語意性的隱私政策-落實於銀行內部隱私保護的研究 / Semantic privacy policies－Research for the enforcement of privacy protection inside the bank

李家輝, Lee, Chia Hui

Unknown Date

網際網路的興起帶動銀行業電子商務的發展；然而，在開放式的網路環境下，個人的財務、交易等具有隱私的資訊，可能因金融機構本身資訊安全防護技術未落實、資料處理流程權限控管不當、或相關稽核機制不健全等因素，造成銀行個人資料外洩，而影響個人財務及公司商譽的損失。現今在銀行業電子商務的網站上，雖然有使用隱私權政策聲明的方式來表示履行客戶資料隱私保護的責任，但是此形式宣告的方式大於實質保護的意義，沒有任何作用。客戶資料的隱私資訊，亦應受到法律的保護；在我國主要的法律有電腦處理個人資料保護法、內部控制法及金控共同行銷規範等。本研究旨在針對銀行業電子商務交易流程中提出企業內部客戶隱私資料保護的架構模型，將客戶隱私資訊做分類，並遵循相關法律條文規範，以訂立具有語意的隱私權政策來落實企業內部客戶隱私資料的保護。我期望本研究的成果能貢獻未來金融業於客戶隱私資料保護的參考依循。 / The rising of Internet drives the development of e-commerce in banking industry. However, in the opening environment of Internet, the personal and confidential data which includes finance and transaction may be exposed because its poor secure protection technology or improper permission control for the procedure of data processing, or defective auditing mechanism in financial institutes. Therefore, it could influence the loss of personal finance and goodwill of companies. Although the e-commence website of banking industry protect customers’ data through the stated of right to privacy, the announced meaning is far more than the real protection. The customers’ private data should be protected by law, such as Computer Processing Personal Data Protection Act and Rules Concerning Cross-Selling by Financial Holding Company Subsidiaries in Taiwan.The purpose of the thesis offers the enterprise internal privacy construction model which classifies customers’ private data, follows the related law regulation, and establishes semantic privacy policies in order to achieve the protection of enterprise internal customers’ data for the transaction flow of e-commence in banking industry. I expect the research can contribute some references to follow in customers’ data protection for financial institutions in the future.

隱私權

企業隱私偏好平台

語意網

本體論

語意規則語言

隱私偏好平台

個人資料保護法

金控共同行銷規範

電子商務消費者保護綱領

Privacy

E-P3P

Semantic Web

Ontology

SWRL

P3P

XACML

EPAL