個人資料保護的線上安全模式之研究

Abstract

近頃，媒體關注的資訊保護問題已顯示越來越多的民眾關切其個人資訊的保護和權利。許多組織亦因科技精進，得以驚人的速度快速搜集個人資料，製造商機。此時，正是管理線上資訊隱私、資訊安全及相關法制議題最佳化的時機。面對隱私侵害，臺灣開始思考資料保護法的法制規範，本文爰針對法律、實務問題和隱私保證的技術文獻，進行探討，希冀以積極態度探討侵犯隱私議題，提供政府思索管制個人資料的介入對策。 本文提出「P-P模型」共分兩個階段：績效評估分析階段及政策規劃管理階段。藉此模式提供管理者一個強化隱私保護政策的指導方針。本文除提供資訊管理人員一個強化隱私保護及資訊管理的做法與建議外，亦有助於釐清個資外洩的網絡犯罪事件調查。

Recent media attention to information protection issues has shown that citizens are increasingly concerned about personal information protection and their right to it. Many organizations have collected data about individuals at an increasing alarming rate. It’s about time to manage privacy and security of on-line information by reviewing their fundamentals and principles as well as relevant laws and regulations. Concerns of privacy harm have resulted in laws and regulations such as the privacy rules of Personal Information Protection Act (PIPA) in Taiwan. Taking a proactive stance against privacy invasion could help stave off government intervention to tighten controls over what can be done with an individual's personal data. This proposed P-P model is divided into two phases: Performance Evaluation Phase, and Policy Management Phase. Each Phase is explored from the following issues: concern, issue, response, strategy, principle, focus, and element. That model is presented to provide managers guidance in dealing with privacy policy. The main contributions of this thesis lie in analyzing the internet privacy violation, conceptualizing a novel privacy-enhanced framework, providing the privacy strategy on the internet, and improving the ability on information security. The thesis closes with recommendations for privacy and security good practices for information managers. That also benefits the cybercrime investigation of data leakage.