從本研究的個案分析,可以得知個案公司在落實個資保護上確有成效。因此,本研究歸納出個案公司在推動專案的各環節,所遭遇的問題及重要因應策略,做為相關產業因應個資法策略規劃之參考。最後,本論文站在學術研究的角度,對於產業與政府兩方面,各自提出實務建議。一方面建議產業端,對個資保護的因應重點應在於「善盡保護的責任」,不能只講求不違法,以達到法規遵循性並符合民眾對企業保護個人資料責任之期望;另一方面建議政府端,應該立即明確定訂主管機關,避免發生爭議時,中央與地方互踢皮球,造成產業無所適從,並積極推動個資保護相關配套措施,「善盡管理的責任」,讓產業有所遵循,別讓立意良好的善法,變成苛政擾民的惡法。 The Personal Data Protection Act (referred to as the “PDPA” hereafter) approved by the Ministry of Justice takes effect on October 1, 2012 and formally replaces the 1995 Computer-Processed Personal Data Protection Act. A milestone has indeed been reached in Taiwan with regards to personal data protection. But despite the enforcement of the PDPA, over 50% of businesses have not yet implemented any corresponding measure. One major reason is a lack of clear guidelines according to a survey (iThome, 2012).
Most research conducted previously offer recommended corresponding guidelines from a theoretical perspective. Through a case study method, this research examines from a practical perspective problems and strategies encountered by the case company under the PDPA. By detailing strategy development processes and providing a practical model, this research aims to complement businesses with knowledge of the PDPA.
The case company is proved to be effective in protecting personal data. Problems faced by the company and its important corresponding strategies are summarized. In the end of the research, practical suggestions are provided for both industry and the government. On one hand, the industry should not only avoid violating the law, but fulfill its responsibility in protection. On the other hand, the government should stipulate clear guidelines so that central and local governments have no way to shirk responsibility in case of disputes. The government should launch supporting measures, fulfill its responsibility in management, and provide the industry with guidelines.
