Several employees of the National Health Insurance Administration (NHIA) are suspected of leaking people’s personal information. The news caused a public outcry and highlighted that there are big loopholes in government institutions’ information security. In view of this situation, the government should take the following steps:
First, the NHIA should as soon as possible draw up statutory regulations governing the protection of personal information. The National Health Insurance (NHI) database includes sensitive information about all insured people in Taiwan, including their health status and medical records.
However, the Constitutional Court’s Judgement No. 13 last year said that the National Health Insurance Act (全民健康保險法) lacks clear regulations regarding the subject, purpose, conditions, scope and methods of the NHI data storage, the external transmission, provision and use of the data, and about related organizational and procedural monitoring and protection mechanisms, as well as other important matters.
The judgement said that this is contrary to the intent of Article 23 of the Constitution, which embodies the principle of legal reservation, meaning laws should not unnecessarily restrict constitutionally protected rights and freedoms, as well as Article 22, which implicitly safeguards citizens’ right of private communication.
The court instructed the NHIA to amend the act and other related laws, or to enact a special law, to clearly define the matters within three years.
Considering the serious implications of the latest leak, the NHIA should speed up the drafting process of legislative amendments or a new law to bolster the regulation of personal information.
Second, the NHIA and other agencies should review and update their data security management systems. There are many public agencies that store and use people’s personal information. Besides the NHIA, these include police departments, and household registration and tax offices. The Regulations on Classification of Cyber Security Responsibility Levels (資通安全責任等級分級辦法) define government agencies’ cybersecurity responsibility levels on a five-tier scale according to the sensitivity of their purview, the type of information they store and process, and the scale of their communication systems.
The NHIA has the highest cybersecurity responsibility level.
In June 2019, the Ministry of Civil Service, which also has the highest level, discovered a leak of civil servants’ personal information. A Control Yuan investigation found out that the ministry had not fully evaluated its online operations and document management systems, which store information about the qualifications and pay grades of all civil servants, in accordance with relevant regulations, compromizing the security standards of the systems.
In view of the repeated occurrence of such incidents, the Ministry of Digital Affairs should immediately help government agencies comprehensively review the level of their internal information systems and operational processes to see whether there are any deficiencies and loopholes, and make improvements as soon as any such problem is discovered to prevent subsequent cybersecurity risks.
Third, government agencies should bolster the education of civil servants with regard to law, discipline and cybersecurity. The large number of personnel involved in the NHIA case shows that civil servants in general have an insufficient grasp of law and discipline, as well as inadequate awareness of cybersecurity.
The government should make improvements in those three aspects, so that the catchphrase “cybersecurity is national security” can be more than a mere slogan.
Wang Yu-pei is a civil servant.
Translated by Julian Clegg
When I was in Ukraine filming for an upcoming documentary, I was surprised at how frequently my mind naturally tended to map Ukraine’s war experience onto Taiwan, where I have lived for the past 10 years. There are obvious parallels of an imperial nuclear superpower asserting itself over a smaller non-nuclear state, but there are also small mundane things that would impact everyday life. When I saw Ukrainian elderly people filling jugs of water at a church in sub-zero temperatures and hauling it back to their homes which might not have electricity, I imagined the difficulty of a Taiwanese senior
This is the Year of the Dragon. At the beginning of the year, the Chinese government announced that “dragon” is to be translated as long (龍), in a move meant to erase the supposed negative connotations of dragons. In many Western cultures, dragons are often seen as wicked or demonic. This is not just a mere linguistic adjustment. It is symbolic, representing a change in China’s current political culture. Under the overbearing leadership of Chinese President Xi Jinping (習近平), the Chinese government has been undergoing a cultural policy of “de-Westernization.” Although this change in semantics is just one of many
An online petition started by a doctor in Taichung called on lawmakers to halt an amendment that would shorten the time needed for Chinese spouses of Taiwanese to gain citizenship in Taiwan. The amendment could put a strain on Taiwan’s already burdened National Health Insurance (NHI) system, Cheng Ching Hospital thoracic surgery division doctor Tu Cheng-che (杜承哲) said. Doctors have seen many Chinese spouses bring their relatives to hospital emergency rooms, asking for full checkups, he added. “They [Chinese spouses] even tell their relatives that healthcare in Taiwan is free and is easily accessible, and that healthcare providers in Taiwan
On Feb. 15, the UK’s Economist Intelligence Unit released its latest report on the state of democracy around the world. Out of the 167 countries and territories covered by the report, titled Democracy Index 2023: Age of conflict, Taiwan is considered a full democracy, ranking first in Asia and 10th around the world. The index showed that global democracy regressed last year, yet Taiwan countered this trend, a fact that all Taiwanese should take pride in. The report sheds light on the rising tide of authoritarianism, with groups consolidating power within and forming alliances with authoritarian powers without. The international order