Global ETD Search

11	實作可設定式之行動感測平台 / Design and Implementation of a Configurable Service Platform for Mobile Sensing 黃建烽, Huang, Chien Feng Unknown Date (has links) 長久以來，學者專家為進行各種與人們行為有關的實驗，使用了多種方法進行數據的收集，卻存在著一些缺點或是成本過高，不易大規模推行。近年來，隨著行動科技的高速發展，智慧型手機已經相當普及。由於智慧型手機內建眾多的感測器(Sensors)及裝置(Devices)，透過撰寫及執行特定的手機應用程式（APP），即可蒐集手機所偵測到的使用者行為相關之資訊，並加以分析處理。行動感測(Mobile Sensing)遂成為新型態的數據收集方式。但是，僅就特定之感測實驗所需數據項目，開發數據蒐集的行動應用程式，亦或是不管實驗需求，讓程式蒐集全部項目的感測數據，都不是理想的作法：不是欠缺彈性考量就是未能考慮手機使用者的隱私關切。本研究實作一個通用於所有行動作業系統上之可設定式之行動感測服務平台，它可以協助研究者根據其需求自行設定感測實驗項目及其條件規範。之後，透過建立於伺服器端與客戶端之間特定的資料交換機制，進行實驗的發布及兩端的互動溝通。整體運作過程中，客戶端的參與者只需簡易地安裝一套行動應用程式，便能夠輕鬆參與進行各種感測實驗、貢獻實驗數據。最後，我們模擬幾項實驗，用以驗證平台之實際運作效能。 / Experimental data obtained in scientific research is extremely important. For a long time, people use a variety of methods for data collection, but most of them are either restricted or expensive. In recent years, with the rapid development of mobile technology, smart phones are becoming very popular. With many built-in sensors and devices, smart phones can be used as a new tool of data collection, hence the emergence of mobile sensing. By installing a mobile application (APP) on a user’s smart phone, researchers can collect those required sensor data from the user and analyze it for their study. This research presents a configurable service platform for mobile sensing which aims to reconcile the flexibility needed by researchers and privacy concerns of smart phone users. In particular, our platform allows researchers to use our GUI tool to easily set up an experiment by composing an experiment configuration file (ECF) which specifies the sensor types to collect and the filtering rules for data selection. Users of smart phones can join any experiments by installing a single piece of logger APP developed according to our ECF specification. Besides, users will be fully informed of the data to collect before agreeing to participate a specific experiment. In such a manner, we achieve a proper balance between flexibility and privacy. Finally, we conducted several experiments to validate the feasibility of our service platform with users of Android smart phones. 智慧型手機行動感測隱私 smart phones mobile sensing privacy
12	求職者個人資訊保障之研究 / A Study on the Protection of Job Applicants’ Informational Privacy 詹岱蓉, Jan, Day Rong Unknown Date (has links) 雇主在招募過程中，為了提高企業的生產力或行政組織的效率，防免契約、侵權責任的發生，必須謹慎挑選人才，因此通常會以詢問或檢測（如人格測驗）盡量蒐集與求職者相關的資訊，來遴選合適員工。但是，雇主得要求應徵者揭露多少資訊？求職者在雇主的要求下，為了提高獲聘的機會，是否只能拋棄個人的隱私利益？這些疑惑均值得思考，從中也顯現出了雇主與求職者間利益衝突的問題。關於求職者個人資訊的保障，我國目前的基本規範為「個人資料保護法（簡稱個資法）」及「就業服務法（簡稱就服法）第5條第2項第2款」。雇主如欲蒐集求職者的個資，除必須符合個資法的特定條款外，假若涉及隱私資訊，尚須通過就服法第5條第2項第2款「就業所需」的檢驗。在這看似簡明的基本架構中，事實上存有許多令人困惑的地方，以個資法特定條款的蒐集事由為例，如：「執行法定職務必要範圍內」的意涵具體所指為何；「與當事人有類似契約之關係」是否包含雇主可請求當事人以外的第三人（如：前雇主）協助為履歷調查；以及「經當事人同意」在勞動關係不對等時其有效性的爭議等。