The occurrence of cybersecurity incidents is often accompanied by the risk of data leakage. Especially when PII (personally identifiable information) is breached, it will cause economic cost and reputational damage to the company. The purpose of collecting PII is to provide products, services and commercial value-added services. Enterprises are obliged to maintain the security of the PII process system. Data security strategy include organizational management and technical control countermeasures. This speech explains the key points of data security governance, interprets them based on relevant legal compliance and ISO standards, and compares recent information security or data breach incidents with cases to provide specific suggestions.

Privacy-enhancing technologies (PETs) are technologies that embody the fundamental principles of data protection by minimizing personal data use, maximizing data security, and enhancing individual agency. PETs protect the privacy of personal information of users authorized by services or applications. They employ techniques to minimize the possession of personal data by information systems without losing functionality. However, there is no unified definition of PETs to quantify privacy since the objectives and scenarios depend on practical applications. In this lecture, we start from the motivation for privacy, illustrate why PETs are necessary through real-life events, and then introduce an overview of existing privacy solution technologies, including federated learning, secure multi-party computation, homomorphic encryption, differential privacy, and zero-knowledge proofs, among others.

This speech will be an discussion of the latest Taiwan General Data Protection Regulation, which was amended by the Legislative Yuan at the end of May 2023, especially the amendments of Article 48, Items 2 and 3, and how these changes have brought unprecedented challenges and opportunities to enterprise information security. Under the new regulations, if an enterprise fails to take appropriate technical and organisational measures, or formulate a personal data file security maintenance plan or a personal data processing method after business termination, it will face a heavy penalty of up to NT$15 million if the circumstances are serious. This not only enhances the importance of security, but also emphasizes the need for rapid adaptation and prevention.