雲端運算服務之個資保護及治理機制

近年來，組織採用雲端運算已經成為流行趨勢，政府組織也開始使用雲端運算的服務來管理個資保護的需求和政府風險安全管理上的不足。本文探討政府對於雲端運算技術中個人資料保護的機制，以管理、技術及稽核三個控制層面建立雲端運算中個資保護的治理機制。此機制可做為組織在雲端運算環境，如何保護個人資料的參考，並據以建立適當的防護機制，減少資安風險。此外，本文亦將此雲端運算個人資料保護機制與OECD組織隱私與個資保護八大原則及APEC隱私保護九大綱領加以比較，結果顯示此機制與OECD組織和APEC九大綱領之措施相符程度極高，運用此機制對於降低安全風險及提升個人資料保護的制度應有助益，不論從雲端中個資的蒐集、維護與使用，或是系統上安全防護或責任的規範都將可有顯著的改善，進而達成降低安全風險與提升個人資料保護的目標。

關鍵字

無資料

並列摘要

In recent years, organizations using cloud computing has become a trend. Governmental organizations have begun to use cloud computing services to manage the personal data protection and risk management. This article provides a governance mechanism for protecting personal data in a cloud computing environment. It includes three control levels to establish a cloud computing governance mechanism to protect personal data, including the levels of management, technology and auditing. This mechanism is for everyone to be able to get more protection and to reduce security risk for government in the cloud computing environment. When the Government applies cloud services, good mechanisms will help the Government to protect all information technology security and is helpful for policy communication. It will not only make people feel at ease using the cloud information but also enhance people's confidence in the Government. It will enhance the mutual trust between the government and the people.