| Summary: | 碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 103 === After the enforcement rules of the Personal Information Protection Act had been taken effect on Oct. 1 2012. The personal data protection management on non-public affairs assigned from financial supervisory commission had been announced as well from the financial supervisory commission on Nov. 8 2013, indicates banks, bank holding companies and all non-government departments which are supervised by financial supervisory commission have to follow the rules.
The object of the case study would be a bank which had been authorized and certified on Personal Information Management System and Information Security Management System. Thus we went through the literature with the management from international organization for standardization as BS 10012:2009 and ISO 27001:2005 to examine the object whether follow the rules of personal data protection management on non-public affairs assigned from Financial Supervisory Commission or not?
The purpose of this study would be found the items beyond the rules of personal data protection management on non-public affairs assigned from financial supervisory Commission after examination on the object. In order to help the object totally follow the rules of personal data protection management with financial business, there provide to advise on correction these beyond items and audit management system.
The conclusions of this research are:(1)It can't comply with law and regulations only by the standard of ISO 27001 and BS 10012. (2)Stipulating standard to comply with law and regulations. (3)By using model P、D、C、A of research process, recheck if the standard still can comply with law and regulations.
|
|---|