而就服法第5條第2項第2款最讓人頭痛之處則為應如何詮釋「就業所需」。是以，我們須要更多的實務及學說見解來填充個資法與就服法勾勒出的雇主與求職者間利益權衡框架。本文將先探討雇主通常是基於什麼考量而對求職者為哪些詢問及檢測；而應徵者面對這些詢問及檢測往往會有什麼憂慮。接著借鏡美國法制，剖析我國針對求職者個人資訊保障的判準，並關注在個資法修正與就服法第5條第2項第2款增訂後，過往的實務見解是否依舊恰當或有所革新。最後比較美國與我國法制的異同，提出檢討與建議，期望能在保障求職者個資的同時，也兼顧到雇主的利益。 / In the hiring process, employers need to select workers cautiously in order to improve the productivity and efficiency of their enterprises, and to avoid the potential liability caused by reckless employees. To screen out the best possible candidate for a particular job, employers usually wish to gather as much information about job applicants as possible by making oral or written inquiries, or conducting different kinds of employment tests (such as personality tests). However, what kind of information can employers legally require job applicants to disclose? Do job applicants have no choice but to relinquish their personal privacy if they want to be employed? To answer these questions, we need to carefully balance the competing interests between employers and job applicants. In Taiwan, “Personal Information Protection Act (PIPA)” and “Employment Service Act (ESA) §5II②” form the basic framework of protecting job applicants’ informational privacy. Employers need to obey specific provisions of the PIPA before they can collect job applicants’ information; and if private information is to be collected, employers should further confirm their collecting actions meet the “job-related” requirement specified by §5II② of the ESA. This legal framework seems simple and clear, but there are many questions remain to be answered. For example, what is the exact scope of the term “within the scope of job functions provided by laws and regulations” of the PIPA? Does the condition “quasi-contractual relationship between the Parties” specified in PIPA allow employers to contact third parties (such as job applicants’ former employers) and conduct a reference check? Further, since there is a serious power-imbalanced problem in the employment relationship, can we truly expect the job applicants to offer a free and valid consent when they are requested to provide their personal information? Last but not the least, what is the precise meaning of the term “job-related” of §5II② of the ESA? More studies and court judgments are needed to delineate the boundaries between what employers are entitled to know and what job applicants should be able to keep private. This thesis begins with analyzing why employers need/hope to gather information about job applicants and what screening tools they prefer to use. It then discusses job applicants’ concerns when they face