Personal Information Security and Privacy Protection

The Company adopts ISO 27001 information security management system, and its privacy protection has obtained ISO27701 privacy protection management certification. Both of them refer to ISO 27005 risk management standard to identify and manage risks. Taiwan Mobile has set up the Cyber Security and Data Privacy Protection Committee, which invites independent directors for observation and invest resources to implement control. TWM handles internal and external audits every six months. Here is an overview of its operations:

1. The Company president appoints the committee’s chairman, and the top executive of each functional organization shall assign committee members.
2. Meet at least once a quarter.
3. Operations of working groups under the committee:
   • Operations maintenance team: Meet at least once a quarter to implement and improve personal information and information security measures.
   • Internal audit team: TWM colleagues with audit certificates would carry out an internal audit every six months.
   • Emergency response team: Convened by the committee chairman depending on the nature of the incident.
   • Mobile broadband team: Appointed by top managers from technology and operation departments.

In order to implement information security and personal information protection, TWM formulated four strategies in the following figure, so as to improve the protection of customer privacy and company information security.

In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not in compliance with all legal procedures or conditions, we will decline to provide requested information. We always do our best effort to maintain the balance between the protection of customer information / privacy and lawful assistance for public safety. Therefore, the number of requests for customer information by law enforcement agencies is 199,708 in 2021, the percentage that TWM provides as request is 99.98 %.