Research on Taiwan’s Policies of Innovative Industry Development in Recent Years (2015-2016)

The Tax Benefit of “Act for Establishment and Administration of Science Parks” and the Relational Norms for Innovation 　　“Act for Establishment and Administration of Science Parks” was promulgated in 1979, and was amended entirely in May 15, 2018, announced in June 6. The title was revised from “Act for Establishment and Administration of Science ‘Industrial’ Parks” to “Act for Establishment and Administration of Science Parks” (it would be called “the Act” in this article). It was a significant transition from traditional manufacture into technological innovation. 　　For encouraging different innovative technology enter into the science park, there is tax benefit in the Act. When the park enterprises import machines, equipment, material and so on from foreign country, the import duties, commodity tax, and business tax shall be exempted; moreover, when the park enterprises export products and services, it will have given favorable business and commodity tax free.[1] Furthermore, the park bureaus also exempt collection of land rent.[2] If they have approval for importing or exporting products, they do not need to apply for permission.[3] In the sub-law, there is also regulations of bonding operation.[4] To sum up, for applying the benefit of the act, enterprises approved for establishment in science parks still require to manufacture products. Such regulations are confined to industrial industry. Innovative companies dedicate in software, big data, or customer service, rarely gain benefits from taxation. 　　In other norms,[5] there are also tax deduction or exemption for developing innovative industries. Based on promoting innovation, the enterprises following the laws of environmental protection, laborers’ safety, food safety and sanitation,[6] or investing in brand-new smart machines for their own utilize,[7] or licensing their intellectual property rights,[8] can deduct from its taxable income. In addition, the research creators from academic or research institutions,[9] or employee,[10] can declare deferral of the income tax payable for the shares distributed. In order to assist new invested innovative enterprises,[11] there are also relational benefit of tax. For upgrading the biotech and new pharmaceuticals enterprises, when they invest in human resource training, research and development, they can have deductible corporate income tax payable.[12] There is also tax favored benefits for small and medium enterprises in using of land, experiment of research, technology stocks, retaining of surplus, and additional employees hiring.[13] The present norms of tax are not only limiting in space or products but also encouraging in “research”. In other word, in each steps of the research of innovation, the enterprises still need to manufacture products from their own technology, fund and human resources. If the government could encourage open innovation with favored taxation, it would strengthen the capability of research and development for innovative enterprises. 　　Supporting the innovation by taxation, the government can achieve the goal of scientific development more quickly and encourage them accepting guidance. “New York State Business Incubator and Innovation Hot Spot Support Act” can be an example, [14]the innovative enterprises accepting the guidance from incubators will have the benefit of tax on “personal income”, “sales and use” and “corporation franchise”. Moreover, focusing on key industries and exemplary cases, there are also the norms of tax exemption and tax abatement in China for promoting the development of technology.[15]The benefit of tax is not only in research but also in “the process of research”. 　　To sum up, the government of Taiwan provides the benefit of tax for advancing the competition of outcomes in market, and for propelling the development of innovation. In order to accelerate the efficiency of scientific research, the government could draw lessons from America and China for enacting the norms about the benefit of tax and the constitution of guidance. [1] The Act §23. [2] Id. §24. [3] Id. §25. [4] Regulations Governing the Bonding Operations in Science Parks. [5] Such as Act for Development of Small and Medium Enterprises, Statute for Industrial Innovation, Act for the Development of Biotech and New Pharmaceuticals Industry. [6] Statute for Industrial Innovation §10. [7] Id. §10-1. [8] Id. §12-1. [9] Id. §12-2. [10] Id. §19-1. [11] Id. §23-1, §23-2, §23-3. [12] Act for the Development of Biotech and New Pharmaceuticals Industry §5, §6, §7. [13] Act for Development of Small and Medium Enterprises Chapter 4: §33 to §36-3. [14] New York State Department of Taxation and Finance Taxpayer Guidance Division, New York State Business Incubator and Innovation Hot Spot Support Act, Technical Memorandum TSB-M-14(1)C, (1)I, (2)S, at 1-6 (March 7, 2014), URL：http://www.wnyincubators.com/content/Innovation%20Hot%20Spot%20Technical%20Memorandum.pdf (last visited：December 18, 2019). [15] Enterprise Income Tax Law of the People’s Republic of China Chapter 4 “Preferential Tax Treatments”: §25 to §36 (2008 revised).

