1. NCCU Academic Hub
  2. 學術產出
  3. College of Law
  4. Theses
  5. Item

學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

  • No doi shows Citation Infomation
題名 公務機關之間傳輸個人資料保護規範之研究-以我國、美國及英國法為中心
A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K.
作者 林美婉
Lin, Mei Wan
貢獻者 陳起行
Chen, Chi Shing
林美婉
Lin, Mei Wan
關鍵詞 個人資料保護
隱私權
資訊隱私
資料傳輸
資料共用
personal data protection
privacy rights
information privacy
data transmission
data sharing
日期 2012
上傳時間 2-Jan-2013 13:26:51 (UTC+8)
摘要 政府利用公權力掌握之個人資訊包羅萬象,舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達,使原本散置各處之資料,可以迅速連結、複製、處理、利用;而為了增加行政效率與減少成本,機關透過網路提供公眾服務日益頻繁,藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益,但是也伴隨許多挑戰,尤其當數機關必須共用資訊時,將使管理風險更添複雜與難度,一旦過程未加妥善管制,遭人竊取、竄改、滅失或洩露,不僅當事人隱私受損,也嚴重傷害政府威信。因此,凡持有個人資料的政府機關,均必須建立適當行政、技術與實體防護措施,以確保資料安全與隱密,避免任何可能危及資料真實之威脅與機會,而造成個人人格與公平之侵害。
     
       隨著全球經濟相互連結以及網路普及,個人資料保護如今已是國際事務,這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中,美國與英國關於資訊隱私法制發展有其不同歷史背景,目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法,以及預算管理局發布的相關指導方針;英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法,並且受獨立資訊官監督審核。此外,為了增加效率,減少錯誤、詐欺及降低個別系統維護成本,公務機關之間或不同層級政府所持有之個人資料流用有其必要性,故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下,我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定,機關內外監督機制亦付之闕如,使個人資料遭不當使用與揭露之風險提高。
     
      為了保障個人資訊隱私權,同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益,本研究建議立法或決策者可參酌美國與英國法制經驗,明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循,減少機關資訊流用莫衷一是的情況;而為保證個人資訊受到適當保護,除了事先獲得當事人同意外,機關進行資料共用之前,應由專業小組審核,至於考慮採取的相關重要措施尚有:(1)建置由政策、程序、人力與設備資源所組成之個人資訊管理系統(PIMS),並使成為整體資訊管理基礎設施的一部分;(2)指派高階官員負責施行及維護安全控制事項;(3)教育訓練人員增加風險意識,塑造良好組織文化;(4)諮詢利害關係人,界定共用資料範圍、目的與法律依據;(5)實施隱私衝擊評估(PIA),指出對個人隱私的潛在威脅並分析風險減緩替代方案;(6)簽定正式書面契約,詳述相關權利與義務;(7)執行內外稽核,監督法規遵循情況,提升機關決策透明、誠信與責任。
     
     關鍵詞:個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用
Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual .
     
     As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data.
     
     To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions.
     
     Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing
"第一章 緒論 1
     第一節  研究背景 1
     第二節  研究動機與目的 7
     第三節  研究範圍與架構 9
     第二章 我國公務機關之間傳輸個人資料保護規範 15
     第一節  憲法資訊自主權與資訊隱私權之形成 15
     第二節  個人資料保護法律之形成 19
     第三節  公務機關個人資料保護措施 32
     第四節  公務機關之間傳輸個人資料之依據 38
     第五節   小結 54 
     第三章 美國聯邦機關之間傳輸個人資料保護規範 57
     第一節  美國聯邦機關個人資料保護之法制基礎 57
     第二節  1974年隱私法 61 
     第三節  1988年電腦比對與隱私保護法 69
     第四節  2002年電子化政府法 76
     第五節  2002年聯邦資訊安全管理法 81
     第六節  監督與管理機制 85
     第七節  小結 96
     第四章 英國公務機關之間傳輸個人資料保護規範 99
     第一節  英國公務機關個人資料保護之法制基礎 99
     第二節  1998年資料保護法 102
     第三節  政府個人資料處理檢討報告 106
     第四節  資料共用實施規則 115
     第五節  小結 134
     第五章 結論與建議 137
     第一節 結論 137
     第二節 建議 144 
     參考資料 151
     "
參考文獻 參考資料
     一、中文資料(依作者姓氏筆劃排序)
     (一)專書
     1.李惠宗,憲法要義,5版,元照出版有限公司,2009年9月。
     2.李震山,人性尊嚴與人權保障,元照出版公司,2000年2月。
     3.陳敏,行政法總論,7版,新學林出版有限公司,2011年9月。
     4.許文義,個人資料保護法論,三民書局股份有限公司,2001年1月。
     5.廖福特,國際人權法-議題分析與國內實踐,2005年4月。
     (二)期刊文章
     1.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(上),台灣本土法學雜誌,96期,頁33-36,2007年。
     2.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(中),台灣本土法學雜誌,97期,頁28-50,2007年。
     3.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(下-1),台灣本土法學雜誌,99期,頁54-63,2007年。
     4.李震山,來者猶可追,正視個人資料保護問題-司法院大法官釋字第六○三號解釋評析,台灣本土法學,76期,頁222-234,2005年11月。
     5.李震山,論個人資料保護-以人體基因資訊為例,月旦法學雜誌,75期,頁18-19,2001年8月。
     6.李建良,「戶籍法第八條捺指紋規定」釋憲案鑑定意見書,台灣本土法學,73期,頁52,2005年8月。
     7.呂丁旺,淺析修正「個人資料保護法」,月旦法學雜誌,183期,頁139,2010年8月。
     8.邱祥榮,美國網路個人資訊隱私保護型態轉變之初探,全國律師,頁83-84,2000年12月。
     9.邱文聰,從資訊自決與資訊隱私的概念區分-評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌,168期,頁172-189,2009年5月。
     10.周慧蓮,資訊隱私保護爭議之國際化,月旦法學雜誌,104期,頁112-132,2004年1月。
     11.洪榮彬,「電腦處理個人資料保護法」簡介,月旦法學雜誌,6期,頁108-111,1995年10月。
     12.陳起行,資訊隱私權法理探討-以美國法為中心,政大法學評論,64期,頁297-341,2000年12月。
     13.劉靜怡,資訊隱私權保護的國際化爭議-從個人資料保護體制的規範協調到國際貿易規範的適用,月旦法學雜誌,86期,頁196-197,2002年7月。
     14.劉靜怡,隱私權:第一講-隱私權的哲學基礎、憲法保障及其相關辯論-過去、現在與未來,月旦法學教室,46期,頁41-49,2006年8月。
     15.劉靜怡,不算進步的立法:「個人資料保護法」初步評析,月旦法學雜誌,183期,頁147-164,2010年8月。
     16.劉定基,「個人資料保護法」初論,台灣法學雜誌,159期,頁1-8,2010年9月。
     17.劉定基,個人資料的定義、保護原則與個人資料保護法適用的例外-以監視錄影為例(上),月旦法學教室,115期,頁43-51,2012年5月。
     18.劉定基,個人資料的定義、保護原則與個人資料保護法適用的例外-以監視錄影為例(下),月旦法學教室,119期,頁48,2012年9月。
     19.劉佐國,我國個人資料隱私權益之保護-論「電腦處理個人資料保護法」之立法與修法過程,律師雜誌,307期,頁3-5,2005年4月。
     20.鍾文岳、鄭雯娗,公務機關適用個人資料保護法之今後方向與課題-以日本實務經驗為借鏡,萬國法律,181期,頁24-25、27-28,2012年2月。
     (三)論文
     1.王怡人,公務機關比對個人資料對資訊隱私權之可能影響,國立政治大學法學院碩士在職專班碩士論文,2009年8月。
     2.林詩韻,銀行國際傳輸客戶資料保護規範-以英國法為中心,國立政治大學法學院在職專班碩士論文,2012年1月。
     3.陳妍沂,美國財務資訊隱私權保護規定之研究,國立政治大學法學院在職專班碩士論文,2008年5月。
     4.詹文凱,隱私權之研究,台大法律研究所博士論文,1997年。
     5.熊愛卿,網際網路個人資料保護之研究,2000年7月。
     (四)其他
     1.立法院公報,83卷45期,頁521-524,1994年6月29日。
     2.立法院公報,84卷46期,頁356,1995年7月19日。
     3.立法院公報,97卷48期,頁115-119,2008年8月14日。
     4.立法院公報,99卷29期,頁168,2010年4月27日。
     5.李震山,個人資料保護與警察資料蒐集權之研究-以警察職權行使法第九條至第十三條之規定為中心,行政院國家科學委員會專題研究計畫成果報告,2005年10月30日。
     6.何志欽、李顯峰,美國政府內控及督察制度之研究,行政院主計處委託研究報告,2003年4月。
     7.法治斌,政府行政作為與隱私權之探討,行政院研究發展考核委員會委託研究報告,2000年7月。
     8.法務部電腦處理個人資料保護法解釋彚編,2010年10月。
     9.林桓、余啟民、簡榮宗、葉奇鑫,政府機關強化個人資料保護措施之研究,行政院研究發展考核委員會委託研究報告,2009年10月。
     10.財團法人資訊工業策進會,公務機關個人資料保護執行程序暨考核作業手冊,法務部公務機關個人資料保護方案計畫研究成果報告書,2012年5月。
     11.黃小玲,個資法衝擊分析與防護管理,行政院國家資通安全會報技術服務中心,頁56。
