Sun, Nov 05, 2017 - Page 3 News List

Information security draft acts to be reviewed tomorrow

By Tseng Wei-chen and Jake Chung  /  Staff reporter, with staff writer

Six versions of the draft information security management act, all based on the US’ Federal Information Security Modernization Act, are scheduled to be reviewed by the Legislative Yuan tomorrow.

The Executive Yuan, New Power Party (NPP) and People First Party (PFP) have versions set for review, in addition to two drafts by Democratic Progressive Party (DPP) legislators Chen Ting-fei (陳亭妃) and Yu Wan-ju (余宛如) respectively and a draft by Chinese Nationalist Party (KMT) Legislator Jason Hsu (許毓仁).

Under the Executive Yuan version, information security would be managed under three broad categories: governmental agencies, providers of key services to eight industries and government-funded foundations.

The eight industries include energy, water, information and communication, transportation, banking and finance, emergency rescue and hospitals, central and local governments, and science parks.

Under the Executive Yuan version, the Executive Yuan would be responsible for planning and implementing policies regarding national information security, developing related technologies, international exchanges and general planning.

Heads of all government agencies and units would be required to appoint an information security chief and would be obligated to report any security incidents.

Providers of key services and government-funded foundations would also be asked to set down information security plans and reactive measures, and would face fines between NT$100,000 and NT$1 million (US$3,314 and US$33,143) for failing to do so.

Chen’s version is similar to the Executive Yuan’s, but stipulates greater fines — between NT$500,000 and NT$3 million — if government authorities do not set and implement plans to uphold information security.

Providers and foundations would face fines between NT$300,000 and NT$2 million for failing to report incidents.

The NPP version stipulates that the Executive Yuan must establish an information security division tasked with handling all information security affairs, although it does not offer any punitive measures to complement its set of awards and prizes.

The PFP and KMT versions only extend regulations to government agencies, public enterprises and government-funded foundations, but do not limit private or civilian companies.

Yu in her version taps the Executive Yuan’s National Information and Communication Infrastructure Security task force to handle information security management, including the drafting of bills, handling of policy and establishing principles of action.

Ministerial-level agencies, municipalities, county governments and public enterprises would be tasked with the implementation of policies, while the standards for information security would follow the Ministry of Economic Affairs’ example.

If providers of key services were to violate the regulations, they could be fined between NT$100,000 and NT$1 million.

This story has been viewed 2780 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top