Chapter II Data Collection, Processing and Use by a Government Agency |
| Article 15 | Except for the personal data specified under paragraph 1 of Article 6, the collection or processing of personal data by government agencies shall be for specific purposes and on one of the following bases:
1.where it is within the necessary scope to perform its statutory duties;
2.where consent has been given by the data subject; or
3.where the rights and interests of the data subject will not be infringed upon. |
Info |
| Article 16 | Except for the personal data specified under paragraph 1 of Article 6, government agencies shall use personal data only within the necessary scope of their statutory duties and for the specific purpose of collection; the use of personal data for another purpose shall be only on any of the following bases:
1.where it is expressly required by law;
2.where it is necessary for ensuring national security or furthering public interests;
3.where it is to prevent harm to the life, body, freedom, or property of the data subject;
4.where it is to prevent material harm to the rights and interests of others;
5.where it is necessary for statistics gathering or academic research by a government agency or an academic institution for public interests; provided that such data, as processed by the data provider or as disclosed by the data collector, may not lead to the identification of a specific data subject;
6.where it is for the data subject's rights and interests; or
7.where consent has been given by the data subject. |
Info |
| Article 17 | The government agency may publicize the following items on the Internet or by other proper means for inquiries; the above provisions are applicable to amendment thereof:
- name of personal information file;
- name of the government agency keeping the personal information file and its contact information;
- basis and purpose of keeping the file;
- classification of personal information.
|
|
| Article 18 | Government agencies shall appoint a Personal Data Protection Officer, designated by the head of the agency from among suitable personnel to serve concurrently with their original position. Adequate personnel and resources shall be allocated to this officer, who shall be responsible for coordinating, promoting, supervising, and evaluating matters related to personal data protection within the agency, its subordinate agencies, and agencies under its supervision.
Government agencies shall designate personnel to handle the security and maintenance of personal data files, preventing the theft, alteration, damage, loss, or leakage of personal data. The regulations on the security and maintenance, management mechanisms, measures to be taken, and other related matters concerning personal data files shall be prescribed by the competent authority.
Government agencies shall not impose unfavorable disciplinary actions or take management measures against personnel for lawfully performing personal data protection duties.
The competent authority shall properly plan and implement competency training for the personnel referred to under Paragraphs 1 and 2 to enhance their professional knowledge and skills in personal data protection.
The regulations on the duties, competency requirements, training, and other relevant matters for the personnel referred to under Paragraphs 1 and 2 shall be prescribed by the competent authority. |
Info |