employers’ inquiries or employment tests. By comparing relevant U.S. legislation and judicial decisions regarding the protection of job applicants’ informational privacy, this thesis examines the standards used in Taiwan’s case-law when balancing employers’ and job applicants’ interests. Special attentions are paid to the issue whether these standards are still appropriate or should be updated in light of the latest amendments to the PIPA and ESA. Finally, through concrete cases, this thesis tries to provide practical recommendations on how we can better protect job applicants’ privacy while respecting employers’ legitimate interests in knowing their future employees. 求職者隱私權資訊隱私權就業所需個資法反歧視法 job applicant privacy informational privacy job-related personal information protection act anti-discrimination law
13	公務機關之間傳輸個人資料保護規範之研究－以我國、美國及英國法為中心 / A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K. 林美婉, Lin, Mei Wan Unknown Date (has links) 政府利用公權力掌握之個人資訊包羅萬象，舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達，使原本散置各處之資料，可以迅速連結、複製、處理、利用；而為了增加行政效率與減少成本，機關透過網路提供公眾服務日益頻繁，藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益，但是也伴隨許多挑戰，尤其當數機關必須共用資訊時，將使管理風險更添複雜與難度，一旦過程未加妥善管制，遭人竊取、竄改、滅失或洩露，不僅當事人隱私受損，也嚴重傷害政府威信。因此，凡持有個人資料的政府機關，均必須建立適當行政、技術與實體防護措施，以確保資料安全與隱密，避免任何可能危及資料真實之威脅與機會，而造成個人人格與公平之侵害。　　隨著全球經濟相互連結以及網路普及，個人資料保護如今已是國際事務，這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中，美國與英國關於資訊隱私法制發展有其不同歷史背景，目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法，以及預算管理局發布的相關指導方針；英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法，並且受獨立資訊官監督審核。此外，為了增加效率，減少錯誤、詐欺及降低個別系統維護成本，公務機關之間或不同層級政府所持有之個人資料流用有其必要性，故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下，我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定，機關內外監督機制亦付之闕如，使個人資料遭不當使用與揭露之風險提高。為了保障個人資訊隱私權，同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益，本研究建議立法或決策者可參酌美國與英國法制經驗，明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循，減少機關資訊流用莫衷一是的情況；而為保證個人資訊受到適當保護，除了事先獲得當事人同意外，機關進行資料共用之前，應由專業小組審核，至於考慮採取的相關重要措施尚有：（1）建置由政策、程序、人力與設備資源所組成之個人資訊管理系統（PIMS），並使成為整體資訊管理基礎設施的一部分；（2）指派高階官員負責施行及維護安全控制事項；（3）教育訓練人員增加風險意識，塑造良好組織文化；（4）諮詢利害關係人，界定共用資料範圍、目的與法律依據；（5）實施隱私衝擊評估（PIA），指出對個人隱私的潛在威脅並分析風險減緩替代方案；（6）簽定正式書面契約，詳述相關權利與義務；（7）執行內外稽核，監督法規遵循情況，提升機關決策透明、誠信與責任。關鍵詞：個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用 / Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual . As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data. To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions. Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing 個人資料保護隱私權資訊隱私資料傳輸資料共用 personal data protection privacy rights information privacy data transmission data sharing