     12.劉靜怡,隱私權保障機制:以健保IC卡計畫為例,行政院研究發展考核委員會委託研究報告,2003年10月。
     (五)政府機關網站
     1.司法院http://www.judicial.gov.tw/constitutionalcourt/P03.asp。
     2.行政院主計總處http://www.dgbas.gov.tw/np.asp?ctNode=3333。
     3.行政院研究發展考核委員會http://www.rdec.gov.tw/mp100.htm。
     4.法務部http://www.humanrights.moj.gov.tw/mp200.html。
     5.審計部http://www.audit.gov.tw/Intro/Intro2011.pdf。
     6.監察院http://www.cy.gov.tw/np.asp?ctNode=869&mp=1。
     7.總統府http://www.president.gov.tw/Default.aspx?tabid=101。
     二、英文資料(作者及文件均依字母順序排列)
     (一)專書
     1.Andrew Murray, Information Technology Law– The law and society, Oxford University Press(2010).
     2.Colin J. Bennett and Charles D. Raab, The Governance of Privacy- Policy Instruments in Global Perspective, MIT Press(2006).
     3.Daniel J. Solove, The Digital Person:Technology and Privacy in the Information Age, NYU Press(2004).
     4.Daniel J. Solove and Paul M. Schwartz, Privacy, Information, and Technology, 2nd ed. Aspen Publishers(2009).
     5.John T. Soma and Stephen D. Rynerson, Privacy Law In A Nutshell, Thomson/West(2008).
     6.Paul M. Schwartz and Joel R. Reidenberg, Data Privacy Law(1996).
     7.Peter Carey, Data Protection in the UK, London: Blackstone Press Limited(2000).
     8.Paul M. Schwartz and Daniel J. Solove, Information Privacy- Statutes and Regulations 2008-2009, Aspen Publishers(2008).
     (二)網路期刊文章
     1.Avner Levin and Mary Jo Nicholson, Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground. University of Ottawa law & technology journal,2005.pp359-395, available at http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf(last visited March 2012).
     2.A. Michael Froomkin, Government Data Breaches, University of Miami Legal Studies Research Paper No. 2009, available at http://ssrn.com/abstract=1427964(last visited April 2012).
     3.An Introduction To ISO 27001 (ISO 27001), available at http://www.27000.org/ismsprocess.htm(last visited October 2012).
     4.About Plain English Campaign, available at http://www.plainenglish.co.uk/about-us.html(last visited September 2012).
     5.About the House Committee on Oversight and Government Reform, available at http://www.transitionjobs.us/about-house-committee-oversight-and-government-reform(last visited August 2012).
     6.BBC, UK`s families put on fraud alert (20 November 2007), available at http://news.bbc.co.uk/2/hi/uk_news/politics/7103566.stm(last visited September 2012).
     7.BBC, Second spy loses laptop(28 March 2000), available at http://news.bbc.co.uk/2/hi/uk_news/693011.stm(last visited August 2012).
     8.BBC, Secret terror files left on train(11 June 2008), available at http://news.bbc.co.uk/2/hi/uk_news/7449255.stm(last visited August 2012).
     9.Daniel J. Solove, The Origins and Growth of Information Privacy Law. PLI/PAT, Vol. 748, at 25-26(2003), available at http://ssrn.com/abstract=445181(last visited May 2012).
     10.Daniel J. Solove, A Brief History of Information Privacy Law. PROSKAUER ON PRIVACY, PLI, 2006; GWU Law School Public Law Research Paper No. 215, at 1-25, available at http://ssrn.com/abstract=914271(last visited April 2012).
     11.Douwe Korff, New Challenges to Data Protection Study-Country Report: United Kingdom, European Commission DG Justice, Freedom and Security Report, at 1(June 15, 2010), available at http://dx.doi.org/10.2139/ssrn.1638938(last visited April 2012).
     12.Edmund Burton, Report into the Loss of MOD Personal Data-For Permanent Under Secretary Ministry of Defence(30 April 2008), available at http://www.mod.uk/NR/rdonlyres/3E756D20-E762-4FC1-BAB0-08C68FDC2383/0/burton_review_rpt20080430.pdf(last visited September 2012).
     13.Eric Barendt, Privacy and Freedom of Speech: Balancing Two Rights, University Of Northampton Law Division, School of Social Sciences, Dialogues, at 9-10(11 May 2009), available at http://northampton.academia.edu/JamesRessel/Talks/6911/Privacy_and_Freedom_of_Speech_Balancing_Two_Rights(last visited June 2012).
     14.Hoofnagle, Chris Jay, New Challenges to Data Protection Study- Country Report: United States (January 20, 2010). European Commission Directorate-General Justice, Freedom and Security Report(May 2010), available at http://ssrn.com/abstract=1639161(last visited August 2012).
     15.IBM, Herman Hollerith, available at http://www-03.ibm.com/ibm/history/exhibits/builders/builders_hollerith.html(last visited May 2012).
     16.International Covenant on Civil and Political Rights, available at http://www2.ohchr.org/english/law/ccpr.htm#art17(last visited April 2012).
     17.John Cooper, Introduction to Data Protection and Privacy-The need for a law of privacy(8/18/2008), at 4-16, available at http://www.john-cooper.info/new_folder/Introduction%20to%20Data%20Protection%20and%20Privacy.pdf(last visited April 2012).
     18.James Ressel, Privacy and Freedom of Speech: Balancing Two Rights, University Of Northampton Law Division, School of Social Sciences, Dialogues(11 May 2009), available at http://northampton.academia.edu/JamesRessel/Talks/6911/Privacy_and_Freedom_of_Speech_Balancing_Two_Rights(last visited April 2012).
     19.The American Presidency Project , Memorandum on Electronic Government (17 December 1999), available at http://www.presidency.ucsb.edu/ws/index.php?pid=57094(last visited August 2012).
