The human resources recruitment industry shall have dedicated staff or establish a dedicated organization to be responsible for personal information file security maintenance and administration and shall allocate commensurate resources.
The duties of the dedicated person or organization under the previous paragraph are as follows:
1.Establish personal information protection administration principles and make public announcements about the basis and specific purpose of its collection, processing and use of personal information and other protection related matters for the understanding of their staff.
2.Plan, establish, amend and execute the Plan.
3.Regularly provide basic knowledge promotion and professional educational training for their affiliated staff for them to understand the applicable legislations of personal information protection, the scope of responsibilities, administration measures and methods.

Personal information protection administration principles established by the human resources recruitment industry shall include the following:
1.Compliance with personal information protection related legislation.
2.Reasonable and safe method for the collection, processing and use of personal information within the scope of specific purpose.
3.Techniques of reasonable security standards for the protection of personal information files that are collected, processed and used.
4.Contact the personnel for the exercise of personal information related rights by owners of information or for whom relevant complaints and consultations may be filed.
5.Emergency response procedure for handling events of theft, alteration, damage, loss or disclosure of personal information.
6.Mechanism for the supervision of subcontractors for the collection, processing and use of personal information.
7.Mechanism to ensure the security of personal information files and to maintain the operation of the Plan.

The human resources recruitment industry shall verify personal information they hold in accordance with personal information protection related legislation, define the scope included in the Plan, establish files and regularly verify whether there are any changes.

The human resources recruitment industry shall analyze the risks that may arise out of the collection, processing and use in accordance with the scope defined under the previous paragraph and establish proper control measures based on the results of such analysis.

The human resources recruitment industry shall establish the following mechanisms in response to any event of theft, alteration, damage, loss or disclosure of personal information:
1. Adopt proper response measures to control the damage to the owners of the information created by the event.
2. Verity the situation of the event, inform the owner in a proper manner, including corresponding measures that have been adopted.
3. Review the prevention mechanism to prevent reoccurrence of a similar event.
When the incidents under the preceding paragraph occur, the human resources recruitment industry shall fill up the Notification Record sheet (as attached), and notify the municipal city government(s), or the county/city government(s) where the incident occurred and notify the Central Competent Authority. After the Central Competent Authority or the municipal city government(s), or the county/city government(s) received the notifications, with the power granted in Article 22 to Article 25 of this regulation, the mentioned authority is entitled to take appropriate supervisory and management measures.

• Attached Form：Human ResourcesRecruitment Industry Notification Record Form.pdf