資訊安全議題隨著資訊科技的進步受到關注及重視,但資訊安全的事件仍是不斷地發生。另外,資訊安全事件發生時,公司方也時常試圖撇清其責任與賠償。因此,本研究透過瞭解我國資訊安全現況,包含資訊安全相關法令以及事件特性,釐清資訊安全事件及其相關法令的關係,以及各方所須負責的法律責任,進一步探討我國企業設置資訊安全的誘因。而研究結果發現,我國目前資訊安全法令之誘因程度可能不足夠。第一,並非所有事件類型都有相對應的資訊安全法令予以規範;第二,裁罰對象並非以企業為主;第三,即便企業受裁罰,裁罰金額仍不大。因此,企業若發生資訊安全事件所須負起的法律責任和裁罰,可能不足以促使企業增加資訊安全防護。能否補強此問題,有待未來法令的新增與修改。;Despite of increasing attention on information security issues, information security incidents still continue to occur. In addition, companies often try to avoid their responsibilities and sanctions on information security breaches. Therefore, this study analyzes the current situation of information security in Taiwan, including the laws related to information security and the characteristics of information security incidents, to discover the insufficiency of Taiwan′s information security laws. The study finds that current penalties for information security breaches are low in Taiwan for certain types of information security incidents. I also find that there is even no penalties for some companies. Overall, my findings show that Taiwan′s laws do not charge enough penalties for firms to address information security.
