本研究主要目的為探討個人資料保護之內部控制與稽核項目。在Gowin's Vee知識地圖的指引下,首先,於概念/理論端(Conceptual/Theoretical)的操作方面,本研究採用文獻回顧方式,有系統地探索與個人資料保護法、內部稽核之相關文獻、及參考國際內部稽核專業實務架構(IIA-IPPF),彙整出可適用於一般組織之個人資料保護的內部稽核項目與稽核流程。其次,在方法端(Methodological)方面,則採用內容分析法,於所設定的國內外期刊資料庫中進行文獻搜尋、分類與編目彙整。本研究成果有二項重要產出:個人資料保護內部稽核項目與內部稽核流程。本研究初步之成果,可做為未來進一步發展一般組織個人資料保護稽核機制的基礎,亦可增進學術界對於質性研究方法之知識參考。
The main purpose of this study is to investigate internal control and audit items for personal information protection in general organizations. By adopting a qualitative approach and research strategic of the Gowin's Vee knowledge map, in the first stage - conceptual/theoretical aspect, this study systematically reviewed general principles and concepts of PIP acts in Taiwan, and constructed internal audit process for PIP based on the standard of IIA-IPPF: 2013. Further, in the second stage of methodological aspect, this study conducted the method of content analysis to explore, classify, and aggregate the related literature based on a set of keywords and conditions from journal database for obtaining the relevant audit items. The result of this study has two important outputs: internal audit items and audit process for personal information protection in general organizations. The preliminary results of this study can be used as a reference for developing internal audit mechanism and the knowledge to better understand the research method of qualitative approach.