| Content: |
I. Purpose
1. When the Ministry of Finance (hereinafter “the MOF”) established the “Fiscal Information Agency Personal Data File,” it did not have complete personal data including National ID number (hereinafter “IDN”), resulting in incomplete information. To comprehensively
review IDN related data in the “Fiscal Information Agency Personal Data File,” the MOF applied to the Ministry of the Interior (hereinafter “the MOI”) for IDNs and birth dates of first-degree relatives of each person (hereinafter “the MOI Kinsfolk Relation
Record”).
2. The MOF compares data of the “Fiscal Information Agency Personal Data File” with IDNs and birth dates of the MOI Kinsfolk Relation Record. When matches are found, the MOI Kinsfolk Relation Record will be integrated into the “Fiscal Information Agency Personal
Data File.” Online inquiries by the agencies under the MOF and local tax collection agencies generate the “Fiscal Information Agency Kinsfolk Relation Record” (hereinafter “the MOF Kinsfolk Relation Record”). Any subsequent changes to the relevant data will
be managed, maintained, and updated by the MOF.
3. To regulate the proper use of the MOF Kinsfolk Relation Record by agencies under the MOF and local tax collection agencies, these Regulations are established to implement and maintain information security, prevent improper use or leakage of data, and protect
personal privacy rights.
II. Applicable agencies and scope of operations
1. Applicable agencies
For the purposes of tax audits and tax collection, the MOF’s Taxation Administration, Fiscal Information Agency, Customs Administration, National Taxation Bureaus, and local tax collection agencies (hereinafter “the tax collection agencies”) are granted access
to the MOF Kinship Relation Record in accordance with relevant regulations and within the scope of their business applications.
2. Regulatory basis (see attached table)
(1) Articles 19 and 30 of the Tax Collection Act.
(2) Articles 4-5, 15, and 17 of the Income Tax Act.
(3) Articles 5, 6, 15, 17, 20, 23, and 24 of the Estate and Gift Tax Act.
(4) Articles 3 and 4 of the Regulations Governing Assessment of Profit-Seeking Enterprise Income Tax on Non-Arm’s-Length Transfer Pricing or Article 3 of the Regulations Governing Assessment of Interest Expenditure on the Debts Owed by a Profit-seeking Enterprise
to a Related Party in Accordance with the Condition that the Related Payments Shall Not be Considered as Expenses or Losses.
(5) Article 12-5 of the Commodity Tax Act.
(6) Articles 17, 34, and 34-1 of the Land Tax Act.
(7) Articles 8 and 9 of the Enforcement Rules of the Land Tax Act.
(8) Subparagraph 1 of Paragraph 1 and Paragraph 2, Article 5 of the House Tax Act.
(9) Subparagraph 8, Paragraph 1, Article 7 of the Vehicle License Tax Act.
(10)Paragraph 2, Article 3 of the Temporary Act on the Allocation of Fines.
3. Scope of application
The MOF Kinsfolk Relation Record is provided for online queries related to tax audits, tax collection for various taxes, including income tax, estate and gift tax, profit-seeking enterprise income tax, commodity tax, land tax, house tax, and vehicle license
tax, and the issuance of financial penalties and rewards.
III. User management
1. User application procedures and access permissions management
(1)The addition or modification of account permissions must be requested and approved by the responsible authority before permissions are granted. Both paper application forms (or digital application files for online requests) and computer records should be
retained.
(2)When applying for the addition or modification of account permissions, individuals are responsible for maintaining the confidentiality of the personal data they handle. This responsibility and obligation continue even in cases of job changes or resignation.
(3)The allocation of account permissions must be obtained through an authorization process and handled in accordance with the relevant provisions set forth in the “Access Control Management Guidelines” established by the Fiscal Information Agency (see Annex
1).
(4)When a user resigns, leaves, or is transferred due to administrative adjustments or job changes, the account modification procedure must be carried out, and account usage records shall be retained for five years.
(5)In the event of an administrative position change, the process for modifying account permissions shall be completed prior to the transition. The newly assigned administrator is required to disable the outgoing administrator’s account permissions and establish
his/her own account permissions either on or before the date his/her assumes responsibility for the role.
2.The Fiscal Information Agency (FIA) is responsible for coordinating the application and security maintenance of the Kinship Relation Record. In cases of violations of these Regulations, the FIA will investigate and address the issue.
3.Each applicable agency shall properly protect and manage the Kinship Relation Record and cooperate with the MOF or the MOI in audit activities.
