中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/65653
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41688703      Online Users : 1434
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/65653


    Title: 個資法施行後對組織之衝擊與因應-以S大學為例;Organization Impact of the Personal Information Protection Act and a Proposed Solution – the Case of University “S”
    Authors: 翁加偉;WENG,CHIA-WEI
    Contributors: 資訊管理學系在職專班
    Keywords: 個人資料保護法;個人資訊管理制度;ISO 27001;BS 10012;ISMS;PIMS;Personal Information Protection Act;ISO 27001;BS 10012;ISMS;PIMS
    Date: 2014-07-14
    Issue Date: 2014-10-15 17:07:26 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 《個人資料保護法》正式公告實施後,讓台灣個人資料保護邁入新的里程碑。近來頻頻發生資訊安全外洩事件及侵害個人隱私資料事件,因而喚起社會大眾對個人資料保護意識。在此環境下若無完善之資訊安全防護機制及個人資料保護的措施,很容易造成個人資料外洩的問題,尤其個資法實施後,一旦發生個資外洩事件,不僅衝擊組織的形象,更可能面臨法律責任及鉅額賠償的問題。

    個案學校雖然每年透過第三方取得資訊安全管理標準ISO 27001 驗證,已提供完善的資訊安全的防護基礎,但是校方在面對個資法的衝擊及教育部要求之下,需以保護個人資料的角度來審視現行的資訊安全制度,以降低校方所面臨的法律衝擊及加強保護個人資料的安全措施。

    本研究透過個資法、資訊安全及個人資料保護等相關文獻進行探討,並審視校方的資訊安全措施及資訊資產的盤點來了解校方目前的現況。最後依據個資法、個資法實行細則規定及利用個人資料生命周期,逐一分析校方在法令上所面臨衝擊及問題。

    針對衝擊及問題,在符合個資法及配合校方已實施資訊安全管理系統 (ISMS) 的條件下,採用 BS 10012 個人資料保護系統 (PIMS) 及PDCA管理循環的作法,本研究提出因應個資法衝擊之改善方案,並規劃個人資料保護系統的實施步驟,利用由上而下的改善方式,透過擴大校方原有的資訊安全制度,來完善個人資料保護的深度及廣度,降低校方誤觸個資法的風險,進而達到保障個人資料之目的。;The official announcement and implementation of the “Personal Information Protection Act” has propelled the privacy protection issue in Taiwan into a new era. Recently, frequent occurrence of information security leaks and data privacy violation events has awakened public awareness concerning this issue. Personal information leakage is likely to happen under circumstances without comprehensive information security protection mechanisms and personal information protection measures in place. Especially after the implementation of the “Personal Information Protection Act,” personal information leakage incidents will not only impact the image of the organization but also result in legal liabilities and severe damage compensation.

    Having already acquired information security management ISO 27001 annual certification through a third party, University “S” is covered with a comprehensive information security protection base. However, the university is still faced with the impact of “Personal Information Protection Act” and the related requests from the Ministry of Education. It must further examine the existing information security system from the viewpoint of personal information protection to reduce the legal impact and strengthen security measures to protect personal information.

    This study aims to provide a solution for the university facing such a problem. First, a review of relevant literature concerning the “Personal information Protection Act,” information security, and protection of personal information is conducted. Second, it seeks to understand the current status of the university through examining the information security measures and information assets. Third, it analyzes the legal impact and issues faced by the university in accordance with the “Personal Information Protection Act,” Personal Information Protection Act Enforcement Rules, and the use of personal information life cycle.

    Finally, based on the Personal Information Protection Act and Information Security Management System (ISMS) implemented by the school, this study also adopts the BS 10012 Personal Information Management System (PIMS) and PDCA viewpoints, it proposes a set of actions in response to the impact of the Personal Information Protection Act. Detail implementation steps are also outlined. We adopt the top-down improvement method to improve personal information protection in depth and breadth, reduce the risk of violating Personal Information Protection Act, and achieve the purpose of protecting personal information by expanding the existing security system of the university.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML565View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明