- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 5 of 5 (0.124 seconds)Spelling suggestions: "subject:"data protection act"" "subject:"mata protection act""
| 1 |
Adults who grew up in care: constructing the self and accessing care files.Horrocks, Christine, Goddard, James A. January 2006 (has links)
No / Past research on care leavers has, understandably, tended to focus on those who are in their mid- to late-teens or early 20s. This reflects the profound impact of central and local government policy on those young people. It also reflects their prominence in contemporary analyses of most of the indicators of social exclusion among young people in the UK - unemployment, homelessness and lack of educational qualifications among them. However, some issues affecting adults who grew up in care apply across the life course. One such issue is the access that former care adults have to their child care files. Indeed, as we shall see, this issue has particular importance for many older adults (in their 30s and upwards). Policy and practice in this field has changed significantly during the past 20¿years and there is a growing awareness of the needs of former care adults in this area. Access to such files can be a significant element in the process of seeking to address identity concerns centring around family and childhood experiences. This paper explores some of these identity concerns and analyses how access to care files both reflects such concerns and attempts to address them.
|
| 2 |
基於存取目的之個資控管框架-以銀行業為例 / Purpose-Based PII Control Framework - A Banking Perspective.鄭明璋, Cheng, Ming Chang Unknown Date (has links)
新版「個人資料保護法」在民國99年5月公布,並正式實施於民國101年10月;隨著新法的實施,不管是公部門或民間組織,都投入大量資源以期改善並確保自己的組織對於個人資料之蒐集、處理與利用,能夠符合「個人資料保護法」的要求。
由於業務特性,個人資料的蒐集、處理與利用,乃是銀行業者日常必須面對的課題。雖然舊版個資相關法令「電腦處理個人資料保護法」與「銀行法」對於個人資料的處理都已有相關規定,但由於稽核與舉證困難、罰則過輕等原因,業者並未真正重視個資保護課題,善盡個資保護的責任,所以銀行發生個資外洩的案例時有所聞。新版「個人資料保護法」正式實施後,舉證責任歸屬由當事人變成企業,在疑似個資外洩事件發生時,企業須舉證其組織之系統或機制已對個人資料之控管機制已滿足「個人資料保護法」的要求,盡到完善管理之責任。因此業者不得不投入大量資源來周全組織內對於個人資料的保護與稽核機制,把新版法規的各項規定要求納入系統功能範疇。
伴隨「個人資料保護法」的實施,法務部頒布了「個人資料保護法之特定目的及個人資料之類別」細則來明確規範個人資料的類別範疇、以及存取個人資料之目的。本研究即針對此項要求,歸納分析銀行業的業務現況,並納入未來業務發展之可能需求,設計一具備彈性之個資存取框架以管理個資分類與存取目的,進而滿足「個人資料保護法」的要求。 / As the latest version of the "Personal Data Protection Act (PDPA)" published on May, 2010, and formally implemented since October, 2012, all public and private sector organizations need to put in significant resources to meet the strengthened legal requirements of personal data collection, processing and utilization. Yet banks are among the first to be affected by them, as personal data collection, usage and handling are essential to their daily operations. Therefore, this thesis investigates the compliance of PDPA from a banking perspective.
A distinguished feature of the new "Personal Data Protection Act" is the inclusion of "purposes" in regulating access to personal data, namelyan organization must get the informed consent from its customer regarding how her personal data will be used, namely privacy preferences.
Currently, employing a proper access control mechanism to protect customer's data is a well-accepted discipline in bank information system (BIS) development. However, the design of such mechanisms hardly includes the requirement of supporting customers’ preferences regarding the use of their personal data. It is therefore highly desirable to extend a BIS's access control to handle customers' privacy preferences.