Impact of Government Organizational Reform to Scientific Research Legal System and Response Thereto (1) – For Example, The Finnish Innovation Fund (“SITRA”) I. Foreword 　　We hereby aim to analyze and research the role played by The Finnish Innovation Fund (“Sitra”) in boosting the national innovation ability and propose the characteristics of its organization and operation which may afford to facilitate the deliberation on Taiwan’s legal system. Sitra is an independent organization which is used to reporting to the Finnish Parliament directly, dedicated to funding activities to boost sustainable development as its ultimate goal and oriented toward the needs for social change. As of 2004, it promoted the fixed-term program. Until 2012, it, in turn, primarily engaged in 3-year program for ecological sustainable development and enhancement of society in 2012. The former aimed at the sustainable use of natural resources to develop new structures and business models and to boost the development of a bioeconomy and low-carbon society, while the latter aimed to create a more well-being-oriented public administrative environment to upgrade various public sectors’ leadership and decision-making ability to introduce nationals’ opinion to policies and the potential of building new business models and venture capital businesses[1]. II. Standing and Operating Instrument of Sitra 1. Sitra Standing in Boosting of Finnish Innovation Policies (1) Positive Impact from Support of Innovation R&D Activities by Public Sector 　　Utilization of public sector’s resources to facilitate and boost industrial innovation R&D ability is commonly applied in various countries in the world. Notwithstanding, the impact of the public sector’s investment of resources produced to the technical R&D and the entire society remains explorable[2]. Most studies still indicate positive impact, primarily as a result of the market failure. Some studies indicate that the impact of the public sector’s investment of resources may be observable at least from several points of view, including: 1. The direct output of the investment per se and the corresponding R&D investment potentially derived from investees; 2. R&D of outputs derived from the R&D investment, e.g., products, services and production methods, etc.; 3. direct impact derived from the R&D scope, e.g., development of a new business, or new business and service models, etc.; 4. impact to national and social economies, e.g., change of industrial structures and improvement of employment environment, etc. Most studies indicate that from the various points of view, the investment by public sector all produced positive impacts and, therefore, such investment is needed definitely[3]. The public sector may invest in R&D in diversified manners. Sitra invests in the “market” as an investor of corporate venture investment market, which plays a role different from the Finnish Funding Agency for Technology and Innovation (“Tekes”), which is more like a governmental subsidizer. Nevertheless, Finland’s characteristics reside in the combination of multiple funding and promotion models. Above all, due to the different behavior model, the role played by the former is also held different from those played by the general public sectors. This is why we choose the former as the subject to be studied herein. Data source: Jari Hyvärinen & Anna-Maija Rautiainen, Measuring additionality and systemic impacts of public research and development funding – the case of TEKES, FINLAND, RESEARCH EVALUATION, 16(3), 205, 206 (2007). Fig. 1　Phased Efforts of Resources Invested in R&D by Public Sector (2) Two Sided f Role Played by Sitra in Boosting of Finnish Innovation Policies 　　Sitra has a very special position in Finland’s national innovation policies, as it not only helps successful implementation of the innovation policies but also acts an intermediary among the relevant entities. Sitra was founded in 1967 under supervision of the Bank of Finland before 1991, but was transformed into an independent foundation under the direction of the Finnish Parliament[4]. 　　Though Sitra is a public foundation, its operation will not be intervened or restricted by the government. Sitra may initiate any innovation activities for its new organization or system, playing a role dedicated to funding technical R&D or promoting venture capital business. Meanwhile, Sitra also assumes some special function dedicated to decision-makers’ training and organizing decision-maker network to boost structural change. Therefore, Sitra may be identified as a special organization which may act flexibly and possess resources at the same time and, therefore, may initiate various innovation activities rapidly[5]. 　　