The Influence of ISMS System in the Context of New Personal Information Protection Act — a Case Study for a Full-service Securities Firm

• Main Authors: Lin, Hsiaoying, 林曉盈
• Other Authors: Fu, Chen-Hua
• Format: Others
• Language: zh-TW
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/13319298613000796612

碩士 === 國防大學管理學院 === 資訊管理學系 === 101 === The stockbrokers are engaged in dealing negotiable securities and to serve as the marketing channels of the associated agency. Because of the business needs, they keep a lot of personal information. With the enforcement of the new Personal Data Protection Act they should not only strengthen the managerial capability of personal data protection in order to comply with the law, but also prove that the business has indeed made proper safety maintenance measures to avoid the leakage of personal data to suffer damage claims or lawsuits circumstances. Due to this case act as the marketing channel of the associated agency, it still needs to face supervision of data collection, processing and using by the authorized institution. That is all about the background and motivation of the research. This study is on the basis on Delphi method and case interviews, and takes the practical stage of Privacy Impact Assessment (PIA) and the ISO 27001 standard to set up the gradational framework of personal data management to provide case in the establishment of the Securities Industry Information and Communication Security checking mechanism "norms that can continue monitoring and improve the maintenance of personal data security to reach the goal of business continuity by fallowing the institutionalization, documentation and systematization management of ISO 27001 standard. This study has been based on the case environment to develop security maintenance measures to the purposes of the current situation and planning considerations, security measures in PIA stage sequence associated with ISO 27001 control measures resolve of three issues, through questionnaires, interviews, and access to the PDCA model to capital management process, as the units for effective response to the new circumstances of the Personal Data Protection Act, for managers the reference to make decision.