     20.Peter Swire, Testimony before the Senate Committee on Homeland Security and Governmental Affairs, Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia on the“State of Federal Privacy and Data Security Law: Lagging Behind the Times?” Available at http://www.americanprogressaction.org/issues/2012/07/pdf/swire_testimony.pdf(last visited August 2012).
     21.Paul Arveson, The Deming Cycle, available at http://www.balancedscorecard.org/TheDemingCycle/tabid/112/Default.aspx(last visited October 2012).
     22.Paul M. Schwartz and Karl-Nikolaus Peifer, Prosser`s Privacy and the German Right of Personality: Are Four Privacy Torts Better than One Unitary Concept? California Law Review, Vol. 98, p. 1925, 2010; UC Berkeley Public Law Research Paper, available at http://ssrn.com/abstract=1816885(last visited March 2012).
     23.Pinsent Masons, Watchdog issues Data Protection Guidance after landmark case(9 Feb 2004), available at http://www.out-law.com/page-4273(last visited October 2012).
     24.Privacy International, The 2007 International Privacy Ranking, https://www.privacyinternational.org/sites/privacyinternational.org/files/file-downloads/phrcomp_sort_0.pdf(last visited November 2012).
     25.Robert Gellman, Fair Information Practices: A Basic History, Version 1.87(February 23, 2012), available at http://bobgellman.com/rg-docs/rg-FIPShistory.pdf(last visited April 2012).
     26.Richard Thomas & Mark Walport, Data Sharing Review Report(11 July 2008), available at http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/links/datasharingreview.pdf(last visited September 2012).
     27.Ted Ritter, Some highlights of Poynter report on HMRC missing CDs(June 26, 2008), available at http://www.computerweekly.com/blogs/public-sector/2008/06/some-highlights-of-poynter-rep.html(last visited September 2012).
     28.Thomas J. Smedinghoff, The State of Information Security Law: A Focus on the Key Legal Trends (May 2008), available at http://dx.doi.org/10.2139/ssrn.1114246(last visited April 2012).
     29.Tom Zeller Jr., Breach Points Up Flaws in Privacy Laws, N.Y. Times(Feb 24, 2005), at A1, available at http://www.nytimes.com/2005/02/24/business/24datas.html(last visited April 2012).
     (三)政府機關網站
     1.APEC Privacy Framework, available at http://www.apec.org/Groups/Committee-on-Trade-and-Investment/~/media/Files/Groups/ECSG/05_ecsg_privacyframewk.ashx (last visited March 2012).
     2.American Institute in Taiwan, The Bill of Rights, Amendment IV, available at http://www.ait.org.tw/en/the-bill-of-rights.html(last visited July 2012).
     3.Council of Europe, Convention for the protection of Human Rights and Fundamental Freedoms, available at http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm(last visited April 2012).
     4.European Commission, Commission Decision 2001/497/EC of 15 June 2001 under the Directive 95/46/EC-O.J.L 181/19 of 4.7.2001, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:181:0019:0031:EN:PDF(last visited April 2012).
     5.EU, Charter of Fundamental Rights of the European Union, available at http://www.europarl.europa.eu/charter/pdf/text_en.pdf (last visited April 2012).
     6.European Commission, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML(last visited April 2012).
     7.OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data , available at http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html(last visited April 2012).
     8.U.S. Census Bureau, 1790 Overview, available at http://www.census.gov/history/www/through_the_decades/overview/1790.html(last visited June 2012).
     9.U.S. CRS Report for Congress, Federal Information Security and Data Breach Notification Laws, p.4-8(January 28, 2010), available at http://www.fas.org/sgp/crs/secrecy/RL34120.pdf(last visited April 2012).
     10.U.S. CIO Council, available at http://www.cio.gov/council-about.cfm/csec/1(last visited August 2012).
     11.U.S. Court of Appeals for the district of Columbia Circuit, Michael Sussman v. U.S. Marshals Service, available at http://www.cadc.uscourts.gov/internet/opinions.nsf/E94B1B7BAE4935098525744000455619/$file/06-5085b.pdf(last visited August 2012).
     12.U.S. Department of Health, Education, and Welfare, Records, Computers, and the Rights of Citizens- Report of the Secretary`s Advisory Committee on Automated Personal Data Systems, available at http://aspe.hhs.gov/datacncl/1973privacy/tocprefacemembers.htm(last visited April 2012).
     13.U.S. DOS, U.S. Government-The Three Branches, available at http://www.ait.org.tw/infousa/enus/government/govt_branches.html(last visited October 2012).
     14.U.S. DHS Privacy Office, Guide to Implementing Privacy, at 19(June 2010), available at http://www.dhs.gov/sites/default/files/publications/privacy/Reports/dhsprivacyoffice-guidetoimplementingprivacy.pdf(last visited October 2012).
     15.U.S. DHS, US-CERT Protects America’s Internet Infrastructure, available at http://www.us-cert.gov/reading_room/infosheet_US-CERT_v2.pdf(last visited August 2012).
     16.U.S. DOJ, E-Government Act of 2002, available at http://www.it.ojp.gov/default.aspx?area=privacy&page=1287#contentTop(last visited August 2012).
     17.U.S. DOJ, Overview of The Privacy Act of 1974, 2010 Edition, available at http://www.justice.gov/opcl/1974privacyact-overview.htm(last visited July 2012).
     18.U.S. DOJ, Federal Information Security Management Act (FISMA), General Provisions, available at http://www.it.ojp.gov/default.aspx?area=privacy&page=1287(last visited August 2012).
     19.U.S. DOJ, Applicability of the Privacy Act to the White House(September 8, 2000), available at http://www.justice.gov/olc/privacyact2.htm#N_1_(last visited May 2012).
     20.U.S. GAO, About GAO, available at http://www.gao.gov/about/index.html(last visited July 2012).
     21.U.S. GAO, Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information, GAO-08-795, at 1(June 18, 2008), available at http://www.gao.gov/assets/130/120407.pdf(last visited August 2012).
     22.U.S. GAO, Report to Congressional Committees-Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements, at 3-4;16-17, available at http://www.gao.gov/assets/590/585570.pdf(last visited August 2012).
     23.U.S. GAO, Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management, GAO-11-634, at 4-6(September 2011), available at http://www.gao.gov/new.items/d11634.pdf(last visited August 2012).
     24.U.S. GAO, Privacy: Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, at 2-3(May 2008), available at http://www.gao.gov/new.items/d08603.pdf(last visited August 2012).
     25.U.S. GAO, Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, at 4-7(May 2008), available at http://www.gao.gov/new.items/d08536.pdf(last visited August 2012).
     26.U.S. GAO, Privacy: Federal Law Should Be Updated to Address Changing Technology Landscape, GAO-12-961T, at 13(July 31, 2012), available at http://www.hsgac.senate.gov/subcommittees/oversight-of-government-management/hearings/state-of-federal-privacy-and-data-security-law-lagging-behind-the-times(last visited August 2012).
     27.U.S. GPO, Executive Order 13353 of August 27, 2004, Establishing the President’s Board on Safeguarding Americans’ Civil Liberties, available at http://www.gpo.gov/fdsys/pkg/FR-2004-09-01/pdf/04-20049.pdf(last visited August 2012).
     28.U.S. House Committee on Oversight and Government Reform, available at http://oversight.house.gov/about-the-watchdogs/(last visited October 2012).
     29.U.S. Library of Congress, H.R.2458 -- E-Government Act of 2002, available at http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.2458.ENR:(last visited August 2012).
     30.U.S. NIST General Information, available at http://www.nist.gov/public_affairs/general_information.cfm(last visited August 2012).
