Economic Aspect

Cybersecurity and Privacy Protection

Issue Date:2019/05/30

Cybersecurity and Privacy Protection

In response to emerging technology such as 5G applications, AIOT and big Data, as well as hacking attacks continue to be more sophisticated, Chunghwa Telecom continues research on related risk protection countermeasures. We also simultaneous collaboration of national ISAC and international CERT organization for joint incident notification and defense responses, to promote the development of emerging businesses and provide a secure and reliable digital environment for our customers.
Our Information Security Management System aligned with domestic & international standards and regulations, not only adapted years of practical experience in security operation and controls, but also integrated with the risk and business continuous management system into daily operation.
There is no major cybersecurity breach or privacy data leakage resulting in penalties are found by the competent authorities in recent years.

 

Organization and Responsibilities

Chunghwa Telecom's senior executive vice president of business serves as the Chief Information Security Officer, or CISO, and Data Protection Officer, or DPO, with Cyber Security Department as the designated unit, in order to align regulations with technology advancement for new business development, coordinate the overall corporate cybersecurity policy, enact and amend required security specifications, utilize equipment for centralized security monitor and defense, mitigate enterprise security risks, accelerate new business development, provide all customers secure and reliable digital ecosystem

Cybersecurity and Privacy Protection Risk Management Mechanisms

In order to ensure full security of Chunghwa Telecom's Critical Infrastructure, or CI, and Critical Information Infrastructure, or CII, Chunghwa Telecom references NIST Cybersecurity Framework, or CSF, as well as domestic and international standards and regulations (including Legislative Yuan's Cyber Security Management Act, Legal Department's Personal Information Protection Act, General Data Protection Regulation, or GDPR,  BS10012, ISO27001, ISO27011, etc.) Chunghwa Telecom established "Cybersecurity and Privacy Protection Risk Management Framework" as shown as below.

Chunghwa Telecom’s Risk Management Committee tracks and manages cybersecurity and privacy protection risk control issues on monthly basis. When the risk is greater than the risk appetite, or where there is a major crisis, the Risk Management Committee Convener to report to the Audit Committee, and if necessary, report to the Board of Directors accordingly. 
Chunghwa Telecom complies rigorous with the Personal Information Protection Act with respect to the collection, processing, and use of personal information and guarantees the best security and protection of personal information using our meticulously designed management system. To ensure that personal information is processed fairly and lawfully and in a transparent manner, we conduct relevant measures as
Rigorous Privacy Protection" document.

 

For more information please go to our website

"Cybersecurity and privacy protection risk management framework" and countermeasures, please refer to the 2018 Annual Report of Chunghwa Telecom p.126-129.

Risk Management” of Chunghwa Telecom