Several employees of the National Health Insurance Administration (NHIA) are suspected of leaking people’s personal information. The news caused a public outcry and highlighted that there are big loopholes in government institutions’ information security. In view of this situation, the government should take the following steps:
First, the NHIA should as soon as possible draw up statutory regulations governing the protection of personal information. The National Health Insurance (NHI) database includes sensitive information about all insured people in Taiwan, including their health status and medical records.
However, the Constitutional Court’s Judgement No. 13 last year said that the National Health Insurance Act (全民健康保險法) lacks clear regulations regarding the subject, purpose, conditions, scope and methods of the NHI data storage, the external transmission, provision and use of the data, and about related organizational and procedural monitoring and protection mechanisms, as well as other important matters.
The judgement said that this is contrary to the intent of Article 23 of the Constitution, which embodies the principle of legal reservation, meaning laws should not unnecessarily restrict constitutionally protected rights and freedoms, as well as Article 22, which implicitly safeguards citizens’ right of private communication.
The court instructed the NHIA to amend the act and other related laws, or to enact a special law, to clearly define the matters within three years.
Considering the serious implications of the latest leak, the NHIA should speed up the drafting process of legislative amendments or a new law to bolster the regulation of personal information.
Second, the NHIA and other agencies should review and update their data security management systems. There are many public agencies that store and use people’s personal information. Besides the NHIA, these include police departments, and household registration and tax offices. The Regulations on Classification of Cyber Security Responsibility Levels (資通安全責任等級分級辦法) define government agencies’ cybersecurity responsibility levels on a five-tier scale according to the sensitivity of their purview, the type of information they store and process, and the scale of their communication systems.
The NHIA has the highest cybersecurity responsibility level.
In June 2019, the Ministry of Civil Service, which also has the highest level, discovered a leak of civil servants’ personal information. A Control Yuan investigation found out that the ministry had not fully evaluated its online operations and document management systems, which store information about the qualifications and pay grades of all civil servants, in accordance with relevant regulations, compromizing the security standards of the systems.
In view of the repeated occurrence of such incidents, the Ministry of Digital Affairs should immediately help government agencies comprehensively review the level of their internal information systems and operational processes to see whether there are any deficiencies and loopholes, and make improvements as soon as any such problem is discovered to prevent subsequent cybersecurity risks.
Third, government agencies should bolster the education of civil servants with regard to law, discipline and cybersecurity. The large number of personnel involved in the NHIA case shows that civil servants in general have an insufficient grasp of law and discipline, as well as inadequate awareness of cybersecurity.
The government should make improvements in those three aspects, so that the catchphrase “cybersecurity is national security” can be more than a mere slogan.
Wang Yu-pei is a civil servant.
Translated by Julian Clegg
Taiwan stands at the epicenter of a seismic shift that will determine the Indo-Pacific’s future security architecture. Whether deterrence prevails or collapses will reverberate far beyond the Taiwan Strait, fundamentally reshaping global power dynamics. The stakes could not be higher. Today, Taipei confronts an unprecedented convergence of threats from an increasingly muscular China that has intensified its multidimensional pressure campaign. Beijing’s strategy is comprehensive: military intimidation, diplomatic isolation, economic coercion, and sophisticated influence operations designed to fracture Taiwan’s democratic society from within. This challenge is magnified by Taiwan’s internal political divisions, which extend to fundamental questions about the island’s identity and future
The narrative surrounding Indian Prime Minister Narendra Modi’s attendance at last week’s Shanghai Cooperation Organization (SCO) summit — where he held hands with Russian President Vladimir Putin and chatted amiably with Chinese President Xi Jinping (習近平) — was widely framed as a signal of Modi distancing himself from the US and edging closer to regional autocrats. It was depicted as Modi reacting to the levying of high US tariffs, burying the hatchet over border disputes with China, and heralding less engagement with the Quadrilateral Security dialogue (Quad) composed of the US, India, Japan and Australia. With Modi in China for the
The Chinese Nationalist Party (KMT) has postponed its chairperson candidate registration for two weeks, and so far, nine people have announced their intention to run for chairperson, the most on record, with more expected to announce their campaign in the final days. On the evening of Aug. 23, shortly after seven KMT lawmakers survived recall votes, KMT Chairman Eric Chu (朱立倫) announced he would step down and urged Taichung Mayor Lu Shiow-yen (盧秀燕) to step in and lead the party back to power. Lu immediately ruled herself out the following day, leaving the subject in question. In the days that followed, several
The Jamestown Foundation last week published an article exposing Beijing’s oil rigs and other potential dual-use platforms in waters near Pratas Island (Dongsha Island, 東沙島). China’s activities there resembled what they did in the East China Sea, inside the exclusive economic zones of Japan and South Korea, as well as with other South China Sea claimants. However, the most surprising element of the report was that the authors’ government contacts and Jamestown’s own evinced little awareness of China’s activities. That Beijing’s testing of Taiwanese (and its allies) situational awareness seemingly went unnoticed strongly suggests the need for more intelligence. Taiwan’s naval
RSS