     31.U.S. OMB, M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, available at http://www.whitehouse.gov/omb/memoranda_m03-22(last visited August 2012).
     32.U.S. OMB, M-01-05 -- Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, available at http://www.whitehouse.gov/omb/memoranda_m01-05/#1(last visited August 2012).
     33.U.S. OMB, M-10-15, FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management, available at http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-15.pdf(last visited August 2012).
     34.U.S. OMB, M-10-28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security, available at http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-28.pdf(last visited August 2012).
     35.U.S. OMB, M-07-16 Safeguarding Against and Responding to the Breach of Personally Identifiable Information, available at http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2007/m07-16.pdf(last visited August 2012).
     36.U.S. OMB, M-05-08, Designation of Senior Agency Officials for Privacy, available at http://m.whitehouse.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-08.pdf(last visited August 2012).
     37.U.S. OMB, The Mission and Structure of the Office of Management and Budget, available at http://www.whitehouse.gov/omb/organization_mission/(last visited August 2012).
     38.U.S. Senate Committee on Homeland Security and Governmental Affairs, available at http://www.hsgac.senate.gov/about/history(last visited August 2012).
     39.U.S. Supreme Court, Federal Aviation Administration(FAA)v. Cooper(March 28, 2012), available at http://www.supremecourt.gov/opinions/11pdf/10-1024.pdf(last visited October 2012).
     40.U.S. The President’s Identity Theft Task Force, Combating Identity Theft: A Strategic Plan(April 2007), available at http://www.identitytheft.gov/reports/StrategicPlan.pdf(last visited April 2012).
     41.U.K. Cabinet Office, Data Handling Procedures in Government: Final Report(June 2008), available at http://www.cabinetoffice.gov.uk/sites/default/files/resources/final-report.pdf(last visited September 2012).
     42.U.K. Cabinet Office, Data Handling Procedures in Government: Interim Progress Report, available at http://www.cabinetoffice.gov.uk/sites/default/files/resources/data_handling-interim_0.pdf(last visited September 2012).
     43.U.K. ICO, Data Sharing Code of Practice, available at http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/data_sharing_code_of_practice.pdf(last visited April 2012).
     44.U.K. ICO, Privacy notices code of practice, available at http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/privacy_notices.aspx(last visited September 2012).
     45.U.K. ICO, The Guide to Data Protection, at 14, available at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_guide_to_data_protection.pdf(last visited September 2012).
     46.U.K. ICO, Data Protection Technical guidance note, Dealing with subject access requests involving other people’s information, available at http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/dealing_with_subject_access_requests_involving_other_peoples_information.pdf(last visited September 2012).
     47.U.K. ICO, Midlothian Council handed penalty for five serious data breaches(30 January 2012), available at http://www.ico.gov.uk/news/latest_news/2012/midlothian-council-handed-penalty-five-serious-data-breaches-30012012.aspx(last visited September 2012).
     48.U.K. ICO, Council fined £250,000 after employee records found in supermarket car park bin(11 September 2012), available at http://www.ico.gov.uk/news/latest_news/2012/council-fined-250000-after-employee-records-found-in-supermarket-car-park-recycle-bin-11092012.aspx(last visited September 2012).
     49.U.K. ICO, A Quick ‘How to Comply’ Checklist, available at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/geting_it_right_-_how_to_comply_checklist.pdf(last visited September 2012).
     50.U.K. ICO, Compulsory audit powers needed for local government, the NHS and the private sector, News release(13 October 2011), available at http://www.ico.gov.uk/news/latest_news/2011/compulsory-audit-powers-needed-for-local-government-nhs-and-private-sector-13102011.aspx(last visited September 2012).
     51.U.K. ICO, Powys County Council fined £130,000 for disclosing child protection case(6 December 2011), available at http://www.ico.gov.uk/news/latest_news/2011/powys-county-council-fined-for-disclosing-child-protection-case-details-06122011.aspx(last visited September 2012).
     52.U.K. Legislation, Data Protection Act 1998, available at www.hmso.gov.uk/acts/acts1998/19980029.htm(last visited April 2012).
     53.U.K. MOJ, Response to the Data Sharing Review Report(24 November 2008), available at http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/links/datasharingresp.pdf(last visited September 2012).
     54.U.K. MOJ, Undertaking Privacy Impact Assessment: The Data Protection Act 1998(13 August 2010), available at http://www.justice.gov.uk/downloads/information-access-rights/data-protection-act/pia-guidance-08-10.pdf(last visited September 2012).
     55.U.K. MOJ, Data Sharing Protocol (DSP)for the sharing of personal data between department/public sector organization “x” and department/public sector organization “y”), available at http://www.justice.gov.uk/downloads/information-access-rights/data-sharing/data-sharing-protocol-template.doc(last visited September 2012).
     56.U.K. ONS, 200 years of the census , available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/200-years-of-the-census/index.html(last visited May 2012).
     57.U.K. ONS, The Domesday Book, available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/early-census-taking-in-England-and-Wales/index.html(last visited May 2012).
     58.U.K. ONS, The modern census , available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/the-modern-census/index.html(last visited May 2012).
     59.U.K. ONS, Census-taking in the ancient world, available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/census-taking-in-the-ancient-world/index.html(last visited May 2012).
     60.U.K. Parliament, Public Accounts Committee- role, available at http://www.parliament.uk/pac/(last visited September 2012).
     61.U.K. Parliament, White Paper, available at http://www.parliament.uk/site-information/glossary/white-paper/(last visited June 2012).
     62.U.K., the `Tell Us Once` service, available at http://www.direct.gov.uk/en/Nl1/Newsroom/DG_188740?CID=GCR&PLA=url_mon&CRE=death_tuo(last visited September 2012).
     63.UN, International Covenant on Civil and Political Rights, available at http://www2.ohchr.org/english/law/ccpr.htm#art17(last visited April 2012).
     64.UN, Universal Declaration of Human Right, available at http://www.un.org/en/documents/udhr/index.shtml(last visited April 2012).
描述 碩士
國立政治大學
法學院碩士在職專班
98961204
101
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0098961204
資料類型 thesis
dc.contributor.advisor 陳起行zh_TW
dc.contributor.advisor Chen, Chi Shingen_US
dc.contributor.author (Authors) 林美婉zh_TW
dc.contributor.author (Authors) Lin, Mei Wanen_US
dc.creator (作者) 林美婉zh_TW
dc.creator (作者) Lin, Mei Wanen_US
dc.date (日期) 2012en_US
dc.date.accessioned 2-Jan-2013 13:26:51 (UTC+8)-
dc.date.available 2-Jan-2013 13:26:51 (UTC+8)-
dc.date.issued (上傳時間) 2-Jan-2013 13:26:51 (UTC+8)-
dc.identifier (Other Identifiers) G0098961204en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/56535-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 法學院碩士在職專班zh_TW
dc.description (描述) 98961204zh_TW
dc.description (描述) 101zh_TW
dc.description.abstract (摘要) 政府利用公權力掌握之個人資訊包羅萬象,舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達,使原本散置各處之資料,可以迅速連結、複製、處理、利用;而為了增加行政效率與減少成本,機關透過網路提供公眾服務日益頻繁,藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益,但是也伴隨許多挑戰,尤其當數機關必須共用資訊時,將使管理風險更添複雜與難度,一旦過程未加妥善管制,遭人竊取、竄改、滅失或洩露,不僅當事人隱私受損,也嚴重傷害政府威信。因此,凡持有個人資料的政府機關,均必須建立適當行政、技術與實體防護措施,以確保資料安全與隱密,避免任何可能危及資料真實之威脅與機會,而造成個人人格與公平之侵害。
     
       隨著全球經濟相互連結以及網路普及,個人資料保護如今已是國際事務,這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中,美國與英國關於資訊隱私法制發展有其不同歷史背景,目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法,以及預算管理局發布的相關指導方針;英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法,並且受獨立資訊官監督審核。此外,為了增加效率,減少錯誤、詐欺及降低個別系統維護成本,公務機關之間或不同層級政府所持有之個人資料流用有其必要性,故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下,我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定,機關內外監督機制亦付之闕如,使個人資料遭不當使用與揭露之風險提高。
     
      為了保障個人資訊隱私權,同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益,本研究建議立法或決策者可參酌美國與英國法制經驗,明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循,減少機關資訊流用莫衷一是的情況;而為保證個人資訊受到適當保護,除了事先獲得當事人同意外,機關進行資料共用之前,應由專業小組審核,至於考慮採取的相關重要措施尚有:(1)建置由政策、程序、人力與設備資源所組成之個人資訊管理系統(PIMS),並使成為整體資訊管理基礎設施的一部分;(2)指派高階官員負責施行及維護安全控制事項;(3)教育訓練人員增加風險意識,塑造良好組織文化;(4)諮詢利害關係人,界定共用資料範圍、目的與法律依據;(5)實施隱私衝擊評估(PIA),指出對個人隱私的潛在威脅並分析風險減緩替代方案;(6)簽定正式書面契約,詳述相關權利與義務;(7)執行內外稽核,監督法規遵循情況,提升機關決策透明、誠信與責任。
     
     關鍵詞:個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用		zh_TW
dc.description.abstract (摘要) Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual .
