Benjamin Chiang of CommonWealth Magazine in Taiwan recently discussed some of the consequences of revisions to the 1995 Computer-Processed Personal Data Protection Act (the CDPA). The provisions of the Personal Data Protection Act are expected to go into effect in 2011, and Chiang says that the revised law has created a “legal minefield.” Some snippets from his article:
Before the latest revisions, the Personal Data Protection Act applied only to eight specific industries. But the revised Act applies to all industries and every individual.
For companies or the government, information security will no longer be strictly the business of their information departments once the Act is enforced. Instead, every single employee from the boss down will be liable. If a company or government agency engages in the illegal collection, processing or use of personal data, it is liable for monetary compensation for every single incident of personal data damage. A single injured party may claim up to NT$20,000 in monetary compensation for each incident. All parties involved, from the company or government agency to the person in charge and data processing employees, can be held liable.
Even more harrowingly, injured parties may file class-action suits. Under a single class-action suit, monetary compensation of up to NT$200 million can be claimed. Company owners may even face jail sentences of up to five years.
Another special feature of the revised Act are notification obligations. “Before a company collects information, it must clearly inform the consumer who they are, what the goal of the information gathering is, and for what period of time the information will be used,” says Rhonda Chen, researcher with the Executive Yuan’s Science & Technology Advisory Group and director of the National Information and Communication Security Taskforce office.
While the implications for businesses appear enormous, there is also a significant impact for individuals in their private capacity:
Posting an article or photo of someone else on the Internet or in a personal blog amounts to leaking personal data, if the person concerned has not given his or her approval. “Human flesh searches” – a growing phenomenon in China in which groups collectively investigate, expose and sometimes harass individuals perceived of wrongdoing – entail the unauthorized posting of private information on the Internet. While those who wage these campaigns claim to do so “in the name of justice,” they are in fact violating the Personal Data Protection Act.
Read the full article on CommonWealth Magazine.
Via Dan Bloom, TechEYE.net.