Sorry,Website just for Viewing in portrait mode,Thank you.

Personal Information Security and Privacy Protection

In 2004, the Company introduced the ISO/IEC 27001 Information Security Management System, and passed the new BS 10,012 and ISO 29100 personal information and privacy protection certification in 2018. The Company established the Personal Information and Information Security Committee to continuously invest resources and optimize management and carries out internal and external audits every six months. In accordance with the requirements of the international management system, it views and promotes the implementation. It passes the personnel information and information security management evaluation and administrative inspection each year to ensure the management level and becomes the most trusted telecommunications company for users. Its operations are as follows:

  1. Committee member configuration: the General Manager can assign Chairman of Committee and the Chief Executive Officers of each functional organization shall assign committee members.
  2. Meeting frequency: at least once quarterly.
  3. The operation of all groups subordinate to the committee:
    • Operation maintenance team implements and researches and develops the personal information and information security measures, and holds a meeting at least quarterly.
    • Internal audit team is composed of the colleagues with the audit certificate and carries out internal audit every six months.
    • Emergency response team is composed of the related personnel convened by the Chairman of Committee according to the nature of the incident.

Planning of the four aspects - external defense of hackers-establishment of intrusion prevention, internal defense of loss-handling of data loss prevention surveillance, absorbing system planning establishment into security evaluation-establishment of system development security specification, system operating maintenance and monitoring precaution personnel information and information security incident-establishment of information security monitoring and control center in order to implement the user personnel data and internal sensitive information protection.

In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not complied with legal procedure or conditions, TWM will refuse the request. We always do our best effort to maintain the balance between the protection of customer information /privacy and lawful assistance for public safety. Therefore, the percentage that TWM provides the customer information to response the request from the government or law enforcement agencies is 99.9572%.