     
     As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data.
     
     To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions.
     
     Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing		en_US
dc.description.abstract (摘要) "第一章 緒論 1
     第一節  研究背景 1
     第二節  研究動機與目的 7
     第三節  研究範圍與架構 9
     第二章 我國公務機關之間傳輸個人資料保護規範 15
     第一節  憲法資訊自主權與資訊隱私權之形成 15
     第二節  個人資料保護法律之形成 19
     第三節  公務機關個人資料保護措施 32
     第四節  公務機關之間傳輸個人資料之依據 38
     第五節   小結 54 
     第三章 美國聯邦機關之間傳輸個人資料保護規範 57
     第一節  美國聯邦機關個人資料保護之法制基礎 57
     第二節  1974年隱私法 61 
     第三節  1988年電腦比對與隱私保護法 69
     第四節  2002年電子化政府法 76
     第五節  2002年聯邦資訊安全管理法 81
     第六節  監督與管理機制 85
     第七節  小結 96
     第四章 英國公務機關之間傳輸個人資料保護規範 99
     第一節  英國公務機關個人資料保護之法制基礎 99
     第二節  1998年資料保護法 102
     第三節  政府個人資料處理檢討報告 106
     第四節  資料共用實施規則 115
     第五節  小結 134
     第五章 結論與建議 137
     第一節 結論 137
     第二節 建議 144 
     參考資料 151
     "		-
dc.description.tableofcontents 第一章 緒論 1
     第一節  研究背景 1
     第二節  研究動機與目的 7
     第三節  研究範圍與架構 9
     第二章 我國公務機關之間傳輸個人資料保護規範 15
     第一節  憲法資訊自主權與資訊隱私權之形成 15
     第二節  個人資料保護法律之形成 19
     第三節  公務機關個人資料保護措施 32
     第四節  公務機關之間傳輸個人資料之依據 38
     第五節   小結 54 
     第三章 美國聯邦機關之間傳輸個人資料保護規範 57
     第一節  美國聯邦機關個人資料保護之法制基礎 57
     第二節  1974年隱私法 61 
     第三節  1988年電腦比對與隱私保護法 69
     第四節  2002年電子化政府法 76
     第五節  2002年聯邦資訊安全管理法 81
     第六節  監督與管理機制 85
     第七節  小結 96
     第四章 英國公務機關之間傳輸個人資料保護規範 99
     第一節  英國公務機關個人資料保護之法制基礎 99
     第二節  1998年資料保護法 102
     第三節  政府個人資料處理檢討報告 106
     第四節  資料共用實施規則 115
     第五節  小結 134
     第五章 結論與建議 137
     第一節 結論 137
     第二節 建議 144 
     參考資料 151		zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0098961204en_US
dc.subject (關鍵詞) 個人資料保護zh_TW
dc.subject (關鍵詞) 隱私權zh_TW
dc.subject (關鍵詞) 資訊隱私zh_TW
dc.subject (關鍵詞) 資料傳輸zh_TW
dc.subject (關鍵詞) 資料共用zh_TW
dc.subject (關鍵詞) personal data protectionen_US
dc.subject (關鍵詞) privacy rightsen_US
dc.subject (關鍵詞) information privacyen_US
dc.subject (關鍵詞) data transmissionen_US
dc.subject (關鍵詞) data sharingen_US
dc.title (題名) 公務機關之間傳輸個人資料保護規範之研究-以我國、美國及英國法為中心zh_TW
dc.title (題名) A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K.en_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) 參考資料
     一、中文資料(依作者姓氏筆劃排序)
     (一)專書
     1.李惠宗,憲法要義,5版,元照出版有限公司,2009年9月。
     2.李震山,人性尊嚴與人權保障,元照出版公司,2000年2月。
     3.陳敏,行政法總論,7版,新學林出版有限公司,2011年9月。
     4.許文義,個人資料保護法論,三民書局股份有限公司,2001年1月。
     5.廖福特,國際人權法-議題分析與國內實踐,2005年4月。
     (二)期刊文章
     1.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(上),台灣本土法學雜誌,96期,頁33-36,2007年。
     2.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(中),台灣本土法學雜誌,97期,頁28-50,2007年。
     3.王澤鑑,人格權保護的課題與展望(三)-人格權的具體化及保護範圍(6)-隱私權(下-1),台灣本土法學雜誌,99期,頁54-63,2007年。
     4.李震山,來者猶可追,正視個人資料保護問題-司法院大法官釋字第六○三號解釋評析,台灣本土法學,76期,頁222-234,2005年11月。
     5.李震山,論個人資料保護-以人體基因資訊為例,月旦法學雜誌,75期,頁18-19,2001年8月。
     6.李建良,「戶籍法第八條捺指紋規定」釋憲案鑑定意見書,台灣本土法學,73期,頁52,2005年8月。
     7.呂丁旺,淺析修正「個人資料保護法」,月旦法學雜誌,183期,頁139,2010年8月。
     8.邱祥榮,美國網路個人資訊隱私保護型態轉變之初探,全國律師,頁83-84,2000年12月。
     9.邱文聰,從資訊自決與資訊隱私的概念區分-評「電腦處理個人資料保護法修正草案」的結構性問題,月旦法學雜誌,168期,頁172-189,2009年5月。
     10.周慧蓮,資訊隱私保護爭議之國際化,月旦法學雜誌,104期,頁112-132,2004年1月。
     11.洪榮彬,「電腦處理個人資料保護法」簡介,月旦法學雜誌,6期,頁108-111,1995年10月。
     12.陳起行,資訊隱私權法理探討-以美國法為中心,政大法學評論,64期,頁297-341,2000年12月。
     13.劉靜怡,資訊隱私權保護的國際化爭議-從個人資料保護體制的規範協調到國際貿易規範的適用,月旦法學雜誌,86期,頁196-197,2002年7月。
     14.劉靜怡,隱私權:第一講-隱私權的哲學基礎、憲法保障及其相關辯論-過去、現在與未來,月旦法學教室,46期,頁41-49,2006年8月。
     15.劉靜怡,不算進步的立法:「個人資料保護法」初步評析,月旦法學雜誌,183期,頁147-164,2010年8月。
     16.劉定基,「個人資料保護法」初論,台灣法學雜誌,159期,頁1-8,2010年9月。
     17.劉定基,個人資料的定義、保護原則與個人資料保護法適用的例外-以監視錄影為例(上),月旦法學教室,115期,頁43-51,2012年5月。
     18.劉定基,個人資料的定義、保護原則與個人資料保護法適用的例外-以監視錄影為例(下),月旦法學教室,119期,頁48,2012年9月。
     19.劉佐國,我國個人資料隱私權益之保護-論「電腦處理個人資料保護法」之立法與修法過程,律師雜誌,307期,頁3-5,2005年4月。
     20.鍾文岳、鄭雯娗,公務機關適用個人資料保護法之今後方向與課題-以日本實務經驗為借鏡,萬國法律,181期,頁24-25、27-28,2012年2月。
     (三)論文
     1.王怡人,公務機關比對個人資料對資訊隱私權之可能影響,國立政治大學法學院碩士在職專班碩士論文,2009年8月。
     2.林詩韻,銀行國際傳輸客戶資料保護規範-以英國法為中心,國立政治大學法學院在職專班碩士論文,2012年1月。
     3.陳妍沂,美國財務資訊隱私權保護規定之研究,國立政治大學法學院在職專班碩士論文,2008年5月。
     4.詹文凱,隱私權之研究,台大法律研究所博士論文,1997年。
     5.熊愛卿,網際網路個人資料保護之研究,2000年7月。
     (四)其他
     1.立法院公報,83卷45期,頁521-524,1994年6月29日。
     2.立法院公報,84卷46期,頁356,1995年7月19日。
     3.立法院公報,97卷48期,頁115-119,2008年8月14日。
     4.立法院公報,99卷29期,頁168,2010年4月27日。
     5.李震山,個人資料保護與警察資料蒐集權之研究-以警察職權行使法第九條至第十三條之規定為中心,行政院國家科學委員會專題研究計畫成果報告,2005年10月30日。
     6.何志欽、李顯峰,美國政府內控及督察制度之研究,行政院主計處委託研究報告,2003年4月。
     7.法治斌,政府行政作為與隱私權之探討,行政院研究發展考核委員會委託研究報告,2000年7月。
     8.法務部電腦處理個人資料保護法解釋彚編,2010年10月。
