個人料保護法制與組織內管理及資安思維之探討

我國一直以來針對資訊安全相關事宜，皆以不同法律管制需求進行分散式規定，並未有對於政府組織或民間資訊安全管理之專法規範。以致於當2010年5月個人資料保護法通過，許多資訊安全法制配套的議題討論不斷出現，似乎將個人資料保護法當作資訊安全法制化發展之一塊浮木。個資法及配套子法通過後在資安法制面也許有其影響價值，然其內涵對於組織資訊安全思維會產生如何之影響，實為國內各界所關注。本文擬以個資法重要概念，以及其母法、子法當中與資訊安全相關之規定作為主軸，佐以目前主要個人資料管理標準或規範的內涵，討論個資法通過後組織內部管理與資訊安全觀念應有的思維。

關鍵字

個人資料保護法；個人資料管理；個人資料管理制度

並列摘要

Information security-related issues in Taiwan have been mainly focused on the legal requirements from different legislations. There is no specific law governing security problems either from government organizations or from private sections. Therefore, while the Personal Data Protection Act had been passed in May 2010, many people began to discuss how the Act will change the idea about information security within an organization and if the Act will become the driftwood of legislation of information security.Beside the effect on the trend of legislation of information security, the passage of Personal Data Protection Act will also exercise other influence over inner security concept of an organization. This article is trying to collect rules and requirements from major personal data management systems and discuss about the new concepts that an organization should have under this legal environment.

並列關鍵字

Personal information management system ； Personal data management system ； TPIPAS ； PIMS ； PMS

參考文獻

大法官釋字第603 號解釋

Google Scholar

OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Part 2 BASIC PRINCIPLES OF NATIONAL APPLICATION。http://www.oecd.org/document/18/0,3746,en_2649_34223_1815186_1_1_1_1,00.html (最後瀏覽日：2012.07.07)

Google Scholar

APEC PRIVACY FRAMEWORK, Part iii APEC information privacy principles. http://www.apec.org/Groups/Committee-on-Trade-and-Investment/~/media/Files/Groups/ECSG/05_ecsg_privacy framewk.ashx (最後瀏覽日：2012.07.07)