Since the Personal Information Protection Act (2010.05.26 Amended, herein after referred as “the Act”) was enacted in 2010, there has been universal doubt among the government agency and non-government agency concerning the expansion of protection object, universally applicable subject, the strict control of the collection, processing and use of personal information, as well as the newly added grand civil liability for compensation and the aggregated punishment for its violation. They were so afraid of breaking the Act that some hypercorrection measures were often taken. It was thus deemed the most stringent personal information protection act around the world by some experts in the legal profession
The Act, as a whole, applied to all industries regardless of the specific characteristics of each industry and the differences in collection, processing and use with certain purposes and storage of personal information, and had once given rise to panic among various industries. No industry dared not to keep a wary eye on the Act, while the financial insurance industry, holding colossal personal information, bore the brunt of it. Since the formal enforcement of the Act in October 1, 2012, there has been a prevalence of doubts on its practical application, particularly in non-life insurance industry since most of the contract terms were one year. However, the contractual obligation was far more than this. For example, there were requests proposed by related parties to insurance companies to delete their personal information, though being rejected after audit by the companies, it was still uncertain how insurance companies should cope with such kind of requests in the future.
Along with the enforcement of the Act and the headlines of personal information incidents appearing on newspapers, the public began to emphasize their rights as specified in the Act, and reexamine the situation in which their information was collected, processed, and used. With regard to the potential challenges in the non-life insurance industry, it is advisable that business owners or competent authorities stipulate a response solution as soon as possible. The latter party should ponder over whether the relevant acts should be amended or not, aside from the former party’s monitoring of the practical application. The collection, processing, and use of personal information cannot be standardized and the Act shall not be implemented in earnest before the current ill-fittingness between practical application and the Act is eliminated and the harmony between them is achieved. Then, the personality rights will be free from encroachment, and the legislative purpose of rational use of personal information can be reached.
Hence, this article, focusing on the property insurance industry, proposed the major problems which may be confronted during practical application in terms of handling requests from customers to delete personal information without violating relevant laws while ensuring both customers’ contractual rights and benefits, and discussed feasible amendments or solutions for the said Act.