     9.林桓、余啟民、簡榮宗、葉奇鑫,政府機關強化個人資料保護措施之研究,行政院研究發展考核委員會委託研究報告,2009年10月。
     10.財團法人資訊工業策進會,公務機關個人資料保護執行程序暨考核作業手冊,法務部公務機關個人資料保護方案計畫研究成果報告書,2012年5月。
     11.黃小玲,個資法衝擊分析與防護管理,行政院國家資通安全會報技術服務中心,頁56。
     12.劉靜怡,隱私權保障機制:以健保IC卡計畫為例,行政院研究發展考核委員會委託研究報告,2003年10月。
     (五)政府機關網站
     1.司法院http://www.judicial.gov.tw/constitutionalcourt/P03.asp。
     2.行政院主計總處http://www.dgbas.gov.tw/np.asp?ctNode=3333。
     3.行政院研究發展考核委員會http://www.rdec.gov.tw/mp100.htm。
     4.法務部http://www.humanrights.moj.gov.tw/mp200.html。
     5.審計部http://www.audit.gov.tw/Intro/Intro2011.pdf。
     6.監察院http://www.cy.gov.tw/np.asp?ctNode=869&mp=1。
     7.總統府http://www.president.gov.tw/Default.aspx?tabid=101。
     二、英文資料(作者及文件均依字母順序排列)
     (一)專書
     1.Andrew Murray, Information Technology Law– The law and society, Oxford University Press(2010).
     2.Colin J. Bennett and Charles D. Raab, The Governance of Privacy- Policy Instruments in Global Perspective, MIT Press(2006).
     3.Daniel J. Solove, The Digital Person:Technology and Privacy in the Information Age, NYU Press(2004).
     4.Daniel J. Solove and Paul M. Schwartz, Privacy, Information, and Technology, 2nd ed. Aspen Publishers(2009).
     5.John T. Soma and Stephen D. Rynerson, Privacy Law In A Nutshell, Thomson/West(2008).
     6.Paul M. Schwartz and Joel R. Reidenberg, Data Privacy Law(1996).
     7.Peter Carey, Data Protection in the UK, London: Blackstone Press Limited(2000).
     8.Paul M. Schwartz and Daniel J. Solove, Information Privacy- Statutes and Regulations 2008-2009, Aspen Publishers(2008).
     (二)網路期刊文章
     1.Avner Levin and Mary Jo Nicholson, Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground. University of Ottawa law & technology journal,2005.pp359-395, available at http://www.uoltj.ca/articles/vol2.2/2005.2.2.uoltj.Levin.357-395.pdf(last visited March 2012).
     2.A. Michael Froomkin, Government Data Breaches, University of Miami Legal Studies Research Paper No. 2009, available at http://ssrn.com/abstract=1427964(last visited April 2012).
     3.An Introduction To ISO 27001 (ISO 27001), available at http://www.27000.org/ismsprocess.htm(last visited October 2012).
     4.About Plain English Campaign, available at http://www.plainenglish.co.uk/about-us.html(last visited September 2012).
     5.About the House Committee on Oversight and Government Reform, available at http://www.transitionjobs.us/about-house-committee-oversight-and-government-reform(last visited August 2012).
     6.BBC, UK`s families put on fraud alert (20 November 2007), available at http://news.bbc.co.uk/2/hi/uk_news/politics/7103566.stm(last visited September 2012).
     7.BBC, Second spy loses laptop(28 March 2000), available at http://news.bbc.co.uk/2/hi/uk_news/693011.stm(last visited August 2012).
     8.BBC, Secret terror files left on train(11 June 2008), available at http://news.bbc.co.uk/2/hi/uk_news/7449255.stm(last visited August 2012).
     9.Daniel J. Solove, The Origins and Growth of Information Privacy Law. PLI/PAT, Vol. 748, at 25-26(2003), available at http://ssrn.com/abstract=445181(last visited May 2012).
     10.Daniel J. Solove, A Brief History of Information Privacy Law. PROSKAUER ON PRIVACY, PLI, 2006; GWU Law School Public Law Research Paper No. 215, at 1-25, available at http://ssrn.com/abstract=914271(last visited April 2012).
     11.Douwe Korff, New Challenges to Data Protection Study-Country Report: United Kingdom, European Commission DG Justice, Freedom and Security Report, at 1(June 15, 2010), available at http://dx.doi.org/10.2139/ssrn.1638938(last visited April 2012).
     12.Edmund Burton, Report into the Loss of MOD Personal Data-For Permanent Under Secretary Ministry of Defence(30 April 2008), available at http://www.mod.uk/NR/rdonlyres/3E756D20-E762-4FC1-BAB0-08C68FDC2383/0/burton_review_rpt20080430.pdf(last visited September 2012).
     13.Eric Barendt, Privacy and Freedom of Speech: Balancing Two Rights, University Of Northampton Law Division, School of Social Sciences, Dialogues, at 9-10(11 May 2009), available at http://northampton.academia.edu/JamesRessel/Talks/6911/Privacy_and_Freedom_of_Speech_Balancing_Two_Rights(last visited June 2012).
     14.Hoofnagle, Chris Jay, New Challenges to Data Protection Study- Country Report: United States (January 20, 2010). European Commission Directorate-General Justice, Freedom and Security Report(May 2010), available at http://ssrn.com/abstract=1639161(last visited August 2012).
