Taiwan
Answer ... All data controllers are subject to the Personal Data Protection Act (PDPA), including virtual currency service providers. Pursuant to the PDPA, data collectors and processors must comply with certain requirements when collecting personal data from individuals.
Data controllers must also implement appropriate security measures to prevent personal data from being stolen, altered, damaged, destroyed or disclosed under the PDPA.
Taiwan
Answer ... Cybersecurity is governed by the Cyber Security Management Act (CSMA). The CSMA does not apply to all business entities: its main targets are government agencies and critical infrastructure providers. The specific entities to which it applies are still under discussion by the competent authorities; but according to a press release issued by the Executive Yuan, entities such as energy companies, healthcare providers and major financial institutions are likely to be designated as critical infrastructure providers. Entities that are considered critical infrastructure providers will be subject to the security and reporting requirements under the CSMA.
To protect themselves from hacks, in practice, virtual currency trading platforms often establish their own internal control protocols to identify risk factors and conduct regular risk assessments.
For trading platforms whose activities involve STOs under NTD 30 million, the Taipei Exchange has issued relevant regulations with which they must comply, including relevant internal control guidelines.
In addition, offences such as hacking and denial of service attacks will incur criminal penalties, including imprisonment and fines.