Sitra is authorized to boost the development of innovation activities in said flexible and characteristic manner in accordance with the Finland Innovation Fund Act (Laki Suomen itsenäisyyden juhlarahastosta). According to the Act, Finland established Sitra in 1967 and Sitra was under supervision of Bank of Finland (Article 1). Sitra was established in order to boost the stable growth of Finland’s economy via the national instrument’s support of R&D and education or other development instruments (Article 2). The policies which Sitra may adopt include loaning or funding, guarantee, marketable securities, participation in cooperative programs, partnership or equity investment (Article 3). If necessary, Sitra may collect the title of real estate or corporate shares (Article 7). Data source: Finnish innovation system, Research.fi, http://www.research.fi/en/innovationsystem.html (last visited Mar. 15, 2013). Fig. 2　Finnish Scientific Research Organization Chart 　　Sitra's innovation role has been evolved through two changes. Specifically, Sitra was primarily dedicated to funding technical R&D among the public sectors in Finland, and the funding model applied by Sitra prior to the changes initiated the technical R&D promotion by Tekes, which was established in 1983. The first change of Sitra took place in 1987. After that, Sitra turned to focus on the business development and venture capital invested in technology business and led the venture capital investment. Meanwhile, it became a partner of private investment funds and thereby boosted the growth of venture capital investments in Finland in 1990. In 2000, the second change of Sitra took place and Sitra’s organization orientation was changed again. It achieved the new goal for structural change step by step by boosting the experimental social innovation activities. Sitra believed that it should play the role contributing to procedural change and reducing systematic obstacles, e.g., various organizational or institutional deadlocks[6]. 　　Among the innovation policies boosted by the Finnish Government, the support of Start-Ups via governmental power has always been the most important one. Therefore, the Finnish Government is used to playing a positive role in the process of developing the venture capital investment market. In 1967, the Government established a venture capital company named Sponsor Oy with the support from Bank of Finland, and Sponsor Oy was privatized after 1983. Finland Government also established Kera Innovation Fund (now known as Finnvera[7]) in 1971, which was dedicated to boosting the booming of Start-Ups in Finland jointly with Finnish Industry Investment Ltd. (“FII”) established by the Government in 1994, and Sitra, so as to make the “innovation” become the main development force of the country[8] . 　　Sitra plays a very important role in the foundation and development of venture capital market in Finland and is critical to the Finnish Venture Capital Association established in 1990. After Bank of Finland was under supervision of Finnish Parliament in 1991, Sitra became on the most important venture capital investors. Now, a large portion of private venture capital funds are provided by Sitra[9]. Since Sitra launched the new strategic program in 2004, it has turned to apply smaller sized strategic programs when investing young innovation companies, some of which involved venture capital investment. The mapping of young innovation entrepreneurs and angel investors started as of 1996[10]. 　　In addition to being an important innovation R&D promoter in Finland, Sitra is also an excellent organization which is financially self-sufficient and tends to gain profit no less than that to be generated by a private enterprise. As an organization subordinated to the Finnish Parliament immediately, all of Sitra’s decisions are directly reported to the Parliament (public opinion). Chairman of Board, Board of Directors and supervisors of Sitra are all appointed by the Parliament directly[11]. Its working funds are generated from interest accruing from the Fund and investment income from the Fund, not tax revenue or budget prepared by the Government any longer. The total fund initially founded by Bank of Finland amounted to DEM100,000,000 (approximately EUR17,000,000), and was accumulated to DEM500,000,000 (approximately EUR84,000,000) from 1972 to 1992. After that, following the increase in market value, its nominal capital amounted to DEM1,400,000,000 (approximately EUR235,000,000) from 1993 to 2001. Obviously, Sitra generated high investment income. Until 2010, it has generated the investment income amounting to EUR697,000,000 . 　　In fact, Sitra’s concern about venture capital investment is identified as one of the important changes in Finland's national technical R&D polices after 1990[13]. Sitra is used to funding businesses in three manners, i.e., direct investment in domestic stock, investment in Finnish venture capital funds, and investment in international venture capital funds, primarily in four industries, technology, life science, regional cooperation and small-sized & medium-sized starts-up. Meanwhile, it also invests in venture capital funds for high-tech industries actively. In addition to innovation technology companies, technical service providers are also its invested subjects[14]. 2. “Investment” Instrument Applied by Sitra to Boost Innovation Business 　　The Starts-Up funding activity conducted by Sitra is named PreSeed Program, including INTRO investors’ mapping platform dedicated to mapping 450 angel investment funds and entrepreneurs, LIKSA engaged in working with Tekes to funding new companies no more than EUR40,000 for purchase of consultation services (a half thereof funded by Tekes, and the other half funded by Sitra in the form of loan convertible to shares), DIILI service[15] dedicated to providing entrepreneurs with professional sale consultation resources to integrate the innovation activity (product thereof) and the market to remedy the deficit in the new company’s ability to sell[16]. 　　