Personal data protection implementation program - A Comparison between the two international standards of BS 10012 and JIS Q 15001

碩士 === 長庚大學 === 管理學院碩士學位學程在職專班資訊管理組 === 101 === As scam and data leakage cases as well as the capital invested to prevent personal information leakage have increased in recent years, the worsening situation may cause damage to business and goodwill of organizations. The Personal Information Protecti...

Full description

Bibliographic Details
Main Authors: Ku Chun Lin, 林谷峻
Other Authors: J. J. Hwang
Format: Others
Published: 2013
Online Access:http://ndltd.ncl.edu.tw/handle/79964220429416143345
Description
Summary:碩士 === 長庚大學 === 管理學院碩士學位學程在職專班資訊管理組 === 101 === As scam and data leakage cases as well as the capital invested to prevent personal information leakage have increased in recent years, the worsening situation may cause damage to business and goodwill of organizations. The Personal Information Protection Act (PIPA) in Taiwan was passed in April, 2010. All the organizations - no matter how big the scale - are under regulation of it. In order to reduce the impact of PIPA, organizations should make plans for and carry out works for protecting personal information. The personal information protection management standard JIS Q 15001 : 2006 is enacted in coordination with the Personal Information Protection Law in Japan. Its main objective is to illustrate the regulations an organization should adopt when implementing practice plans for protecting personal information. The personal information management system BS 10012 : 2009 is enacted by British Standards Institution (BSI) in reference to the Data Protection Act (DPA). This standard illustrates the requirements for personal information management systems, providing organizations with a frame of it. This study analyzes the execution requirements for the two standards, JISQ 10015 : 2006 and BS 10012 : 2009, by the means of goal mining. With regard to research contribution, this study offers a semantic analysis of the execution items of the two personal information standards, which can serve as a reference for organizations when implementing and improving their personal information systems, thus enhancing their ability to protect personal information.