Computer-Processed Personal Data Protection Law scheduled to be amended to prohibit collection and exploitation of personal sensitive data

Source:Liberty Times 11/05/2001
Translated by Corrina Wu

　The Ministry of Justice made a study of the “Computer-Processed Personal Data Protection Law” and aimed at major amendments to laws.  The Ministry of Justice will enact laws to prohibit collection and exploitation of sensitive data which are likely to arise racial disputes and discrimination, such as personal belief, political background, health privacy and so on, even if such data are collected and exploited through legal channels.  Anyone violating the laws must bear civil, criminal and administrative liability.

　Additionally, the existing law also governs the eight lines of business including the telecommunication.  However, it is defective to categorize the governing scope according to the “line of business”.  Therefore, the Ministry of Justice considered categorizing the governing scope according to the “act” when undertaking amending the law.  That is, any act of collecting and exploiting personal data through computer processing will be governed by the “Computer-Processed Personal Data Protection Law”.

　Further, the existing law includes the information which is sufficient to be identified.  The “information which is sufficient to be identified” means the information which can be identified from data directly, such as names and addresses.  However, there are not any laws enacted for governing the data encryption exploited in processing of personal data.  The Ministry of Justice considered that the encrypted data can be identified indirectly by virtue of decryption.  Therefore, the Ministry of Justice is deliberating that such data should be also protected under the “Computer-Processed Personal Data Protection Law”.