透過您的圖書館登入
IP:44.211.35.130
  • 學位論文

因應個人資料保護法之施行探究企業之風險管理

In response to the implementation of the Personal Data Protection Act explore enterprise risk management

指導教授 : 陳瑞

摘要


人手一隻iPhone或各家Andriod智慧型手機,不論在搭乘公車、捷運,甚至開會、聊天聚會時,已成為全球各國一致的社會現象,而手機作為一種隨著使用者移動的科技設備,因其隨時連網、功能強大的特性,也產生許多新興的社會問題。當大家在享受便利、分享生活的同時,個人資料在不經意間被業者所蒐集及利用; 隨著電子商務以及雲端科技的快速發展,也改變了人們生活習慣與商業經營型態,使得資訊得以快速流通,存取資料也更加容易。不論是企業只要曾經用過網際網路,或是一般大眾以書面方式留下個人資料,都可能會面臨資料被不當紀錄、盜拷、資訊外洩、或意外刪除,甚至被第三方不當利用等風險。 個人資料保護的核心是資訊隱私權的保護,但在過去我國由於政府、企業、學校,乃至於個人對於隱私權的保護仍處於萌芽階段,導致個人隱私資料經常在無意間遭有心人士利用,引發相當大的爭議。加上近年來詐騙集團猖獗,個人資料常被不法集團利用,詐騙案件屢見不鮮;因此,個人資料保護的議題也就越來越受到重視與討論。經過多年來的努力、修法,終於2010年5月26日修訂完成的「個人資料保護法」(以下簡稱「新個資法」)將舊法大幅修改,不僅擴大了原適用範圍,對於企業與個人在蒐集個人資料時,所應採用的程序與所應盡義務亦做了規範。 本文首先介紹我國個人資料保護法新舊沿革,了解我國個資法修法之重點意涵。其次,企業的相關人,包括客戶、上下游廠商、合作夥伴與員工,私人資料與商業機密都有可能暴露在資訊不安全的狀態下;而企業如何在利益維護的情況下,能符合個資法之要求,善盡個資維護之義務,避免不諳法律而誤觸法網,造成自身商譽受損、面臨官司訴訟、損害的高額賠償。再者,企業應檢視責任風險,除了積極的預防外,如何依據企業自身的特性來規劃適當的保險,發揮成本效益,達到企業風險管理的目標。

並列摘要


No matter when you're taking a bus or MRT, or even during a meeting, a chatting or a gathering, people holding an iPhone or various Android cell phone in their hands has become a consistent phenomenon across the world. Being a technology device that moves with its user, cell phone also incurs numerous emerging social problems because of its characteristics of web connection at any time as well as power functions. At a time when everyone enjoys its convenience and shares his/her life with each other, personal information has been collected and utilized by companies without anyone's notice. With the speedy development of e-commerce and cloud technology, people's living habits and types of business management have also been changed accordingly. This ensures speedy circulation of information as well as easier storing and retrieving of information. For businesses which utilized internet before, or the general public who left their personal information in writing, their information could face risks of unduly recording, unauthorized duplication, information leakage, accidental deletion or even third party's inappropriate utilization. The core of personal information protection lies in the protection of information privacy. In the past, however, privacy protection from our government, businesses, schools or even individuals was still in the beginning phase. This had led to accidental utilization of personal privacy information by someone with specific intent and incurred relatively huge controversy accordingly. In recent years, we have witnesses the aggressiveness of defraud syndicates, unlawful personal information utilization by syndicates as well as increase on the number of defraud cases. Therefore, issues of personal information protection have received more and more emphasis and discussion. Through years of effort and modification of law, modification for "Personal Information Protection Act" (hereinafter referred to as "New Personal Information Act") finally completed on May 26th, 2010. Previous Act was modified in large scale. This modification not only expands original law application scope, it also stipulates process as well as obligations to be fulfilled during business or individual's collection of personal information. In this article, we first introduced evolution of Personal Information Protection Act here in this country and offered an understanding on emphasis and meaning for the modification of the Personal Information Protection Act. We then raised the issue that personal information as well as business secrets for related parties of businesses including customers, upstream/downstream vendors, collaborating partners and employees are likely to be exposed to the state of unsafe information. We also illustrated how business could, under the circumstances of protecting their interests and compliance with requirements from Personal Information Protection Act, fully fulfill their duty on information protection to avoid violation of law, damage on goodwill, litigation as well as large amount of damage compensation from their unawareness of law. Furthermore, businesses should review their responsibility risks. In addition to aggressive prevention, businesses should learn how to ensure appropriate insurance in accordance with their own characteristics, develop cost efficiency and achieve business risk management goal.

參考文獻


2.林鴻文,「個人資料保護法」,書泉出版社,2013年5月1日。
4.呂丁旺,淺析修正「個人資料保護法」,月旦法學雜誌,2010 年8 月。
9.劉靜怡,不算進步的立法:「個人資料保護法」初步評析,月旦法學雜誌,2010 年8 月。
2.立法院公報,第98卷,第65期,院會紀錄。古清華,個人資料保護相關議題探討,資訊法務透析,1993 年6 月。
8.劉佐國,我國個人資料隱私權益之保護-論「電腦處理個人資料保護法」之立法與修法過程,律師雜誌第307期,2005年4月。

延伸閱讀