Sat, Nov 24, 2007 - Page 8 News List

Legislators, government responsible for data loss

By Hoover Tai 戴章皇

Media reports recently told of a credit card salesman who sold credit card application information for thousands of clients to China-based criminal organizations, which then applied for the cards and used them without the victims' knowledge.

Last month and in September, personal information was leaked after notices of fines were posted without envelopes. One hacker also breached Chunghwa Telecom's database and stole personal information.

If such reports have become so frequent, it is easy to imagine how many more are unreported.

Data security poses a serious threat both to financial activities and our lives and property.

The e-mail addresses of almost all staff in my company have been collected and put in a database without our knowledge. This has resulted in the daily reception of hundreds of spam e-mails.

In order to remove spam, the company filters incoming e-mail, but the filters also block several inquiries and communications from important customers.

This causes misunderstandings, as customers sometimes do not receive a prompt response, and affects the operations and trustworthiness of the firm.

My family and friends have almost all been contacted by confidence tricksters.

One acquaintance recently received a visitor who claimed that an inheritance was available and that he required a signature.

I am not sure of the technique used by the conman in question, but the worrying fact is that his organization knew the addresses of the victim's siblings. Each sibling had been approached; imagine what would happen if these thugs were to obtain information on their children's schools.

Breaches of personal data security have allowed these syndicates to obtain all kinds of private information and even kidnap and blackmail victims. A lot of money has been extorted in this way, not to mention the trauma suffered by the victims.

If the Cabinet and the legislature cannot adequately respond to the problem, how can the public feel secure?

The Computer-Processed Personal Data Protection Act (電腦處理個人資料保護法) has been in force since July 1995. Perhaps knowledge of the problem was insufficient at the time, because after several years a number of loopholes have emerged.

A glance at the document revealed an anomaly: Data protected under the act is only that which is "computer-processed and stored." That is, manually processed data is excluded.

And aside from government organizations, only credit organizations and seven other professions are regulated by the law. Other professions are not held accountable even if they divulge private information.

More ridiculous is the fact that the legislation states leakers must have had a profit motive to incur liability.

In addition, those collecting personal information are under no obligation to inform the party in question.

From this I understood why data leaks occur with such frequency. The law -- the last line of defense -- cannot guard against breaches in data security. The Cabinet and the legislature are fully responsible for this and must revise the legislation.

Hoover Tai is the president of Hi-Q Biotech International.

Translated by Angela Hong

This story has been viewed 2137 times.
TOP top