14	從生物辨識應用探討隱私權之保護 / The privacy protection issues of biometric application 游璿樺, Yu, Hsuan Hua Unknown Date (has links) 自從美國911恐怖攻擊事件後，生物辨識技術受到世界各國重視，使得生物辨識應用大鳴大放，涵蓋範圍非常廣泛，從國家的入出境管理、國民身分證，到公司或住家的門禁管理、安全監控，乃至於個人身分確認，如電腦開機登錄、隨身碟資料加密。然而生物辨識應用，會涉及個人生物特徵之蒐集與相關個人資料之運用，一方面為生活上帶來便利，另一面也無聲無息為個人隱私帶來衝擊與威脅。本文從生物辨識技術之研究，藉由分析指紋辨識、臉型辨識及DNA辨識之應用所引發的隱私權問題，以及相關法令規範之探討，最後從法制面、政策面與執行面上提供建議，希望藉由完備的法令規範，評估各種應用可能引發之隱私爭議，建立完善的管理制度與監督機制，將生物辨識應用之隱私侵害與疑慮降到最低，得以享受生物辨識應用所帶來的安全性與方便性。生物辨識生物特徵資訊隱私權隱私權指紋辨識臉型辨識 DNA辨識 biometrics biometric characteristic information privacy privacy fingerprint recognition face recognition DNA recognition
15	資訊隱私權保障與網路犯罪通訊監察法制陳信郎, chen, hsin-lang Unknown Date (has links) 本文架構共分五章：第一章為緒論，旨在說明本論文之研究動機、問題意識、研究範圍、研究方法及架構說明，其中並說明網際網路發展之簡介、網際網路對資訊隱私權與犯罪偵查之影響。第二章所欲討論者，乃資訊隱私權之發展與內涵。在本章中，首先就隱私權發展最早的美國，說明該國最高法院司法實務對於憲法層次隱私權概念建立與保障上，所做出的幾個重要性判決。之後再針對資訊隱私權的意義說明，並討論資訊隱私權的憲法爭議範圍，其中尤以憲法第四修正案的適用最為重要，故獨立討論該條之規範對象，並就該條中搜索的意義、實施搜索的實質原因與程序要件，及違反第四修正案之所產生的證據排除效果介紹之。次就資訊隱私權於我國憲法之依據及內涵，討論我國有關憲法層次的隱私權，在權利形成方法上，是否有全盤移植美國法制之必要，亦或針對我國憲法，提供資訊隱私權更明確的依據。第三部分則就侵害資訊隱私權之違憲審查，討論我國憲法有關侵害資訊隱私權，在抽象法律層次的違憲審查標準，及在具體案件中，是否有引進美國證據排除法則之必要？做為本此論文之後檢視成文法及具體案例之準則。第三章則進一步討論我國網路犯罪之偵查實務，說明我國實務常見網路犯罪之類型，並舉出實際案例以供參考。第二部分則就目前網路犯罪偵查實務，試著從較為技術面的方向，簡略說明有關網路犯罪資訊的取得、犯罪者的追縱、證據的調查，其中有關證據的調查，則著重於通訊監察部分，至於常見有關搜索、扣押的討論，因與本文主題較不具關聯性，故省略不論。本章之目的，乃嘗試讓理論與實務有聯繫之機會，並說明我國在網路犯罪偵查方法上，有何困境之處。第四章為本論文之主軸，在了解到我國網路犯罪偵查實務所面臨的困境後，本章首先就美國有關網路通訊監察法制，介紹該國憲法與司法實務在做出若干重要裁判後，立法者為提供更充分的保障，所特別制定的《電子通訊隱私權法》等法律，希望透過不同層次的資訊隱私權侵害，提供不同層次的程序保障，來平衡國家安全、犯罪偵防與隱私權保障。然而由於網路通訊監察的特殊性，使得FBI於2000年3月所發展出的新型網路監聽工具：Carnivore，引發大眾甚多疑慮，該國就Carnivore系統之運作依據及合法性，有著激烈的辯論，本文嘗試整理歸納正反意見，並提供本文觀點。在還來不及檢討Carnivore系統之合法性時，九一一事件促使《愛國者法》通過，賦予政府機關實施網路通訊監察時更大的權力。科技的進步，無疑使得網路使用者資訊隱私權受到更大的限制，本文也嘗議建議未來最高法院應改以結果取向的解釋方法來處理新型監聽工具所引發的憲法爭議，如此才能兼顧科技發展與人權保障。在了解到美國有關網路通訊監察法制後，第五章則針對從資訊隱私權保障面向，重新檢討現行通訊保障及監察法規定之妥適性，並就我國未來針對網路發展新型監聽工具時，所應採行之建制原則，及通訊保障及監察法針對網際網路時代，所應做的修正，提出若干建議，並以之代結論。資訊隱私權網路犯罪網路通訊監察愛國者法 ECPA
16	員工資訊隱私權與企業在網路監控協調之研究 / The study of balance of employee's privacy and enterprise's monitor on the internet 江啟先, Chiang, Chihsian Unknown Date (has links) 從美國管理協會(AMA: American Management Association)與e化政策學會(ePolicy Institute) 2007年調查報告比較2005年調查報告，可以發現：雇主解僱不當使用電子郵件的員工，從2005年調查時的25%，增加至28%。而雇主解僱不當使用電腦網路資源的員工，也從2005年調查的26%，增加至30%。解僱員工的比例，兩年之內，增加的比例均超過一成。這顯示出，員工上班時使用網路與電子郵件需要更加小心，隨雇主的監看權力逐漸增長而員工隱私權的空間已日漸限縮。這樣所形成的衝突也就更為激烈，為避免勞資權利的對立尖銳化，兩者之權利應如何協調？在管理上有無最佳實務(best practices)可供業界參考？本研究藉由分析美國、德國應我國相關法律與案件之後，提出雇主監看行為之界限，除需合乎刑法、民法、通訊保障及監法與電腦處理個人資料保護法之規範外，還需視是否侵害員工之人格權亦作為界限之考量依據。而是否侵害其人格權，則可以學者Hanau 所提出三項標準觀察：員工收發電子郵件係基於職務原因或私人原因所為？員工之電子郵件之收發係受雇主之許可或受雇主之禁止？員工之收發電子郵件係在工作時間之內或工作時間之外？這三項標準之組合情況有待雇主與員工協商訂出合理之標準。本研究藉由文獻探討以及對於各企業員工進行人員訪談之研究方法進行分析。初步研究發現，在管理上針對於雇主監看權與員工職場隱私權的協調之最佳實務。重點在於企業應在充份尊重員工的前提，謹慎地訂定明確之「可接受的使用政策」與「職場員工監看政策」。並盡充份告知員工之義務，避免日後發生糾紛。雇工妥當地運用正式與定期的員工教育訓練，給予員工充分之時間發問，促使員工能真正理解。重視與員工的互動，傾聽員工的心聲，適時調整「職場員工監看政策」，使之合乎人性化。員工在充滿人性化的職場工作，才能有效提高工作效率。員工隱私權雇主監看權電子郵件電腦系統