     15.IBM, Herman Hollerith, available at http://www-03.ibm.com/ibm/history/exhibits/builders/builders_hollerith.html(last visited May 2012).
     16.International Covenant on Civil and Political Rights, available at http://www2.ohchr.org/english/law/ccpr.htm#art17(last visited April 2012).
     17.John Cooper, Introduction to Data Protection and Privacy-The need for a law of privacy(8/18/2008), at 4-16, available at http://www.john-cooper.info/new_folder/Introduction%20to%20Data%20Protection%20and%20Privacy.pdf(last visited April 2012).
     18.James Ressel, Privacy and Freedom of Speech: Balancing Two Rights, University Of Northampton Law Division, School of Social Sciences, Dialogues(11 May 2009), available at http://northampton.academia.edu/JamesRessel/Talks/6911/Privacy_and_Freedom_of_Speech_Balancing_Two_Rights(last visited April 2012).
     19.The American Presidency Project , Memorandum on Electronic Government (17 December 1999), available at http://www.presidency.ucsb.edu/ws/index.php?pid=57094(last visited August 2012).
     20.Peter Swire, Testimony before the Senate Committee on Homeland Security and Governmental Affairs, Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia on the“State of Federal Privacy and Data Security Law: Lagging Behind the Times?” Available at http://www.americanprogressaction.org/issues/2012/07/pdf/swire_testimony.pdf(last visited August 2012).
     21.Paul Arveson, The Deming Cycle, available at http://www.balancedscorecard.org/TheDemingCycle/tabid/112/Default.aspx(last visited October 2012).
     22.Paul M. Schwartz and Karl-Nikolaus Peifer, Prosser`s Privacy and the German Right of Personality: Are Four Privacy Torts Better than One Unitary Concept? California Law Review, Vol. 98, p. 1925, 2010; UC Berkeley Public Law Research Paper, available at http://ssrn.com/abstract=1816885(last visited March 2012).
     23.Pinsent Masons, Watchdog issues Data Protection Guidance after landmark case(9 Feb 2004), available at http://www.out-law.com/page-4273(last visited October 2012).
     24.Privacy International, The 2007 International Privacy Ranking, https://www.privacyinternational.org/sites/privacyinternational.org/files/file-downloads/phrcomp_sort_0.pdf(last visited November 2012).
     25.Robert Gellman, Fair Information Practices: A Basic History, Version 1.87(February 23, 2012), available at http://bobgellman.com/rg-docs/rg-FIPShistory.pdf(last visited April 2012).
     26.Richard Thomas & Mark Walport, Data Sharing Review Report(11 July 2008), available at http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/links/datasharingreview.pdf(last visited September 2012).
     27.Ted Ritter, Some highlights of Poynter report on HMRC missing CDs(June 26, 2008), available at http://www.computerweekly.com/blogs/public-sector/2008/06/some-highlights-of-poynter-rep.html(last visited September 2012).
     28.Thomas J. Smedinghoff, The State of Information Security Law: A Focus on the Key Legal Trends (May 2008), available at http://dx.doi.org/10.2139/ssrn.1114246(last visited April 2012).
     29.Tom Zeller Jr., Breach Points Up Flaws in Privacy Laws, N.Y. Times(Feb 24, 2005), at A1, available at http://www.nytimes.com/2005/02/24/business/24datas.html(last visited April 2012).
     (三)政府機關網站
     1.APEC Privacy Framework, available at http://www.apec.org/Groups/Committee-on-Trade-and-Investment/~/media/Files/Groups/ECSG/05_ecsg_privacyframewk.ashx (last visited March 2012).
     2.American Institute in Taiwan, The Bill of Rights, Amendment IV, available at http://www.ait.org.tw/en/the-bill-of-rights.html(last visited July 2012).
     3.Council of Europe, Convention for the protection of Human Rights and Fundamental Freedoms, available at http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm(last visited April 2012).
     4.European Commission, Commission Decision 2001/497/EC of 15 June 2001 under the Directive 95/46/EC-O.J.L 181/19 of 4.7.2001, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:181:0019:0031:EN:PDF(last visited April 2012).
     5.EU, Charter of Fundamental Rights of the European Union, available at http://www.europarl.europa.eu/charter/pdf/text_en.pdf (last visited April 2012).
     6.European Commission, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML(last visited April 2012).
     7.OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data , available at http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html(last visited April 2012).
     8.U.S. Census Bureau, 1790 Overview, available at http://www.census.gov/history/www/through_the_decades/overview/1790.html(last visited June 2012).
     9.U.S. CRS Report for Congress, Federal Information Security and Data Breach Notification Laws, p.4-8(January 28, 2010), available at http://www.fas.org/sgp/crs/secrecy/RL34120.pdf(last visited April 2012).
     10.U.S. CIO Council, available at http://www.cio.gov/council-about.cfm/csec/1(last visited August 2012).
     11.U.S. Court of Appeals for the district of Columbia Circuit, Michael Sussman v. U.S. Marshals Service, available at http://www.cadc.uscourts.gov/internet/opinions.nsf/E94B1B7BAE4935098525744000455619/$file/06-5085b.pdf(last visited August 2012).
     12.U.S. Department of Health, Education, and Welfare, Records, Computers, and the Rights of Citizens- Report of the Secretary`s Advisory Committee on Automated Personal Data Systems, available at http://aspe.hhs.gov/datacncl/1973privacy/tocprefacemembers.htm(last visited April 2012).
     13.U.S. DOS, U.S. Government-The Three Branches, available at http://www.ait.org.tw/infousa/enus/government/govt_branches.html(last visited October 2012).
     14.U.S. DHS Privacy Office, Guide to Implementing Privacy, at 19(June 2010), available at http://www.dhs.gov/sites/default/files/publications/privacy/Reports/dhsprivacyoffice-guidetoimplementingprivacy.pdf(last visited October 2012).
     15.U.S. DHS, US-CERT Protects America’s Internet Infrastructure, available at http://www.us-cert.gov/reading_room/infosheet_US-CERT_v2.pdf(last visited August 2012).
     16.U.S. DOJ, E-Government Act of 2002, available at http://www.it.ojp.gov/default.aspx?area=privacy&page=1287#contentTop(last visited August 2012).
     17.U.S. DOJ, Overview of The Privacy Act of 1974, 2010 Edition, available at http://www.justice.gov/opcl/1974privacyact-overview.htm(last visited July 2012).
     18.U.S. DOJ, Federal Information Security Management Act (FISMA), General Provisions, available at http://www.it.ojp.gov/default.aspx?area=privacy&page=1287(last visited August 2012).
     19.U.S. DOJ, Applicability of the Privacy Act to the White House(September 8, 2000), available at http://www.justice.gov/olc/privacyact2.htm#N_1_(last visited May 2012).
     20.U.S. GAO, About GAO, available at http://www.gao.gov/about/index.html(last visited July 2012).
     21.U.S. GAO, Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information, GAO-08-795, at 1(June 18, 2008), available at http://www.gao.gov/assets/130/120407.pdf(last visited August 2012).
     22.U.S. GAO, Report to Congressional Committees-Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements, at 3-4;16-17, available at http://www.gao.gov/assets/590/585570.pdf(last visited August 2012).
     23.U.S. GAO, Federal Chief Information Officers: Opportunities Exist to Improve Role in Information Technology Management, GAO-11-634, at 4-6(September 2011), available at http://www.gao.gov/new.items/d11634.pdf(last visited August 2012).
     24.U.S. GAO, Privacy: Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, at 2-3(May 2008), available at http://www.gao.gov/new.items/d08603.pdf(last visited August 2012).
