Data theft spurs response

Chunghwa Telecom Co (中華電信), the nation's largest telecom operator, yesterday agreed to help consumers change their mobile phone numbers if they suspect that their personal information has been leaked due to the company's flawed internal controls.

"We have received some phone calls from our users, who worried that their personal confidential data might have been divulged," said Leng Tai-fen (冷台芬), a senior managing director at Chunghwa Telecom's marketing department.

The state-run telecom operator has been under growing public pressure to compensate consumers after a scandal in which several employees with Chunghwa Telecom allegedly profited from selling people's personal information to organized crime syndicates, according to an investigation conducted by the Kaohsiung District Prosecutor's Office.

To fend off an increasing number of consumer complaints, the Cabinet-level Consumer Protection Commission yesterday morning announced punitive measures and a restitution agreement by Chunghwa Telecom and other telecom service providers if consumers' information was found to have been leaked.

Under the proposal, Chunghwa Telecom would offer consumers the free number-changing program before the prosecutors release the name list of the victims.

Other service providers -- including Taiwan Cellular Corp (台灣大哥大), Far EasTone Telecommunications Co (遠傳電信), KG Telecommunications Co (和信電訊), Trans Asia Telecommunications Inc (泛亞電信) and Taichung-based Mobitai Communications Corp (東信電訊) -- agreed that consumers can change their phone numbers and get their monthly basic fees remitted for up to three months if they are identified as identity-theft victims.

Chunghwa Telecom also agreed to write off the victims' call charges for up to three months depending on the degree of the damages caused.

Currently, Article 28 of the Law for the Protection of Computer-managed Personal Information (電腦處理個人資料保護法) states that an institution should pay between NT$20,000 and NT$100,000 in damages per victim, said Yang Mei-ling (楊美鈴), secretary general of the Consumer Protection Commission.

The aggregate sum for the compensation is capped at NT$20 million, according to the law.

But the Consumers' Foundation (消基會) claimed that legally-set standards for industry-paid victim compensation were too low.

At a press conference held late yesterday, the foundation said that each victim should be paid NT$100,000, with no upper limit on the total paid out by each company.

Responding to claims that removing limits on restitution would spell bankruptcy for many companies, the foundation said that it thought bankruptcy would be just punishment.

"Companies that allow their customers' information to be stolen by employees deserve to be eliminated and go bankrupt," foundation secretary-general Cheng Jen-hung (程仁宏) said.

The government must also increase the transparency of its investigations, the foundation said.

"Government parties are not doing enough. They cannot just try to patch up the situation by claiming that they are working on the situation," said Hsieh Hung-man (謝宏滿), the foundation's vice secretary-general.

"Up to now, the public still does not know the exact scope of the leakage and has no way of finding out whether or not their own information was compromised. The Consumer Protection Commission needs to re-examine its methodology," he added.