17	基於存取目的之個資控管框架-以銀行業為例 / Purpose-Based PII Control Framework - A Banking Perspective. 鄭明璋, Cheng, Ming Chang Unknown Date (has links) 新版「個人資料保護法」在民國99年5月公布，並正式實施於民國101年10月；隨著新法的實施，不管是公部門或民間組織，都投入大量資源以期改善並確保自己的組織對於個人資料之蒐集、處理與利用，能夠符合「個人資料保護法」的要求。由於業務特性，個人資料的蒐集、處理與利用，乃是銀行業者日常必須面對的課題。雖然舊版個資相關法令「電腦處理個人資料保護法」與「銀行法」對於個人資料的處理都已有相關規定，但由於稽核與舉證困難、罰則過輕等原因，業者並未真正重視個資保護課題，善盡個資保護的責任，所以銀行發生個資外洩的案例時有所聞。新版「個人資料保護法」正式實施後，舉證責任歸屬由當事人變成企業，在疑似個資外洩事件發生時，企業須舉證其組織之系統或機制已對個人資料之控管機制已滿足「個人資料保護法」的要求，盡到完善管理之責任。因此業者不得不投入大量資源來周全組織內對於個人資料的保護與稽核機制，把新版法規的各項規定要求納入系統功能範疇。伴隨「個人資料保護法」的實施，法務部頒布了「個人資料保護法之特定目的及個人資料之類別」細則來明確規範個人資料的類別範疇、以及存取個人資料之目的。本研究即針對此項要求，歸納分析銀行業的業務現況，並納入未來業務發展之可能需求，設計一具備彈性之個資存取框架以管理個資分類與存取目的，進而滿足「個人資料保護法」的要求。 / As the latest version of the "Personal Data Protection Act (PDPA)" published on May, 2010, and formally implemented since October, 2012, all public and private sector organizations need to put in significant resources to meet the strengthened legal requirements of personal data collection, processing and utilization. Yet banks are among the first to be affected by them, as personal data collection, usage and handling are essential to their daily operations. Therefore, this thesis investigates the compliance of PDPA from a banking perspective. A distinguished feature of the new "Personal Data Protection Act" is the inclusion of "purposes" in regulating access to personal data, namelyan organization must get the informed consent from its customer regarding how her personal data will be used, namely privacy preferences. Currently, employing a proper access control mechanism to protect customer's data is a well-accepted discipline in bank information system (BIS) development. However, the design of such mechanisms hardly includes the requirement of supporting customers’ preferences regarding the use of their personal data. It is therefore highly desirable to extend a BIS's access control to handle customers' privacy preferences. This thesis investigates the common practices of bank operations and presents a purpose-based access control framework for future BIS development. Specifically, we derive a classification of bank customers' personal data and purpose categories for bank operations so that the proposedaccees control framework can ensure all accesses to customers' personal data match their granted access purposes. As a result, the framework will lay a foundation to the compliance of PDPA for a bank. 個人資料保護法隱私目的 Personal Data Protection Act Privacy Purpose
