Product Responsibility and Personal Data Protection
Taipower sets electricity tariffs in accordance with government regulations and manages customer information in compliance with the Personal Data Protection and Electricity Acts. The Company conducts annual reviews of personal data files, examining the necessity of each data field to ensure appropriate protection of personal information. Confidentiality mechanisms are in place for customer information, and identity verification is required for electricity data inquiries. Key databases are monitored in real time through audit systems. Abnormal records are reviewed monthly, and all inspections in 2024 were normal with no violations found.
Information and Communication Security Risk Management Framework
Taipower has established an information and communication security risk management framework that covers both company-level and department-level risk management. In line with the Company's risk management policy, the framework includes risk identification, assessment, control, and monitoring to mitigate the impact of information security risks on operations and to support sustainable development. Taipower's information security policy is based on the ISO/ IEC 27001 international standard and covers areas such as system inventory, risk assessment, vendor management, and incident reporting.
In accordance with internal policies, Taipower implements the following information security management measures:
- Personnel security management and training
- Vendor relationship security management
- Information security incident management
- Information asset security management
- Network security management
- System access control
- Business continuity planning
Personal Data Protection Measures