The investment subjects are stated as following. Sitra has three investment subjects, namely, corporate investments, fund investments and project funding. (1) Corporate investment 　　Sitra will not “fund” enterprises directly or provide the enterprises with services without consideration (small-sized and medium-sized enterprises are aided by other competent authorities), but invest in the businesses which are held able to develop positive effects to the society, e.g., health promotion, social problem solutions, utilization of energy and effective utilization of natural resources. Notwithstanding, in order to seek fair rate of return, Sitra is dedicated to making the investment (in various enterprises) by its professional management and technology, products or competitiveness of services, and ranging from EUR300,000 to EUR1,000,000 to acquire 10-30% of the ownership of the enterprises, namely equity investment or convertible funding. Sitra requires its investees to value corporate social responsibility and actively participate in social activities. It usually holds the shares from 4 years to 10 years, during which period it will participate the corporate operation actively (e.g., appointment of directors)[17]. (2) Fund investments 　　For fund investments[18], Sitra invests in more than 50 venture capital funds[19]. It invests in domestic venture capital fund market to promote the development of the market and help starts-up seek funding and create new business models, such as public-private partnerships. It invests in international venture capital funds to enhance the networking and solicit international funding, which may help Finnish enterprises access international trend information and adapt to the international market. (3) Project funding 　　For project funding, Sitra provides the on-site information survey (supply of information and view critical to the program), analysis of business activities (analysis of future challenges and opportunities) and research & drafting of strategies (collection and integration of professional information and talents to help decision making), and commissioning of the program (to test new operating model by commissioning to deal with the challenge from social changes). Notwithstanding, please note that Sitra does not invest in academic study programs, research papers or business R&D programs[20]. (4) DIILI Investment Model Integrated With Investment Absorption 　　A Start-Up usually will not lack technologies (usually, it starts business by virtue of some advanced technology) or foresighted philosophy when it is founded initially, while it often lacks the key to success, the marketing ability. Sitra DIILI is dedicated to providing the professional international marketing service to help starts-up gain profit successfully. Owing to the fact that starts-up are usually founded by R&D personnel or research-oriented technicians, who are not specialized in marketing and usually retains no sufficient fund to employ marketing professionals, DILLI is engaged in providing dedicated marketing talents. Now, it employs about 85 marketing professionals and seeks to become a start-up partner by investing technical services. 　　Notwithstanding, in light of the characteristics of Sitra’s operation and profitability, some people indicate that it is more similar to a developer of an innovation system, rather than a neutral operator. Therefore, it is not unlikely to hinder some work development which might be less profitable (e.g., establishment of platform). Further, Sitra is used to developing some new investment projects or areas and then founding spin-off companies after developing the projects successfully. The way in which it operates seems to be non-compatible with the development of some industries which require permanent support from the public sector. The other issues, such as INTRO lacking transparency and Sitra's control over investment objectives likely to result in adverse choice, all arise from Sitra’s consideration to its own investment opportunities and profit at the same time of mapping. Therefore, some people consider that it should be necessary to move forward toward a more transparent structure or a non-income-oriented funding structure[21] . Given this, the influence of Sitra’s own income over upgrading of the national innovation ability when Sitra boosts starts-up to engage in innovation activities is always a concern remaining disputable in the Finnish innovation system. 3. Boosting of Balance in Regional Development and R&D Activities 　　In order to fulfill the objectives under Lisbon Treaty and to enable EU to become the most competitive region in the world, European Commission claims technical R&D as one of its main policies. Among other things, under the circumstance that the entire R&D competitiveness upgrading policy is always progressing sluggishly, Finland, a country with a population of 5,300,000, accounting for 1.1% of the population of 27 EU member states, was identified as the country with the No. 1 innovation R&D ability in the world by World Economic Forum in 2005. Therefore, the way in which it promotes innovation R&D policies catches the public eyes. Some studies also found that the close relationship between R&D and regional development policies of Finland resulted in the integration of regional policies and innovation policies, which were separated from each other initially, after 1990[22]. Finland has clearly defined the plan to exploit the domestic natural resources and human resources in a balanced and effective manner after World War II. At the very beginning, it expanded the balance of human resources to low-developed regions, in consideration of