資訊隱私權屬於人民憲法上的基本權利之一,是故,國家對於人民的個人資料負有憲法上的保護義務,其中的具體作法,包括了制定有效的法律,避免第三人所持有的個人資料外洩,而遭到盜用。 個人資料外洩指的是,他人未經授權取得公或私部門持有的個人資料,並足以影響其安全性、私密性及完整性。本文也歸納其發生原因。在發生個資外洩後,往往會造成企業信用或商譽上無形的損失,是故要求其外洩通知,可以促使其更加重視其內部的資訊安全機制。參酌美國的立法例後,我們建議,我國也應該有個資外洩通知的規定。在本文裡,我們也具體地針對外洩通知規範所應適用的範圍、個人資料的定義、外洩通知的時間點、對象、期間、方式及違背通知義務者的責任等議題,提出討論及建議,以供作日後立法或修法時的參考。
Information privacy right is guaranteed by our constitution. Therefore, the government has a constitutional obligation to protect people's personal data. A method to fulfill the obligation is to enact efficient law to prevent people's data from being breached and illegally used. Breaches of personal data mean that unauthorized acquisition of personal data that compromise the security, confidentiality and integrity of personal data maintained by public or private sectors. This article details the reason of breaches of personal data. Breaches of personal data also damage credit and reputation of corporations. Thus, personal data breach notification law is able to force them to emphasize their internal information security system. Referring to American related statutes, we suggest that we should have breach notification law. In this article, we provide advice about the scope, trigger, targets, timelines, methods of breach notification, the definition of personal data, and the liability for violation. The provided advice could be taken when enacting or amending related statutes.