IV. Data security control operations
1. Division of responsibilities in information security management
The management units are the MOF’s FIA, Customs Administration, Taxation Administration, and the tax collection agencies. Their responsibilities are divided as follows:
(1)The FIA
a.The highest-level system administrator for the Kinship Relation Record; responsible for coordinating system planning and handling related application matters.
b.Manage security of connected operating systems, equipment, and networks.
c.Manage operations and maintenance for relevant servers.
d.Designate dedicated personnel responsible for the management, inquiry, and preservation of the Kinsfolk Relation Record.
e.Supervise the review of connection application permissions and the management of account lists for administrators of the MOF’s Customs Administration, Taxation Administration, and the tax collection agencies.
f.Supervise (and assess) the proper use of the Kinsfolk Relation Record by user units.
g.Fulfill responsibilities to prevent improper use and leakage of the Kinsfolk Relation Record.
(2) Customs Administration, Taxation Administration, and the tax collection agencies
a.Manage security of connected operating systems, equipment, and networks.
b.Operate and manage maintenance of relevant servers.
c.Conduct regular information security training to enhance awareness of personal data protection and prevent improper use and leakage of the Kinsfolk Relation Record.
d. Customs Administration is managed by the Customs Information Group; Taxation Administration is managed by the Audit Group; and the tax collection agencies have dedicated personnel from the IT (electronic operations) unit responsible for managing permissions
for the MOF Kinsfolk Relation Record.
e.The ethics (audit) unit shall conduct irregular audits to ensure that user units properly use the MOF Kinsfolk Relation Record.
(3)User unit
User units shall diligently fulfill their responsibilities for protecting and safeguarding the Kinsfolk Relation Record, preventing improper use and leakage of the data.
2. Inquiry management of the MOF Kinsfolk Relation Record
(1)Unrelated personnel is strictly prohibited from accessing the data inquiry and storage areas.
(2)Authorized access to the MOF Kinsfolk Relation Record is solely for the purposes of inquiry and verification. Access to non-responsible personnel shall be prohibited to prevent viewing, extraction, or destruction.
(3)When querying data, the system shall record detailed logs including the inquierer’s account, the inquierer’s unit, the inquierer’s name, the query date, the query time, the operation code, the query conditions for the subject, the subject’s IDN and name,
the query case number, and the reason for the query. These logs shall be retained for five years.
(4)After completing a query of the MOF Kinsfolk Relation Record, if there is a need for case consolidation or attachment, printed copies shall be properly stored in accordance with relevant archival laws. If there is no need to retain electronic files, they
shall be deleted immediately.
(5)Queries of the MOF Kinsfolk Relation Record exceeding thirty minutes shall be automatically logged out by the system.
3. Management of the MOI Kinsfolk Relation Record
(1)When acquiring kinship data files from the MOI in batches via magnetic media exchange, it shall be handled by dedicated personnel from the Information and Communication Division of the FIA, and the integrity of the data shall be verified.
(2)The management unit shall set access permissions and approval periods for the use of data. Those who wish to use the data must obtain approval through an application process and may only use it within the approved scope.
(3)Data from the MOI Kinsfolk Relation Record must not be copied arbitrarily. If there is a business need to duplicate the data, it must be approved through an application process before copying. Appropriate confidentiality measures shall be taken during data
transmission.
(4)When personnel changes occur, the relevant written documents for the MOI Kinsfolk Relation Record shall be cataloged and transferred.
4. Management of connected computer equipment
Computers used for data transcription, online access, or querying of the MOF Kinsfolk Relation Record shall have screen savers and passwords set up. Users shall log out of the environment when leaving and ensure that computers are properly shut down before
leaving work each day.
5. Data destruction procedures
(1)For online inquiries obtaining the MOF Kinsfolk Relation Record, a designated person or the system shall regularly delete the data to prevent unauthorized access.
(2)After completing online inquiries for the MOF Kinsfolk Relation Record, any disposable paper documents should be destroyed beyond recognition, and electronic files should be deleted immediately if retention is not necessary.
(3)After completing online inquiries, data from the MOF Kinsfolk Relation Record stored on computer equipment shall be deleted once usage is complete and it is confirmed that retention is unnecessary. Additionally, verification shall be performed to ensure
that data from the MOF Kinsfolk Relation Record have been deleted
(4)Within two months after completing the comparison and transcription of the MOI Kinsfolk Relation Record, the FIA shall perform data erasure or destruction and notify the Ministry of the Interior.
6.The MOI Kinsfolk Relation Record is solely for the purpose of comparing and transferring to the database of the MOF Kinsfolk Relation Record and are not provided for queries by other users.
7.The use of the Kinsfolk Relation Record shall be conducted in accordance with relevant laws and regulations, including the Classified National Security Information Protection Act, the Personal Data Protection Act, the Tax Collection Act, the Information Security
Management Guidelines of the Ministry of Finance and Affiliated Agencies (Institutions), and these Regulations. In cases of abnormal usage, the data-utilizing agency shall immediately coordinate with the ethics (audit) unit and the IT (electronic operations)
unit to conduct a joint investigation. The investigation results shall be reported to the head of the agency and dealt with in accordance with the law.