the geographical politics, but in turn, it achieved national balanced development by meeting the needs for a welfare society and mitigation of the rural-urban divide as time went by. The Finnish innovation policies which may resort to technical policies retroactively initially drove the R&D in the manners including upgrading of education degree, founding of Science and Technology Policy Council and Sitra, establishment of Academy of Finland (1970) and establishment of the technical policy scheme, et al.. Among other things, people saw the role played by Sitra in Finland’s knowledge-intensive society policy again. From 1991 to 1995, the Finnish Government officially included the regional competitiveness into the important policies. The National Industrial Policy for Finland in 1993 adopted the strategy focusing on the development based on competitive strength in the regional industrial communities[23]. 　　Also, some studies indicated that in consideration of Finland’s poor financial and natural resources, its national innovation system should concentrate the resources on the R&D objectives which meet the requirements about scale and essence. Therefore, the “Social Innovation, Social and Economic Energy Re-building Learning Society” program boosted by Sitra as the primary promoter in 2002 defined the social innovation as “the reform and action plan to enhance the regulations of social functions (law and administration), politics and organizational structure”, namely reform of the mentality and cultural ability via social structural changes that results in social economic changes ultimately. Notwithstanding, the productivity innovation activity still relies on the interaction between the enterprises and society. Irrelevant with the Finnish Government’s powerful direction in technical R&D activities, in fact, more than two-thirds (69.1%) of the R&D investment was launched by private enterprises and even one-thirds launched by a single enterprise (i.e., Nokia) in Finland. At the very beginning of 2000, due to the impact of globalization to Finland’s innovation and regional policies, a lot of R&D activities were emigrated to the territories outside Finland[24]. Multiple disadvantageous factors initiated the launch of national resources to R&D again. The most successful example about the integration of regional and innovation policies in Finland is the Centres of Expertise Programme (CEP) boosted by it as of 1990. Until 1994, there have been 22 centres of expertise distributed throughout Finland. The centres were dedicated to integrating local universities, research institutions and enterprise for co-growth. The program to be implemented from 2007 to 2013 planned 21 centres of expertise (13 groups), aiming to promote the corporate sectors’ cooperation and innovation activities. CEP integrated local, regional and national resources and then focused on the businesses designated to be developed[25]. [1] Sitra, http://www.sitra.fi/en (last visited Mar. 10, 2013). [2] Jari Hyvärinen & Anna-Maija Rautiainen, Measuring additionality and systemic impacts of public research and development funding – the case of TEKES, FINLAND, RESEARCH EVALUATION, 16(3), 205, 208 (2007). [3] id. at 206-214. [4] Charles Edquist, Tterttu Luukkonen & Markku Sotarauta, Broad-Based Innovation Policy, in EVALUATION OF THE FINNISH NATIONAL INNOVATION SYSTEM – FULL REPORT 11, 25 (Reinhilde Veugelers st al. eds., 2009). [5] id. [6] id. [7] Finnvera is a company specialized in funding Start-Ups, and its business lines include loaning, guarantee, venture capital investment and export credit guarantee, etc. It is a state-run enterprise and Export Credit Agency (ECA) in Finland. Finnvera, http://annualreport2012.finnvera.fi/en/about-finnvera/finnvera-in-brief/ (last visited Mar. 10, 2013). [8] Markku Maula, Gordon Murray & Mikko Jääskeläinen, MINISTRY OF TRADE AND INDUSTRY, Public Financing of Young Innovation Companies in Finland 32 (2006). [9] id. at 33. [10] id. at 41. [11] Sitra, http://www.sitra.fi/en (last visited Mar. 10, 2013). [12] Sitra, http://www.sitra.fi/en (last visited Mar. 10, 2013). [13] The other two were engaged in boosting the regional R&D center and industrial-academy cooperative center programs. Please see Gabriela von Blankenfeld-Enkvist, Malin Brännback, Riitta Söderlund & Marin Petrov, ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT [OECD],OECD Case Study on Innovation: The Finnish Biotechnology Innovation System 15 (2004). [14] id. at20. [15] DIILI service provides sales expertise for SMEs, Sitra, http://www.sitra.fi/en/articles/2005/diili-service-provides-sales-expertise-smes-0 (last visited Mar. 10, 2013). [16] Maula, Murray & Jääskeläinen, supra note 8 at 41-42. [17] Corporate investments, Sitra, http://www.sitra.fi/en/corporate-investments (last visited Mar. 10, 2013). [18] Fund investments, Sitra, http://www.sitra.fi/en/fund-investments (last visited Mar. 10, 2013). [19] The venture capital funds referred to herein mean the pooled investment made by the owners of venture capital, while whether it exists in the form of fund or others is not discussed herein. [20] Project funding, Sitra, http://www.sitra.fi/en/project-funding (last visited Mar. 10, 2013). [21] Maula, Murray & Jääskeläinen, supra note 8 at 42. [22] Jussi S. Jauhiainen, Regional and Innovation Policies in Finland – Towards Convergence and/or Mismatch? REGIONAL STUDIES, 42(7), 1031, 1032-1033 (2008). [23] id. at 1036. [24] id. at 1038. [25] id. at 1038-1039.

