Chinese Taipei: Preparatory Office of the Personal Data Protection Commission closes consultation on Draft Personal Data File Security Maintenance Management Regulations

On 23 March 2026, the Preparatory Office of the Personal Data Protection Commission closes the public consultation on the Draft Personal Data File Security Maintenance Management Regulations, which had been open since 22 January 2026. The Draft Regulations establish a unified framework for the security maintenance and management of personal data files held by public agencies and non-public agencies. The Regulations set out general security management practices for all entities, including establishing notification, reporting and response mechanisms, conducting staff training, implementing organisational and technical security measures, and operating account management and access control measures. The Regulations also prescribe additional measures in relation to certain categories of personal data, including medical records, genetic data, or criminal records. Enhanced security measures would have to be taken by public agencies and large non-public agencies which process personal data of at least 10'000 data subjects. The enhanced measures include establishing a security maintenance plan, carrying out an annual risk assessment, and conducting regular drills for notification, reporting, and response mechanisms.