頁籤選單縮合
題名 | 以BS 10012為基礎評估組織導入個人資訊管理制度之研究= |
---|---|
作者 | 黃明達; 張書鳴; |
期刊 | 電腦稽核 |
出版日期 | 20110700 |
卷期 | 24 2011.07[民100.07] |
頁次 | 頁11-28 |
分類號 | 494.542 |
語文 | chi |
關鍵詞 | 個人資料保護法; 個人資訊管理制度; BS 10012; ISO 27001; PIMS; Personal information protection act; Personal information management system; |
中文摘要 | 刑事警察局2009年165反詐騙專線統計指出,網路購物個人資料(以下簡稱個資)外洩詐騙事件排名第一,占全部詐騙數35%,顯示個資外洩情形嚴重。在個人資料保護法三讀通過後,組織一旦違法使用個資,將面臨高價求償金、刑責等問題,組織可能需開始著手規劃並實施針對個人資料的相關保護工作,降低個資法帶來的衝擊。本研究以問卷調查方式,分析各組織個人資料保護現況。發現商譽受損是最多組織不慎洩漏個資擔憂的衝擊,但中小企業與非營利事業對於須自行舉證組織並無故意或過失洩漏個資的困擾更甚於商譽受損。本研究以BS 10012為基礎之「規劃」、「實行與運作」、「監督與審查」、「改善」等四構面,評估組織的個人資訊管理制度(Personal Information Management System, PIMS)狀況,提供十種組織可優先加強構面之建議,如資訊服務業、金融業等組織在「規劃」構面、政府部門等在「實行與運作」構面、非營利組織等在「監督與審查」構面與電信業等在「改善」構面,建議強化個人資訊管理制度上的不足,使組織降低個資法將帶來的衝擊。 |
英文摘要 | In 2009, Criminal Investigation Bureau 165 anti-fraud hotline statistics indicate that internet shopping frauds due to leakage of personal information were ranked first, accounting for 35% of frauds, indicating a serious problem of personal information leakage. After the Personal Information Protection Act third reading passed, if organization uses personal information illegally that will face high claims payments, criminal liability and other issues. To reduce impact from the Personal Information Protection Act, Organizations may need to begin to plan and implement relevant for the protection of personal information.This research is used the method of questionnaire survey, analysis of the status of personal information protection in organizations. Organization goodwill impairment is found in most organizations are concerned about the impact from accidental personal information leakage. But small and medium-sized enterprises and non-profit organizations are concerned about required to prove organizational without intention or negligence of personal information leakage problems more than organization goodwill impairment. Assess the organizational personal information management system base on "Plan", "Do", "Check", "Act", four phases of BS 10012, through analysis to provide 10 types of organizations priority advices on strengthen phase, such as "information services industry" and "financial services industry" in the "plan" phase, "government departments" in the "Do" phase, "non-profit organizations" in the "Check" phase, and "telecommunications industry" in the "Act" phase. Strengthening Lack of personal information management system will enable to reduce impact from the Personal Information Protection Act. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。