This thesis investigates the common practices of bank operations and presents a purpose-based access control framework for future BIS development. Specifically, we derive a classification of bank customers' personal data and purpose categories for bank operations so that the proposedaccees control framework can ensure all accesses to customers' personal data match their granted access purposes. As a result, the framework will lay a foundation to the compliance of PDPA for a bank.
|
| 3 |
La protection des données à caractère personnel dans le domaine de la recherche scientifique. / The protection of personal data in scientific researchCoulibaly, Ibrahim 25 November 2011 (has links)
Comment devrait être assurée, de façon efficiente, la protection des données à caractère personnel dans le domaine de la recherche scientifique ? Telle est la problématique de cette thèse. Question cruciale à l'heure où les traitements de données sont appelés à multiplier à l'avenir dans tous les domaines de recherche, et dont les finalités ne sont pas toujours clairement définies ni perçues. A cette question, l'application de la loi Informatique et Libertés, loi à vocation généraliste pour l'encadrement des traitements de données à caractère personnel, a laissé apparaître, dès son adoption, de nombreuses difficultés dans le domaine de la recherche scientifique. Diverses modifications et adaptations sont intervenues – 1986, 1994, 2004 – à l'aune desquelles, il fallait déterminer l'encadrement des traitements de données personnelles à des fins de recherche scientifique. De cette investigation, il résulte que la loi Informatique et Libertés pose les principes de base de la protection des données traitées dans le domaine de la recherche scientifique en prévoyant un encadrement a priori de la collecte des données et un suivi et un contrôle a posteriori de la mise en œuvre du traitement. L'encadrement a priori vise principalement à la garantie de la qualité scientifique des projets de recherches. Inhérent à la finalité scientifique du traitement des données, le suivi a posteriori tend, quant à lui, à garantir le respect de certaines règles comme la compatibilité des réutilisations des données, la présentation et l'utilisation des résultats de la recherche dans des conditions ne devant pas porter atteinte aux personnes. Parce que ne pouvant pas relever de la seule intervention du responsable du traitement, le suivi a posteriori se complète d'un contrôle a posteriori opéré autant par la personne concernée, la CNIL, les juridictions. Dans le domaine de la recherche scientifique, ces différents contrôles pourraient opportunément se compléter par une intervention de la communauté des chercheurs en question. Il s'agit de l'autorégulation. En définitive, une protection efficiente des données à caractère personnel résultera d'un système de régulation à plusieurs niveaux et acteurs dont chacun doit effectivement utiliser les moyens d'action qui lui sont reconnus. / How should the protection of personal data in scientific research be efficiently ensured ? This is the main question of this dissertation. Important issue at a time personal data processing are to be increased in the future in all scientific research fields, but whose aims are neither clearly defined nor always clearly perceived. To this question, the enforcement of data protection act which is a general law for the management of personal data processing has shown, since its adoption, many problems in scientific research. Many changes and adaptations have been made in 1986, 1994 and 2004, on the basis of which it was necessary to determine the management of personal data processing to scientific research purposes. This investigation reveals that data protection act lays the basic principles of the protection of personal data processed in scientific research by forecasting an a priori data gathering, a follow-up and an a posteriori control of the data processing implementation. The a priori management mainly aims at guaranteeing the scientific quality of research projects. As for the a posteriori follow-up which is inherent in scientific aim of data processing, its objective is to guarantee the enforcement of some rules such as the accountancy of data reuse, the presentation and the use of the research results in conditions that should not be harmful to people. As it cannot depend on the sole intervention of the responsible for the processing, the a posteriori follow-up is completed by an a posteriori control carried out by the affected person as well as the CNIL and the courts. In scientific research, these different controls could opportunely complement one another by an intervention of the community of researchers in question. This is self regulation. At the end, an efficient protection of personal data will result from a multiple step regulation system in which participants and everyone must actually use the means of actions which are acknowledged to them.
|
| 4 |
Development of a diagnostic instrument and privacy model for student personal information privacy perceptions at a Zimbabwean universityMaguraushe, Kudakwashe 05 1900 (has links)
Orientation: The safety of any natural being with respect to the processing of their personal information is an essential human right as specified in the Zimbabwe Data Protection Act (ZDPA) bill. Once enacted, the ZDPA bill will affect universities as public entities. It will
directly impact how personal information is collected and processed. The bill will be fundamental in understanding the privacy perceptions of students in relation to privacy awareness, privacy expectations and confidence within university. These need to be understood to give guidelines to universities on the implementation of the ZPDA.