V. Regular inspections and audits
1. Regular review
(1)The matching and transcription of the MOI Kinsfolk Relation Record shall adhere to the relevant provisions in the “On-Site Operation Management Guidelines for Tax Systems of the Fiscal Information Agency, Ministry of Finance” (see Annex 2).
(2)The FIA, including the National Taxes Division, the Local Taxes and Taxation Division, and the Information and Communication Division, shall verify the correctness of the format and number of records in the comparison and transfer of the MOI Kinsfolk Relation
Record.
(3)During the period of querying the MOI Kinsfolk Relation Record, inspections shall be conducted at least once a month, with a sampling rate of no less than 70% of the total queries for that month. Each monthly inspection shall include no fewer than ten records,
and if the total number of queries is fewer than ten, a complete inspection shall be performed. The results of these inspections must be retained for at least three years for future reference. If any abnormal usage is detected, actions shall be taken in accordance
with Subparagraph 7, Article 4 of these Regulations.
(4)During the period of querying the MOF Kinsfolk Relation Record, inspections shall be conducted at least once a month. The inspection rate for official correspondence, public applications, online declaration cases, public petitions, or system reports with
case numbers shall not be less than 2% of the total queries. For internal agency business inquiries without case numbers, the inspection rate shall not be less than 10% of the total queries. The total number of inspections each month shall not be fewer than
ten records; if the total queries are fewer than ten, a complete inspection shall be performed. The results of these inspections must be retained for at least three years for future reference. If any abnormal usage is detected, actions shall be taken in accordance
with Subparagraph 7, Article 4 of these Regulations.
2. Regular audit
(1) Customs Administration, the Taxation Administration, the tax collection agencies, and their affiliated personnel or audit teams shall conduct an internal audit of the records of the Kinsfolk Relation Record inquiries for each agency or unit at least once
every six months. Each agency shall also conduct at least one audit annually of its affiliated agencies and units. All audits must be documented and retained for at least three years for future reference.
(2)The FIA must conduct an audit of the Kinsfolk Relation Record at least once a year, and shall prepare an audit record that must be retained for at least three years for future reference. The results of the audit shall be included in the annual evaluation
of the MOF’s tax collection operations, and may be submitted to the audited agency for reference and improvement as needed .
(3)The user units shall cooperate with the audit and shall not evade, obstruct, or refuse it.
(4)When the Department of Household Registration, Ministry of the Interior conducts audit operations, both the management units and the user units shall cooperate by providing data and related audit information, and complete any required improvements as requested.
VI. Relevant legal responsibilities
1. The MOF shall securely manage and conduct matching and transcription operations for the MOI Kinsfolk Relation Record. Should there be any violation of the Personal Data Protection Act resulting in harm to individuals’ rights, intent to profit from the data,
unjustified leakage of personal data, or other illegal or serious misconduct, the MOF shall bear full responsibility. Additionally, the MOF will identify accountability, assume civil liability for damages, and criminal liability under the Personal Data Protection
Act. The relevant agency shall handle administrative sanctions as prescribed and assume liability for compensation under Article 28 of the Personal Data Protection Act and national compensation responsibility under Article 31.
2. In cases where the management unit and its personnel, or the user unit and its personnel, misuse the MOF Kinsfolk Relation Record resulting in harm to individuals’ rights, leading to disputes or litigation, the MOF, the management unit and its personnel,
or the user unit and its personnel shall be responsible in accordance with the Personal Data Protection Act and the State Compensation Law, as well as other relevant regulations.
3. In cases where the management unit and its personnel, or the user unit and its personnel, incur administrative liability, the respective agency shall handle the matter through administrative proceedings. If criminal liability is involved, the case should
be referred to the judicial authorities for processing.
VII. The MOF Kinsfolk Relation Record is provided for reference only. Agencies using the data are responsible for verifying and confirming it according to their authority and responsibilities, and the data-providing agency shall not be
held liable. In cases where discrepancies such as differences in data timing, administrative boundary adjustments, address reorganization, duplicate IDNs, errors or omissions in household registration data lead to doubts about kinship relations, agencies should
directly request the kinship data from the household registration office as the basis for verification.
VIII. Related documents
Matters not covered by these Regulations shall be handled in accordance with the following regulations: the “Regulations on the Application for the Provision of Household Registration and Kinship Data” promulgated by the MOI, the “Guidelines for the Preparation
of User Administrative Data Management Regulations for each Agency” and the “Regulations on the Management of Household Registration Information Used by the Ministry of Finance and Its Affiliated Agencies and Local Tax Collection Agencies” (see Annex 3) and
the “Information Security Policy” (see Annex 4) formulated by the FIA. |