| Legislative: |
1.Promulgated by the Ministry of Finance Decree No.1050001620A on June 1, 2016, setting forth the full text of 13 points.
2.Points 1, 9, and 13, and the title amended and promulgated by the Ministry of Finance Decree No.1060003488B on October 27, 2017 (original title: “Guidelines for the Ministry of Finance, Its Subordinate Agencies, and Municipal/County Tax Collection Offices
on the Use of Highway Supervision Information Management”).
3.Full text amended and promulgated by the Ministry of Finance Decree No.1140002294 on June 10, 2025. |
| Content: |
1. To facilitate tax collection and refund operations, the Ministry of Finance and its subordinate agencies, as well as local tax collection authorities (hereinafter collectively referred to as “the Agencies”), require access to highway supervision data
provided by the Highway Bureau, Ministry of Transportation and Communications. In order to ensure information security, prevent improper use or leakage of data, and safeguard personal privacy rights, these Regulations are hereby established.
2. Personnel of the Ministry and the Agencies engaged in taxation and refund operations may apply for system access to highway supervision data. Such access shall be granted only upon review and approval by the Financial Information Agency of the Ministry.
3. Pursuant to Article 30 of the Tax Collection Act, the Ministry and the Agencies may request highway supervision data from the Highway Bureau for the administration of vehicle license tax, individual income tax, business tax, and commodity tax.
4. When highway supervision data is used for the aforementioned tax operations and individuals raise concerns, the Ministry and the Agencies shall request verification from the competent authority of the data or require the individual to provide supporting
documentation for review.
5. In cases where individuals have doubts regarding data verification, the matter shall first be handled by the designated contact personnel of the Ministry or the Agencies. If concerns persist, the responsible officer at the Financial Information Agency shall
provide further assistance.
6. Personnel utilizing highway supervision data shall comply with these Regulations and relevant laws, properly manage and utilize the data, and cooperate with audit procedures.
7. Account and Access Management for Business Systems:
(1) System administrators or users of the Ministry and the Agencies shall complete an account application form, which must be approved and signed by the unit supervisor
(2) System administrators shall assign layered access rights, query scopes, and permissions to users.
(3) System administrators shall conduct account and access reviews at least once annually and retain audit records for five years.
8. Division of Responsibilities and Internal Audits for Data Security:
(1) Agencies:
a. Conduct at least two self-audits annually. An audit team shall be formed (existing audit units may suffice) to perform random inspections of 2% of users, up to 500 records; if fewer than 10 records exist, all shall be inspected. Compliance with relevant
laws shall be documented and retained for five years. The prevention of data leakage and misuse shall be handled in accordance with Article 12.
b. May include such audits in annual internal audit plans.
(2) Financial Information Agency:
a. Manage the security of system connections, equipment, and networks.
b. Maintain and operate relevant servers.
c. Prevent data leakage and misuse in accordance with Article 12.
d. Conduct annual inspections of personal data and information security practices at local tax collection authorities.
9. Information Security Management Requirements:
(1) Data Management:
a. Restrict access to data query and storage areas to authorized personnel only.
b. Apply confidentiality measures to data queries, outputs, and transmissions.
c. Use network management tools to block unnecessary connections; prohibit direct internet access; disable USB and serial ports to prevent data leakage or virus intrusion.
d. Disable system access upon expiration of approved query period.
(2) User Management:
a. Complete account application forms with supervisor approval.
b. Use personal digital certificates for login; follow certificate management rules for login failures. Accounts shall not be shared or used by others.
c. Immediately revoke access upon job transfer, resignation, or retirement.
(3) Connected Equipment Management:
Enable screen lock passwords; log out when leaving; shut down systems daily after work.
(4) Data Usage Management:
a. Retain query logs for five years.
b. Prohibit unauthorized copying.
c. Restrict access to authorized personnel only.
d. Encrypt data before transmission via email.
e. Apply appropriate security measures during data transmission and processing.
(5) Data Destruction:
a. Destroy paper and delete electronic files after business completion if retention is unnecessary.
b. Delete files from systems or devices upon supervisor approval.
c. De-magnetize or destroy portable media upon supervisor approval.
10. During audits conducted by the Highway Bureau, the Financial Information Center shall provide relevant data. Agencies and users shall cooperate accordingly.
11. If highway supervision data obtained from the Highway Bureau is misused and violates the Personal Data Protection Act, the responsible agency shall be held accountable in accordance with Article 12.
12. Users shall properly safeguard and utilize the data. Violations shall be subject to disciplinary and legal liability:
(1) Misuse resulting in harm to individuals shall be handled under the Personal Data Protection Act, State Compensation Law, Tax Collection Act, or other applicable laws.
(2) Intentional violations for profit or illegal gain, including unauthorized export, interference, alteration, or deletion of personal data, shall be prosecuted.
(3) Administrative responsibility lies with the supervising agency; criminal liability shall be referred to judicial authorities.
13. When personnel or supervisors responsible for highway data linkage change, the Ministry shall notify the Ministry of Transportation and the Highway Bureau in writing. |