Privacy protection and Data breach incident response regulation in East Asia and Europe presented at CODEBLUE2020 2020

by Joy Huang,

Summary : In the era of big data and privacy protection, there are many discussions on personal data, privacy protection, and information autonomy around the whole world. In addition, personal data is a part of information assets, and it also falls within the protection scope of information security. The overall information security is built on interlocking security management measures. According to the barrel theory, information security is essentially free of 100%, drip-proof protection, except that the weaknesses that may be attacked must be continuously strengthened and related accident prevention, response and handling mechanism is an important part of management measures.Therefore, this paper tried to start from the position of transnational enterprise and describe how to ensure legal compliance while the company need to follow different data protection laws in different jurisdiction, especially in East Asia and Europe. The countries include Japan, Taiwan, European and Thailand. This paper would direct readers to know the basic regulation and legal definition in the first part. In the second part, we would introduce the legal requirements for how to handling an event of personal data/information breach. In the third part, this paper would show you multiple data breach cases in the four countries and let you see how do other enterprises handle the crisis of data breach. Do all the incident responses comply to the applicable data protection law? How could a transnational enterprise handle the crisis legally to ensure compliance? This paper would provide advices to all the companies.