal data access activities on sys - tems storing personal data and conduct periodic incident response drills; • regularly assess equipment for security vulnerabili - ties; • continuously update and operate antivirus software and perform routine malware scans; • implement authentication mechanisms for systems containing personal data, ensuring that account and password complexity meet established stand - ards; • minimise, to the greatest extent practicable, the use of actual personal data in system testing envi - ronments; • conduct periodic inspections of systems process - ing personal data; and • assess usage scenarios and apply data masking techniques where appropriate. Cloud service providers (CSPs) may refer to MODA’s Reference Guidelines for Implementation of Personal Data Protection and Information Security by the Infor - mation Service Industry, and may also refer to pub - lished standards such as ISO/IEC 27001 (Information Security Management System), ISO/IEC 27701 (Pri - vacy Information Management System) or the Taiwan Personal Information Protection and Administration System (TPIPAS) when establishing their personal information management systems and information security management systems. Common security measures include: • encrypting database-resident data (eg, AES-256); • protecting backup data through encrypted storage, automated backups, automated compression and automated key encryption; • adopting Secure Sockets Layer/Transport Layer Security (SSL/TLS) transport encryption for appli - cation programming interface (API)-based trans - missions; • applying data masking for display purposes; • providing encrypted channels for customers trans - mitting sensitive data; • masking unnecessary elements of sensitive data during transmission; and • implementing access-control measures for cus - tomer entitlements.
Additionally, entities should deploy and periodically update system servers, office automation network
protections and application firewalls. Management of data storage media
Covered entities must apply appropriate protective measures and technologies tailored to the character - istics and usage of data storage media. Such entities must establish and enforce management protocols for custodianship and control access to environments where storage media are kept. Information security incident response Entities must maintain effective mechanisms for responding to, notifying data subjects of and pre - venting information security incidents. Such mecha - nisms should include procedures and communication channels designed to mitigate harm and inform data subjects about the incidents and their resolution. Fol - lowing an incident, entities are required to evaluate and implement corrective and preventive actions. In cases where an incident threatens normal operations or the rights and interests of a substantial number of data subjects, the entity must report the incident to MODA within 72 hours of becoming aware using the prescribed reporting format. If the incident is also reported to municipal, county or city authorities, a copy of such report must be submitted to MODA. Competition Law Issues in Generative AI In response to the potential risks of restraint of trade posed by algorithms and generative AI, and to inform future legislation and enforcement efforts, the Taiwan Fair Trade Commission has issued the White Paper on Competition Policy in the Digital Economy and Explanatory Information on Soliciting Public Opinions on Competition Law Issues Related to Generative AI. The competition law concerns arising from algorithms and generative AI can be broadly categorised as fol - lows. Unilateral abuse of market power This category primarily encompasses four key areas. Acquisition of computing resources Computing resources are essential for generative AI development, particularly given the dominance of a few firms, such as Nvidia, in the graphics processing
59 CHAMBERS.COM
Powered by FlippingBook