在資訊快速流通、整合之時代,各種行業均擁有眾多種類之個人資料,使得個人資訊隱私權有著被侵害之高度風險。個資法於施行後,對銀行作業之影響極為廣泛,使用客戶資料之來源均需有所依據。筆者希望透過個資法在執行稽核業務時之經驗,對在作業時所面對之法條疑義及適用困難提出建議,並從稽核之角度加強在作業流程對個人資料之保護與控管。本研究之目的為:(一)探究隱私權、金融隱私權之發展及其內涵。(二)瞭解我國個人資料保護之理論基礎。(三)瞭解我國金融機構對於客戶資料保護之各種法制規範、所應負之責任與義務。(四)提出在個資法對金融機構實務之衝擊影響、適用疑義與其所採之因應對策。(五)在個資法資料安全內部稽核之管理與運用。
In this era of rapid information transmission and integration, every type of enterprises has access to a variety of personal information, leading to high risks of personal information privacy violations.The implementation of the Personal Information Protection Act has had diverse impacts on bank operations that banks must have rational justifications when accessing customer information.The author hopes to apply experiences acquired during conductions of operational audits in providing advices for doubts about the laws and difficulties in applications of laws at work, and to enhance personal information protection as well as management in operational processes from an auditing perspective.The purposes of this study include: 1) to investigate developments and contents of rights to privacy and financial privacy, 2) to understand the fundamental theories of the Personal Information Protection Act of Taiwan, 3) to understand the laws and regulations, responsibilities and obligations of financial institutions in protecting customer information in Taiwan, 4) to propose impacts of the Personal Information Protection Act on financial institution practices as well as doubts about applications of laws and responses to such questions, and 5) to discuss management and applications of internal information safety audits under the Personal Information Protection Act.