     25.U.S. GAO, Privacy: Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, at 4-7(May 2008), available at http://www.gao.gov/new.items/d08536.pdf(last visited August 2012).
     26.U.S. GAO, Privacy: Federal Law Should Be Updated to Address Changing Technology Landscape, GAO-12-961T, at 13(July 31, 2012), available at http://www.hsgac.senate.gov/subcommittees/oversight-of-government-management/hearings/state-of-federal-privacy-and-data-security-law-lagging-behind-the-times(last visited August 2012).
     27.U.S. GPO, Executive Order 13353 of August 27, 2004, Establishing the President’s Board on Safeguarding Americans’ Civil Liberties, available at http://www.gpo.gov/fdsys/pkg/FR-2004-09-01/pdf/04-20049.pdf(last visited August 2012).
     28.U.S. House Committee on Oversight and Government Reform, available at http://oversight.house.gov/about-the-watchdogs/(last visited October 2012).
     29.U.S. Library of Congress, H.R.2458 -- E-Government Act of 2002, available at http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.2458.ENR:(last visited August 2012).
     30.U.S. NIST General Information, available at http://www.nist.gov/public_affairs/general_information.cfm(last visited August 2012).
     31.U.S. OMB, M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, available at http://www.whitehouse.gov/omb/memoranda_m03-22(last visited August 2012).
     32.U.S. OMB, M-01-05 -- Guidance on Inter-Agency Sharing of Personal Data - Protecting Personal Privacy, available at http://www.whitehouse.gov/omb/memoranda_m01-05/#1(last visited August 2012).
     33.U.S. OMB, M-10-15, FY 2010 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management, available at http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-15.pdf(last visited August 2012).
     34.U.S. OMB, M-10-28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security, available at http://www.whitehouse.gov/sites/default/files/omb/assets/memoranda_2010/m10-28.pdf(last visited August 2012).
     35.U.S. OMB, M-07-16 Safeguarding Against and Responding to the Breach of Personally Identifiable Information, available at http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2007/m07-16.pdf(last visited August 2012).
     36.U.S. OMB, M-05-08, Designation of Senior Agency Officials for Privacy, available at http://m.whitehouse.gov/sites/default/files/omb/assets/omb/memoranda/fy2005/m05-08.pdf(last visited August 2012).
     37.U.S. OMB, The Mission and Structure of the Office of Management and Budget, available at http://www.whitehouse.gov/omb/organization_mission/(last visited August 2012).
     38.U.S. Senate Committee on Homeland Security and Governmental Affairs, available at http://www.hsgac.senate.gov/about/history(last visited August 2012).
     39.U.S. Supreme Court, Federal Aviation Administration(FAA)v. Cooper(March 28, 2012), available at http://www.supremecourt.gov/opinions/11pdf/10-1024.pdf(last visited October 2012).
     40.U.S. The President’s Identity Theft Task Force, Combating Identity Theft: A Strategic Plan(April 2007), available at http://www.identitytheft.gov/reports/StrategicPlan.pdf(last visited April 2012).
     41.U.K. Cabinet Office, Data Handling Procedures in Government: Final Report(June 2008), available at http://www.cabinetoffice.gov.uk/sites/default/files/resources/final-report.pdf(last visited September 2012).
     42.U.K. Cabinet Office, Data Handling Procedures in Government: Interim Progress Report, available at http://www.cabinetoffice.gov.uk/sites/default/files/resources/data_handling-interim_0.pdf(last visited September 2012).
     43.U.K. ICO, Data Sharing Code of Practice, available at http://www.ico.gov.uk/~/media/documents/library/Data_Protection/Detailed_specialist_guides/data_sharing_code_of_practice.pdf(last visited April 2012).
     44.U.K. ICO, Privacy notices code of practice, available at http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/privacy_notices.aspx(last visited September 2012).
     45.U.K. ICO, The Guide to Data Protection, at 14, available at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_guide_to_data_protection.pdf(last visited September 2012).
     46.U.K. ICO, Data Protection Technical guidance note, Dealing with subject access requests involving other people’s information, available at http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/dealing_with_subject_access_requests_involving_other_peoples_information.pdf(last visited September 2012).
     47.U.K. ICO, Midlothian Council handed penalty for five serious data breaches(30 January 2012), available at http://www.ico.gov.uk/news/latest_news/2012/midlothian-council-handed-penalty-five-serious-data-breaches-30012012.aspx(last visited September 2012).
     48.U.K. ICO, Council fined £250,000 after employee records found in supermarket car park bin(11 September 2012), available at http://www.ico.gov.uk/news/latest_news/2012/council-fined-250000-after-employee-records-found-in-supermarket-car-park-recycle-bin-11092012.aspx(last visited September 2012).
     49.U.K. ICO, A Quick ‘How to Comply’ Checklist, available at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/geting_it_right_-_how_to_comply_checklist.pdf(last visited September 2012).
     50.U.K. ICO, Compulsory audit powers needed for local government, the NHS and the private sector, News release(13 October 2011), available at http://www.ico.gov.uk/news/latest_news/2011/compulsory-audit-powers-needed-for-local-government-nhs-and-private-sector-13102011.aspx(last visited September 2012).
     51.U.K. ICO, Powys County Council fined £130,000 for disclosing child protection case(6 December 2011), available at http://www.ico.gov.uk/news/latest_news/2011/powys-county-council-fined-for-disclosing-child-protection-case-details-06122011.aspx(last visited September 2012).
     52.U.K. Legislation, Data Protection Act 1998, available at www.hmso.gov.uk/acts/acts1998/19980029.htm(last visited April 2012).
     53.U.K. MOJ, Response to the Data Sharing Review Report(24 November 2008), available at http://www.connectingforhealth.nhs.uk/systemsandservices/infogov/links/datasharingresp.pdf(last visited September 2012).
     54.U.K. MOJ, Undertaking Privacy Impact Assessment: The Data Protection Act 1998(13 August 2010), available at http://www.justice.gov.uk/downloads/information-access-rights/data-protection-act/pia-guidance-08-10.pdf(last visited September 2012).
     55.U.K. MOJ, Data Sharing Protocol (DSP)for the sharing of personal data between department/public sector organization “x” and department/public sector organization “y”), available at http://www.justice.gov.uk/downloads/information-access-rights/data-sharing/data-sharing-protocol-template.doc(last visited September 2012).
     56.U.K. ONS, 200 years of the census , available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/200-years-of-the-census/index.html(last visited May 2012).
     57.U.K. ONS, The Domesday Book, available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/early-census-taking-in-England-and-Wales/index.html(last visited May 2012).
     58.U.K. ONS, The modern census , available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/the-modern-census/index.html(last visited May 2012).
     59.U.K. ONS, Census-taking in the ancient world, available at http://www.ons.gov.uk/ons/guide-method/census/2011/census-history/census-taking-in-the-ancient-world/index.html(last visited May 2012).
     60.U.K. Parliament, Public Accounts Committee- role, available at http://www.parliament.uk/pac/(last visited September 2012).
     61.U.K. Parliament, White Paper, available at http://www.parliament.uk/site-information/glossary/white-paper/(last visited June 2012).
     62.U.K., the `Tell Us Once` service, available at http://www.direct.gov.uk/en/Nl1/Newsroom/DG_188740?CID=GCR&PLA=url_mon&CRE=death_tuo(last visited September 2012).
     63.UN, International Covenant on Civil and Political Rights, available at http://www2.ohchr.org/english/law/ccpr.htm#art17(last visited April 2012).
     64.UN, Universal Declaration of Human Right, available at http://www.un.org/en/documents/udhr/index.shtml(last visited April 2012).		zh_TW