Personal Data Protections
In 2004 we established the Information Security Management Committee responsible for overseeing the implementation of information security procedures within the organization. Audits are conducted twice a year by an external third party in accordance with the requirements of the ISO/IEC 27001 International Information Security Management System to review the degree of information security implementation completed. Thus far we have passed all annual assessments of information security management practice by competent authorities as well as relevant administrative inspections, which will ensure the level of required information security management and that subscribers view the company as trustworthy and reliable. Its operations are as follows:
- Appointment of committee members. The President appoints the committee chairman, and the most senior supervisor of each functional organization appoints a member to the committee.
- Meeting frequency: The committee normally meets once quarterly, but if a material issue arises a meeting can be convened upon approval by the committee chairman.
- Operations of each team under the committee:
- Operations & Maintenance Team: Implementing and developing information security measures; meets at least once per quarter.
- Internal Audit Team: The team consists of personnel certified with information security credentials; internal audit is carried out once every six months.
- Emergency Response Team: The committee chairman assembles the team from relevant members based on the nature of the incident.
Internal Audit Team: The team consists of personnel certified with information security credentials; internal audit is carried out once every six months. Emergency Response Team: The committee chairman assembles the team from relevant members based on the nature of the incident.
We built four security shields: protection against external hackers, protection against illegal disclosure from within the organization, incorporation of security assessments into system planning and implementation, and monitoring and prevention of security incidents in system maintenance and operations (refer to the diagram below). The goal is to safeguard users' personal data and protect our confidential and sensitive data, so that our customers can use our services with confidence and assurance.
In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not complied with legal procedure or conditions, TWM will refuse the request. We always do our best effort to maintain the balance between the protection of customer information /privacy and lawful assistance for public safety. Therefore, the percentage that TWM provides the customer information to response the request from the government or law enforcement agencies is 99.945%.