18	求職勞工個人資訊揭露合法性與範圍之研究-以隱私權理論實踐為中心 / A study on legality and scope Of the personal information of job candidates：Focusing on practice of privacy rights theory 傅煒程, Fu, Wei Cheng Unknown Date (has links) 勞工於求職過程中，經常面臨雇主要求其必須揭露個人資訊之情形。為使自己能更順利獲得錄取，勞工通常僅能放棄其個人資訊自主的權利而同意揭露。因此，在取得個人資訊技術快速發展的今日，如何在求職過程中兼顧勞工的隱私權以及雇主錄用合適員工的經濟利益，是值得我們正視的問題。本文將先就雇主所要求勞工揭露個人資訊的類型與目的以及因為揭露個人資訊而可能發生的爭議等議題，加以分析。另外，本文將剖析隱私權的發展過程，並藉此進一步瞭解保障隱私權的目的。此外，亦透過國內外法制與司法實務的介紹，以理解平衡勞工與雇主二者之間權利發展之趨勢。最後本文將從介紹資訊移轉模式與反思法理論內涵，論述國家應如何落實建構程序性保障，使求職勞工於揭露個人資訊時，能夠平等地與雇主充分、實質地溝通其揭露個人資訊的目的、範圍與其他權利義務關係。 / Employers usually ask job candidates disclose their personal information before they receive offers of employment. Labor who confront the ask from employers often abandon personal information autonomy and accept to disclose just for increasing opportunity of being employed. Therefore, it is important to consider labor privacy rights and employer business benefit to employ somebody fit workplace in society that technologies of access information develop rapidly. The article begins with providing a comprehensive analysis of the different information that employers need during preemployment, researches why employers need personal information of candidates and what disputes are caused probably. The article analyzes development of Privacy Rights theory and purpose of protecting Privacy Rights. The article also analyzes the tendency toward balancing rights of labor and employers by introducing legal institutions and judicial practice in Taiwan and foreign country. Finally, the article recommends the government should establish the procedure to promote employers communicating with job candidates for purpose, scope and other rights and obligations of disclosing personal information by introducing information-shifting model and reflexive law theory. 隱私權個人資訊求職者勞工 privacy rightspersonal information job candidate labor
19	一個可降低Gentry全同態加密演算法公鑰個數之提案 / An Improvement of Gentry’s “Fully Homomorphic Encryption Scheme” by Reducing the Number of Public Keys 陳漢光 Unknown Date (has links) "全同態加密法"(Fully Homomorphic Encryption (FHE))一詞的介紹以及架構源於西元2009年由Gentry所提出。它讓加密後的密文執行特定的運算再將其解密即可得出該對應的明文運算結果，除此之外，全同態與同態最大的不同是它允許兩種或是多種以上的運算元進行資料運算，期間必須可以處理大量的資料並且保護其資料隱私性使其無洩漏之虞。也因為上述特點使得它可被廣泛使用在許多資料庫或是資料儲存上的應用，像是ASP、雲端運算或是雙方相等性驗證上，然而在Gentry的全同態加密中，它需要大量的空間來儲存所需要的公鑰，因此在實作上仍有一定的難度。為了解決上述問題，本文提供了一種新的改良方案使其更有效率來達到全同態加密的實作性，除此之外，我們也會在文章中提出安全性分析來證明本改良方案並不會對安全性造成影響，並且提出系統效能測試，說明本方案除了可減少公鑰儲存空間之外，在時間上，更可降低公鑰生成以及系統加密的時間，讓其全同態運算更具效率。 / C. Gentry in 2009 proposed the first practical scheme which can compute arbitrary functions of encrypted data. This scheme is named “Fully Homomorphic Encryption (FHE)”. FHE allows a worker without the secret decryption key to compute any result of the data on one hand and still keep the data privacy on the other hand. It can be widely used in data storage application or database application, such as ASP, cloud computing and two-party equality testing. However, one drawback of Gentry’s fully homomorphic encryption scheme is that the size of public keys used in this system is extremely large. This means that a lot of space is required in order to store those public keys. This problem causes Gentry’s FHE hard to be implemented. In this thesis, we address the problem above, and give an improvement encryption scheme. Our improvement scheme needs less space to store the public keys which also makes the new scheme more efficient than Gentry’s original scheme. We also give a rigorous security proof to show that our improvement scheme is as secure as Gentry’s original scheme. A system performance test is also provided which shows that our scheme can not only reduce the numbers of public keys, but also reduce the time for public key generation and for encryption. Therefore, our improvement scheme can make fully homomorphic encryption more practical. 全同態加密密碼學秘密計算雲端運算隱私保護
20	個人資料蒐集於刑事偵查之爭議 / The controversy over the collection of personal data in criminal investigation 黃鈺雯 Unknown Date (has links) 司法警察（官）於偵查犯罪時，為了蒐集相關證據或特定犯罪嫌疑人之位置而進行各式之個人資料蒐集，若賦予司法警察（官）可隨意進行此種偵查作為之權限，確可加強偵查之效率，但人民之行動軌跡、通話記錄及各式記錄（如病歷紀錄及金融記錄等）便會因此運作而無所遁形。對此部分，本文將把蒐集個人資料影響最鉅之監視科技區分為「動態監視科技」與「靜態監視科技」，先介紹其運作之樣態及外國法制之處理方式，再針對我國法制可容納之規範予以探究，最後提出修法之建議。在【第二章】時，本文先介紹何謂「資訊自決權」及「資訊隱私權」，並試著提出德國及美國之法制對其之處理模式，亦就我國大法官解釋對此之見解予以闡釋。本文以為隱私權所保障者是「人」而不是「地方」，為維護個人主體性與人格自由發展，個人於公共場域中仍應有一定程度之不受侵擾之自由。無論定位為「資訊隱私權」或「資訊自主權」均無太大之差別，均應受憲法之保障。而本文中所介紹之各種蒐集個人資料之途徑均已侵害被監視人之資訊隱私權或資訊自決權，自屬憲法欲保障之基本權，而有探究之必要。然按大法官解釋第443號之旨，並非一切自由及權利均無分軒輊受憲法毫無差別之保障，而就隱私權部分，其應屬相對法律保留之範疇，僅須於法律明文規定或具授權明確之規範中處理即可，以下章節即以圍繞著其於法律層次之處理模式出發。在【第三章】及【第四章】中，即係針對本文欲討論之蒐集個人資料於德國與美國法制應如何處理作介紹，並適度提出本文見解。就「GPS」監視系統部分，美國實務見解認警察利用衛星定位系統並非僅追蹤被監視人從某地至他地而已，若已係連續一個月追蹤其一天24小時之行動，已可完全掌握其於此一個月中之所有行動軌跡，於社會觀感上已屬侵害其「合理隱私期待」，而執法機關對此一資訊進行衛星定位監控，已將此隱私期待完全侵損，故其以為應採法官保留原則。而從德國法制可知，裝設GPS定位裝置於刑事訴訟法應屬可行。惟須注意僅可使用於偵查犯罪，而不得適用於預防犯罪。且其適用之立法模式應屬法官保留。就「調取通聯記錄」部分，美國實務見解之看法，認國家機關調取通聯記錄，人民對此並無合理隱私期待，故並不構成憲法意義下之搜索，自無須令狀。而後，於電子通訊隱私權法中，其對於調取通聯記錄之容許性相當寬鬆，執法機關只要證明「安裝與使用電話撥號紀錄器或電話追蹤裝置很可能得到與正在進行之調查有關之資訊」之「關聯性」，即可取得法院令狀，且幾乎均無被駁回之可能性。德國法對調取通聯記錄之合法性控制，亦係要求應由法官核發令狀。且對於核發之標準，把關甚嚴。須係重要意義之犯罪，或是非以調取通聯犯罪無法進行偵查之終端設備犯罪。就「調取犯罪前科記錄」、「調取病歷紀錄」及「調取金融記錄」部分，本文先以個人資料保護法出發，探究上開資料是否屬該法所稱之「敏感性資料」，若屬之，則對其之保障密度應予提高；若非屬之，對其之保障密度自無須如此嚴密。本文就試著做出修法之建議，試擬關於「GPS」定位系統及「調取通聯記錄」之發動依據。並就調取資料部分，於刑事訴訟法予以概括立法，區分為敏感度不同之資料類型，並給予不同之保障密度。本文擬出建議修法之條文及立法理由，目的在於力求偵查犯罪效率與人民權利保障之均衡，以達到法治國原則之要求。若能讓人民了解國家乃係為了偵查犯罪，方必須侵害人民之權利，且其侵害權利之範圍亦有其界限。人民面對國家蒐集其個人資料之襲擊，亦可免於恐懼。國家蒐集個人資料時若未有適用之合法性控制，國家機關就如同「老大哥」般以對人民的生活登堂入室，也將使人民如同身處楚門的世界般而不自知，此非吾人所樂見。衛星定位系統調取通聯記錄資訊隱私權

Search results