Personal Information Security and Privacy Protection


The Company adopts ISO 27001 information security management system, and its privacy protection has obtained ISO27701 privacy protection management certification. Both of them refer to ISO 27005 risk management standard to identify and manage risks. Taiwan Mobile has set up the Cyber Security and Data Privacy Protection Committee, which invites independent directors, Dr. Chung who has Information and security related background during his term of office at the Executive Yuan (the Cabinet) of Taiwan, for observation and invest resources to implement control. TWM handles internal and third-party audits every six months. Here is an overview of its operations:

  1. The Company president appoints the committee’s chairman, and the top executive of each functional organization shall assign committee members.
  2. Meet at least once a quarter.
  3. Operations of working groups under the committee:
    • Operations maintenance team: Meet at least once a quarter to implement and improve personal information and information security measures.
    • Internal audit team: TWM colleagues with audit certificates would carry out an internal audit every six months.
    • Emergency response team: Convened by the committee chairman depending on the nature of the incident.
    • Mobile broadband team: Appointed by top managers from technology and operation departments.


Jamie Lin, the President of TWM appointed Mr. Ivan as CISO. Mr. Ivan is the company’s top security leader with the most expertise in cybersecurity and communications. He has completed Certified Information Security Manager (CISM) course and experiences in IS/IT security and control.

The responsibilities of TWM's CISO are the same with that of the CISO position in the industry, including establishing and maintaining the organization’s vision, strategy, and program to ensure information assets and technologies are well protected.

TWM has set up the ICT and Personal Information Security Management Division, which is responsible for supervising and reviewing information security implementation, supervision and management. TWM has also installed the Cyber Security and Data Privacy Protection Committee – which is responsible for supervising and reviewing all matters concerning the implementation of the personal information and information security management system.

We pay high attention to the latest information security issues. Therefore, we set up a [Mobile Broadband information security group] under the Cyber Security and Data Privacy Protection Committee, inviting manager/ deputy manager-level supervisors from all technical units to participate in the group to effectively resolve any mobile broadband related security issues.

TWM’s ICT and Personal Information Security Management Division, which is designated department responsible for privacy issues. The processing flow is as below.

  1. If a personal data incident occurs, the ICT and Personal Information Security Management Division will receive a notification.
  2. The ICT and Personal Information Security Management Division perform incident classification according to the impact and timeliness requirements for incident handling.
  3. If a major incident occurs, a response team will be established to conduct incident investigation and draw up a contingency plan.
  4. The ICT and Personal Information Security Management Division held a post-event review meeting to formulate a future prevention mechanism for the incident.

In the event that a request for customer information received from government or law enforcement agencies, TWM inspects and confirms whether such request complies with legal procedure and conditions, including but not limited to “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications Communication Record”, “Regulations on Telecommunications Business Handling the Related Authorities Inquiring Telecommunications User Information” and any other related regulations stipulated by the competent authority. If such request is not in compliance with all legal procedures or conditions, we will decline to provide requested information. We always do our best effort to maintain the balance between the protection of customer information / privacy and lawful assistance for public safety. Therefore, the number of requests for customer information by law enforcement agencies is 198,920 in 2023, the percentage that TWM provides as request is 99.98 %.