personal data security, such relevant reports do not need to be issued repetitively (Taiwan)

Article 15 of the Rules for Maintaining the Security of Personal Data Files by Nonpublic Agencies Designated by the Financial Supervisory Commission (hereinafter, the "Rules") provides: "The personal data management unit or personnel of a nonpublic agency shall regularly submit relevant self-assessment reports in order to continuously improve the security maintenance of personal data." According to the Jin-Guan-Fa-10300061221 Circular of July 1, 2014 (hereinafter, the "Circular") from the Financial Supervisory Commission, if the relevant reports submitted by a nonpublic agency pursuant to its internal control and audit systems have covered the required contents and criteria and are sufficient to continuously improve the security maintenance and operation of personal data, such reports do not have to be submitted repetitively.

The Rules are prescribed pursuant to the authorization under the Personal Data Protection Law primarily to regulate the security maintenance of personal data files by relevant financial service sectors. Under Article 15 of the Rules, the personal data management unit or personal of a nonpublic agency shall regularly submit relevant self-assessment reports in order to continuously improve the security maintenance of personal data. With respect to such obligation to submit assessment reports, the Circular indicates that if the relevant reports submitted by a nonpublic agency pursuant to its internal control and audit systems have covered the contents and criteria of self-assessment reports and are sufficient to continuously improve the security maintenance and operation of personal data, assessment reports do not have to be submitted repetitively.