The Research of Digital Forensics applied to the Burden of Proof in Personal Information Protection Act

指導教授 : 梁德昭


隨著時代的進步,人們越來越倚賴資訊帶來的便利,不論是政府、學校或是企業,都會用電腦輔助建立國民、學生或是客戶的個人資料檔。為了保護大眾的隱私權益,政府也於2010年三讀通過了「個人資料保護法」(或稱個資法)。   隨著「個人資料保護法」的實行,當個人資料外洩時,政府、企業如何達成個資法所要求之舉證責任,將是一個重要議題。   本研究特別針對數位鑑識之步驟和程序進行探討,找出適合應用於舉證責任的部分,並推導出一套適合的步驟供企業進行參考。也會利用ISO 15408(共同準則),來加強公司系統安全性的探討。因為只有單方面的蒐證是不足夠的,還必須證明公司有盡到應盡之防護責任。


With the progress of the times, people are depended on the information to bring convenience day by day. Whether government, schools or businesses, will use computer to create and save national, students or customer's personal data files. In order to protect the privacy right of the public, the government also passed third reading of the "Personal Information Protection Act" in 2010.   With the "Personal Information Protection Act" in practice, when the leakage of personal information, it will be an important issue for the government and enterprises to burden of proof.   In this Research, particularly for digital forensics steps and procedures to explore, find the appropriate burden of proof. And deriving a suitable procedure for enterprise to reference.   Also use ISO 15408 (Common Criteria), to strengthen the company's system security. Because only unilateral gathering evidence is not enough, enterprise must prove that the company has the protection and fulfill responsibilities.