Taiwan Has Passed “Statute of Human Biobank Management” to Maintain Privacy and Improve Medicine Industries Due to lack of regulations, divergent opinions abounded about the establishment of Biobanks and collection of human biological specimen. For example, a researcher in an academic research organization and a hospital-based physician collected biospecimens from native Taiwanese. Although they insisted that the collections were for research only, human rights groups, ethics researchers, and groups for natives´ benefits condemned the collections as an invasion of human rights. Consequently, the Taiwanese government recognized the need for Biobanks regulation. To investigate the relationship between disease and multiple factors and to proceed with possible prevention, The Legislative Yuan Social Welfare and Healthy Environment Committee has passed "the draft statute of human biobank management" through primary reviewing process on December 30, 2009 and subsequently passed through entire three-reading procedure on January 7, 2010. Therefore, the medical and research institute not only can set up optimal gene database for particular disease curing, but also can collect blood sample for database establishment, legally. However, the use of sample collections will be excluded from the use of judiciary purpose. In the light of to establish large scale biobank is going to face the fundamental human right issue, from the viewpoint of biobank management, it is essential not only to set up the strict ethics regulation for operational standard, but also to make the legal environment more complete. For instance, the Department of Health, Executive Yuan had committed the earlier planning of Taiwan biobank establishment to the Academic Sinica in 2006, and planned to collect bio-specimen by recruiting volunteers. However, it has been criticized by all circles that it might be considered violating the Constitution article 8 provision 1 front paragraph, and article 22 rules; moreover, it might also infringe the personal liberty or body information privacy. Therefore, the Executive Yuan has passed the draft statute of human biobank management which was drafted and reviewed by Department of Health during the 3152nd meeting, on July 16, 2009, to achieve the goal of protecting our nation’s privacy and promoting the development of medical science by management biomedical research affairs in more effective ways. Currently, the draft statute has been passed through the primary review procedure by the Legislative Yuan. About the draft statute, there are several important points as following: (1) Sample Definition: Types of collected sample include human somatic cell, tissues, body fluids, or other derivatives; (2) Biobank Establishment: It requires not only to be qualified and permitted, but also to set up the ethical reviewing mechanism to strengthen its management and application; (3)Sample Collection and Participant Protection: In accordance with the draft statute, bio-specimen collecting should respect the living ethics during the time and refer to the "Medical Law" article 64 provision 1; before sample collection, all related points of attention should be kept in written form , the participant should be notified accordingly, and samples can only be collected with the participant’s consent. Furthermore, regarding the restrained read right and setting up participants’ sample process way if there were death or lost of their capacity; (4) Biobank Management: The safety regulation, obligation of active notification, free to retreat, data destruction, confidentiality and obligation, and termination of operation handling are stipulated; and (5) Biobank Application: According to the new draft statute, that the biological data can’t be used for other purposes, for example, the use of inquisition result for the "Civil law", article 1063, provision 2, prosecution for denying the parent-child relationship law suit", or according to the "Criminal law", article 213, provision 6. This rule not only protects the participants’ body information and their privacy right, but also clearly defines application limits, as well as to set up the mechanism for inner control and avoid conflict of interests to prevent unnecessary disputes. Finally, the Department of Health noted that, as many medical researches has shown that the occurrence of diseases are mostly co-effected by various factors such as multiple genes and their living environment, rather than one single gene, developed countries have actively devoted to human biological sample collection for their national biobank establishment. The construction and usage of a large-scale human bank may bring up the critical issue such as privacy protection and ethical problems; however, to meet the equilibrium biomedical research promotion and citizen privacy issue will highly depend on the cooperation and trust between the public and private sectors. Taiwan Department of Health Announced the Human Biobanks Information Security Regulation The field of human biobanks will be governed by the Act of Human Biobanks (“Biobanks Act”) after its promulgation on February 3, 2010 in Taiwan. According to Article 13 of the Biobanks Act, a biobank owner should establish its directive rules based on the regulation of information security of biobanks announced by the competent authority. Thus the Department of Health announced the draft of the Human Biobanks Information Security Regulation (“Regulation”) for the due process requirement. According to the Biobanks Act, only the government institutes, medical institutes, academic institutes, and research institutes are competent to establish biobanks (Article 4). In terms of the collecting of organisms, the participants should be informed of the relevant matters by reasonable patterns, and the collecting of organisms may be conducted after obtaining the written consent of the participants (Article 6). The relative information including the organisms and its derivatives are not allowed to be used except for biological and medical research. After all the protection of biobanks relative information above, the most important thing is the safety regulations and directive rules of the database administration lest all the restrictions of biobanks owners and the use be in vain. The draft Regulation aims to strengthen the safety of biobanks database and assure the data, the systems, the equipments, and the web circumstances are safe for the sake of the participants’ rights. The significant aspects of the draft are described as below. At first, the regulation should refer to the ISO27001, ISO27002 and other official rules. Concerning the personnel management, the security assessment is required and the database management personnel and researchers may not serve concurrently. In case some tasks are outsourced, the contractor should be responsible for the information security; the nondisclosure agreement and auditing mechanism are required. The application system should update periodically including the anti-virus and firewall programs. The biobanks database should be separated physically form internet connection, including the prohibition of information transforming by email or any other patterns through internet. The authorizing protocol of access to the biobanks should be established and all log files should be preserved in a period. The system establishment and maintenance should avoid remote control. In case the database system is physically out of the owner’s control, the authorization of the officer in charge is required. If an information security accident occurred, the bionbanks owner should contact the competent authority immediately and inform the participants by adequate tunnel. The biobanks owner should establish annual security auditing program and the project auditing will be conducted subject to the necessity. To sum up, while the biobanks database security regulation is fully established, the biobanks owners will have the sufficient guidance in connection with the biobank information security to comply with in the future.

