法令遵循控制機制成熟度模型之研究－以個資管理為例

近年來企業違法事件頻傳，顯然未有效控管法令遵循風險。陳天意於2016年提出「法令遵循控制機制成熟度模型」（Maturity Model for the Control Mechanisms of the Legal Compliance，簡稱MM-CMLC 模型），可用以辨別企業法令遵循控制機制的健全程度。為瞭解MM-CMLC 模型在實務上應用的可行性，本文採用質性研究方法，蒐集相關文獻對MM-CMLC 模型建構加以檢驗，且深入研究個案公司運用法令遵循控制機制，來協助個人資料管理制度之建置與實施的過程，再比較個案公司法令遵循控制機制與法規要求之差異，並將個案公司法令遵循控制機制與MM-CMLC 模型加以比較及檢驗。研究發現MM-CMLC 模型是一個完整的法令遵循控制措施實務架構，研究結果對MM-CMLC 模型提出補充建議，藉此提高MM-CMLC 模型的實務應用價值，讓企業可參照模型以標準化方式導入法令遵循控制機制，故本研究已填補過去文獻不足之處，亦為探求法令遵循控制機制應用者提供一個參考指引。

關鍵字

法令遵循；成熟度模型；個人資料管理；內部控制

並列摘要

The frequent events of violating the laws in recent years are not significantly effective to be controlled and reduced by the punished risks of violating the laws. Tien-Yi Chen (2016) proposed MM-CMLC Model (Maturity Model for the Control Mechanisms of the Legal Compliance), and the model can help companies to identify the robustness level of a control mechanism for regulatory compliance. In order to understand the feasibility of MM-CMLC model to apply in practice, the study used in-depth case studies of the use of company regulatory compliance control mechanisms, to help build and implement the system of personal information management process, the case follows the Companies Act, control mechanisms and MM-CMLC model to compare and test by Qualitative Research Methods. The study shows the model is a complete architecture for regulatory compliance controls in practice and the result proposed additional recommendations for the model to increase the value of practical application. According to the verified model, enterprises can implement regulatory compliance control mechanisms by the model and standardized procedures. Therefore, the research not only improved the insufficient literature in the past but also provided a reference guidance of a control mechanism for regulatory compliance.