Personal Information Security and Privacy Protection

The Company adopts ISO 27001 information security management system, and its privacy protection has obtained ISO27701 privacy protection management certification. Both of them refer to ISO 27005 risk management standard to identify and manage risks. Taiwan Mobile has set up the Cyber Security and Data Privacy Protection Committee, which invites independent directors for observation and invest resources to implement control. TWM handles internal and third-party audits every six months. Here is an overview of its operations:

  1. The Company president appoints the committee’s chairman, and the top executive of each functional organization shall assign committee members.
  2. Meet at least once a quarter.
  3. Operations of working groups under the committee:
    • Operations maintenance team: Meet at least once a quarter to implement and improve personal information and information security measures.
    • Internal audit team: TWM colleagues with audit certificates would carry out an internal audit every six months.
    • Emergency response team: Convened by the committee chairman depending on the nature of the incident.
    • Mobile broadband team: Appointed by top managers from technology and operation departments.

Jamie Lin, the President of TWM and also the founder, chairman and partners of AppWorks, possesses extensive experience in innovative cybersecurity. He is the company’s top leader with the most expertise in cybersecurity and communications.

Therefore, TWM appoints Jamie, the President with the most abundant cybersecurity experience, to also serve as the Chief Information Security Officer (CISO). In this role, he establishes, promotes, and maintains a culture of information security within the company. He coordinates efforts to counter hacker attacks and drive enterprise digital transformation, leading the management of information security from top to bottom. Jamie formulates clear cybersecurity risk management strategies and diverse cybersecurity solutions, enhancing the efficiency of communication and coordination on security issues between senior executives and the board of directors. He effectively and swiftly manages the implementation of cybersecurity policies and resource allocation, accelerating the integration of cybersecurity into daily business operations.

Under the leadership of the President, TWM further launched multiple cybersecurity projects in 2022, including "Fraud Alert" and "Safe Call" which became revenue-generating tools, establishing the cornerstone of Taiwan Mobile's cybersecurity endeavors in 2022, also known as the "Year of Cybersecurity" for Taiwan Mobile.

TWM has set up the ICT and Personal Information Security Management Division, which is designated department responsible for privacy issues. The processing flow is as below.
1.If a personal data incident occurs, the ICT and Personal Information Security Management Division will receive a notification.
2.The ICT and Personal Information Security Management Division perform incident classification according to the impact and timeliness requirements for incident handling.
3.If a major incident occurs, a response team will be established to conduct incident investigation and draw up a contingency plan.
4.The ICT and Personal Information Security Management Division held a post-event review meeting to formulate a future prevention mechanism for the incident.

In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not in compliance with all legal procedures or conditions, we will decline to provide requested information. We always do our best effort to maintain the balance between the protection of customer information / privacy and lawful assistance for public safety. Therefore, the number of requests for customer information by law enforcement agencies is 198,920 in 2023, the percentage that TWM provides as request is 99.98 %.