I.Summary In 1995, the Computer-Processed Personal Data Protection Law was implemented in the Republic of China. With the constant development of information technology and the limitations in the application of the legislation, the design of the original legal system is no longer consistent with practical requirements. Considering the increasing number of incidents of personal data leaks, discussions were carried out over a long period of time and the new version of the Personal Information Protection Act was passed after three readings in April, 2010. The title of the law was changed to Personal Information Protection Act. The new system has been officially implemented since 1 October, 2012. The new Act not only revised the provisions of the law in a comprehensive way, but also significantly increased the obligations and responsibilities of enterprises. In terms of civil liability, the maximum amount of compensation for a single incident is 200 Million NTD. For domestic industries, how to effectively respond to the requirements under the Personal Information Protection Act and adopt proper corresponding measures to lower the risk has become a key task for enterprise operation. II. Main Points 1. Implementation of the Enforcement Rules of the Personal Information Protection Act Personal information protection can be said the most concerned issue in Taiwan recently. As a matter of fact, the Computer-Processed Personal Data Protection Law was established in Taiwan as early as August 1995. After more than 10 years of development, computer and information technology has evolved significantly, and many emerging business models such as E-commerce are extensively collecting personal data. It has become increasingly important to properly protect personal privacy. However, the previous Computer-Processed Personal Data Protection Law was only applicable to certain industries, i.e. the following 8 specific industries: the credit investigation business, hospital, school, telecommunication business, financial business, securities business, insurance business, and mass media. And other business was designated by the Ministry of Justice and the central government authorities in charge of concerned enterprises. In addition, the law only protected personal information that was processed by “computer or automatic equipment”. Personal information that was not computer processed was not included. There were clearly no sufficient regulations for the protection of personal data privacy and interest. There were numerous incidents of personal data leaks. Among the top 10 consumer news issued by the Consumer Protection Committee of the Executive Yuan in 2007, “incidents of personal data leaks through E-commerce and TV shopping” was on the top of the list. This provoked the Ministry of Justice and the Ministry of Economic Affairs to “jointly designate” the retail industry without physical boutique (including 3 transaction models: online shopping, catalogue shopping and TV shopping) to be governed by the Computer-Processed Personal Data Protection Law since 1 July 2010. To allow the provisions of the personal information protection legal system to meet the environment of rapid change, the Executive Yuan proposed a Draft Amendment to the Computer-Processed Personal Data Protection Law very early and changed the title to the Personal Information Protection Act. The draft was discussed many times in the Legislative Yuan. Personal Information Protection Act was finally passed after three readings in April 2010, which was officially published by the Office of the President on 26 May. Although the new law was passed in April 2010, to allow sufficient time for enterprises and the public to understand and comply the new law, the new version of the personal information protection law was not implemented on the date of publication. In accordance with Article 56 of the Act, the date of implementation was to be further established by the Executive Yuan. After discussions over a long period of time, the Executive Yuan decided for the Personal Information Protection Act to be officially implemented on 1 October 2012. However, the implementation of two articles is withheld: Article 6 of the Act about the principal prohibition against the collection, processing and use of special personal information and Article 54 about the obligation to notice the Party within one year for personal information indirectly acquired before the implementation of the new law. In terms of the personal data protection legal system, other than the most important Personal Data Protection Act, the enforcement rules established in accordance with the main law also play a key role. The previous Enforcement Rules of the Computer-Processed Personal Data Protection Law were published and implemented on 1 May, 1996. Considering that the Computer-Processed Personal Data Protection Law was amended in 2010 and that its title has been changed to the Personal Data Protection Act, the Ministry of Justice also followed the amended provisions under the new law and actively studied the Draft Amendment to the Enforcement Rules of the Computer-Processed Personal Data Protection Act. After it was confirmed that the new version of the Personal Data Protection Act would be officially launched on 1 October 2012, the Ministry of Justice announced officially the amended enforcement rules on 