慟!!實聯制?!我們交出去的個資跑到哪裡去了no?
2021.05.15 After the press conference of the Executive Yuan announced 180 confirmed cases in a single day, Taiwan is once again facing the challenge of a serious epidemic after the upgrading of the epidemic alert level 3 in both northern provinces. In order to ensure that indoor gatherings and the movements of multiple people can be tracked by the epidemic, people entering supermarkets, restaurants, and other establishments are required to register with a real name. Stores were required to provide a list of visitors when the government conducted an investigation. At this time, the government, private software companies and developers have put a lot of effort into creating various real-name systems to help small and medium-sized stores and businesses that cannot afford to develop and manage their own systems to speed up the efficiency and get rid of paper-based real-name control. Some systems only help stores to use existing online forms to maintain real-name registration lists, while others develop new systems on their own.
However, the real-link system collects a list of names that can be contacted by visitors in accordance with the regulations and excludes the situation where visitors do not fill in real information. Therefore, these real-link systems will be the best target for attackers who want to collect personal information. We will compile several common designs of ILS and introduce the possible locations of threats, bringing in real-life examples of vulnerabilities and extended information security issues. A vulnerability in an ILS system may pose a risk to the personal information left on the system, leading to a personal data breach. In this paper, we will analyze the relationship between the Inline system guidelines and personal information law by combining the system design and data flow, and then clarify the different situations faced by the law in the event of a data security incident in the Inline system, and discuss the allocation of responsibilities and handling methods for data collectors and system developers in the event of a personal information breach in the Inline system. Finally, through the introduction of domestic and international cases, we can understand how to protect our rights in the event of a personal information breach.
Outline
- The epidemic and the real-link system
- Internet and self-developed systems
- Commonly used Inline system design
- Similar implementation systems in foreign countries
- The vulnerability of the real-life case of ILS (Taiwan)
- Alternative attack methods of SMS - the mountain does not change the road
- How fragrant is the ILS to attackers?
- Inline System and Personal Information
- The main body of personal data collection in ILS
- The purpose of collecting personal data in the Inline system
- Data flow of personal data in Inline system
- Illegal use of personal data for other purposes v. s. Illegal use of personal data for other purposes
- The rules and examples of personal information infringement
- How to protect the rights of the public to protect their personal information