26 September, 2012. The title of the enforcement rules was also amended to the Enforcement Rules of the Personal Data Protection Act. The new version of personal data protection law and enforcement rules was thus officially launched, creating a brand new era for the promotion of personal data protection in Taiwan. II. Personal Data Administration System and Information Privacy Protection Charter Before the amendment to the Personal Data Protection Act was passed, the Legislative Yuan made a proposal to the government in June 2008 to promote a privacy administration and protection certification system in Taiwan, in reference to foreign practices. In August of the following year, the Strategic Review Board of the Executive Yuan passed a resolution to promote the E-Commerce Personal Data Administration and Information Security Action Plan. In December of the same year, approval was granted for the plan to be included in the key government promotion plans from 2010 to 2013. Based on this action plan, since October 2010, the Ministry of Economic Affairs has asked the Institution for Information Industry to execute an E-Commerce Personal Data Administration System Setup Plan. Since 2012, the E-Commerce Personal Data Administration System Promotion Plan and the Taiwan Personal Information Protection and Administration System (TPIPAS) have been established and promoted, with the objective of procuring enterprises to, while complying with the personal data protection legal system, properly protect consumers’ personal information through the establishment of an internal administration mechanism and ensuring that the introducing enterprises meet the requirements of the system. The issuance of the Data Privacy Protection Mark (dp.mark) was also used as an objective benchmark for consumers to judge the enterprise’s ability to maintain privacy. Regarding the introduction of the personal data administration system, enterprises should establish a content administration mechanism step by step in accordance with the Regulations for Taiwan Personal Information Protection and Administration System. Such system also serves as the review benchmark to decide whether domestic enterprises can acquire the Data Privacy Protection Mark (dp.mark). Since domestic enterprises did not have experience in establishing internal personal data administration system in the past, starting 2011, under the Taiwan Personal Information Protection and Administration System, enterprises received assistance in the training of system professionals such as Personal Data Administrators and Personal Data Internal Appraisers. Quality personal data administrators can help enterprises establish complete internal systems. Internal appraisers play the role of confirming whether the systems established by the enterprises are consistent with the system requirements. As of 2012, there are almost 100 enterprises in Taiwan that participate in the training of system staff and a total of 426 administrators and 131 internal appraisers. In terms of the introduction of TPIPAS, in additional to the establishment and introduction of administration systems by qualified administrators, enterprises can also seek assistance from external professional consulting institutions. Under the Taiwan Personal Information Protection and Administration System, applications for registration of consulting institutions became available in 2012. Qualified system consulting institutions are published on the system website. Today 9 qualified consulting institutions have completed their registrations, providing enterprises with personal data consulting services. After an enterprise completes the establishment of its internal administration system, it may file an application for certification under the Taiwan Personal Information Protection and Administration System. The certification process includes two steps: “written review” and “site review”. After the enterprise passing certification, it is qualified to use the Data Privacy Protection Mark (dp.mark). Today 7 domestic companies have passed TPIPAS certification and acquired the dp.mark: 7net, FamiPort, books.com.tw, LOTTE, GOHAPPY, PAYEASY and Sinya Digital, reinforcing the maintenance of consumer privacy information through the introduction of personal data administration system. III. Event Analysis The Taiwan Personal Information Protection and Administration System (TPIPAS) is a professional personal data administration system established based on the provisions of the latest version of the domestic Personal Data Protection Act, in reference to the latest requirements of personal data protection by international organizations and the experience of main countries in promoting personal data administration system. In accordance with the practical requirements to protect personal data by industries, TPIPAS converted professional legal conditions into an internal personal data administration procedure to effectively assist industries to establish a complete and proper personal data administration system and to comply with the requirements of personal data legislations. With the launch of the new version of the Personal Data Protection Act, introducing TPIPAS and acquiring dp.mark are the best strategies for enterprises to lower the risk from the personal data protection law and to upgrade internal personal data administration capability.