Problem Statement: The current constitution and the ZDPA are not sufficient to give organisations guidelines on ensuring personal information privacy. There is need for guidelines to help organisations and institutions to implement and comply with the provisions
of the ZDPA in the context of Zimbabwe. The privacy regulations, regarded as the three concepts (awareness, expectations and confidence), were used to determine the student perceptions. These three concepts have not been researched before in the privacy context
and the relationship between the three concepts has not as yet been established.
Research purpose: The main aim of the study was to develop and validate an Information Privacy Perception Survey (IPPS) diagnostic tool and a Student Personal Information Privacy Perception (SPIPP) model to give guidelines to universities on how they can implement the ZDPA and aid universities in comprehending student privacy perceptions to safeguard personal information and assist in giving effect to their privacy constitutional right.
Research Methodology: A quantitative research method was used in a deductive research approach where a survey research strategy was applied using the IPPS instrument for data collection. The IPPS instrument was designed with 54 items that were developed from the
literature. The preliminary instrument was taken through both the expert review and pilot study. Using the non-probability convenience sampling method, 287 students participated in the final survey. SPSS version 25 was used for data analysis. Both descriptive and inferential statistics were done. Exploratory factor analysis (EFA) was used to validate the
instrument while confirmatory factor analysis (CFA) and the structural equation modelling (SEM) were used to validate the model.
Main findings: diagnostic instrument was validated and resulted in seven new factors, namely university confidence (UC), privacy expectations (PE), individual awareness (IA), external awareness (EA), privacy awareness (PA), practice confidence (PC) and correctness expectations (CE). Students indicated that they had high expectations of the university on privacy. The new factors showed a high level of awareness of privacy and had low confidence in the university safeguarding their personal information privacy. A SPIPP
empirical model was also validated using structural equation modelling (SEM) and it indicated an average overall good fit between the proposed SPIPP conceptual model and the empirically derived SPIPP model
Contribution: A diagnostic instrument that measures the perceptions (privacy awareness, expectations and confidence of students) was developed and validated. This study further contributed a model for information privacy perceptions that illustrates the relationship
between the three concepts (awareness, expectations and confidence). Other universities can use the model to ascertain the perceptions of students on privacy. This research also contributes to improvement in the personal information protection of students processed by
universities. The results will aid university management and information regulators to implement measures to create a culture of privacy and to protect student data in line with regulatory requirements and best practice. / School of Computing / Ph. D. (Information Systems)
|
| 5 |
論網路匿名言論之保障-以身分揭露程序為中心 / A Study on the Protection of Anonymous Online Speech: Focusing on the Procedure for Disclosing the Identity of Anonymous Speakers鍾安, Chung, An Unknown Date (has links)
在網路世界中,人們以匿名表達意見遠比現實生活中更為容易,這件事已劇烈地改變了匿名言論的量與質。從好的面向看,匿名帶來自主,讓異議者可以透過網路匿名,表達可能永遠都不敢在眾人面前說出來的真正想法,讓觀念市場變得多元豐富;另一方面,匿名提高了追究責任的困難。相較於現實世界的言論,損害他人或構成犯罪的惡質網路匿名言論,將造成影響更深遠且永久的傷害。
目前,關於網路匿名言論的管制方式,世界各國政府都是仰賴「事後追懲模式」和「實名認證模式」的其中一種。前者是網路使用者原則上可以匿名地發表言論,但如果發表不當言論並造成傷害,受害者或國家可以揭露其身份以對其展開司法追訴;後者是網路使用者在張貼言論前,必須先向國家機關指定的網路業者交出個人真實身份資料以進行驗證後,才能匿名發言,或甚至完全禁止以匿名方式發言,讓網路使用者感受到被眾人監督的壓力,不敢發表不當內容。
本文主張,網路匿名言論是受到憲法所保障的權利,而「事後追懲模式」相較於「實名認證模式」,較能調和不同權利間的衝突。不過,儘管我國政府採取此模式,卻在設計民刑事訴訟制度時,漏未導入匿名言論權利的思考,導致網路匿名表意者一經策略性訴訟攻擊,真實身份就會立即暴露,使得匿名表意自由不過徒有虛幻表象。因此,本文建議,為落實對匿名言論自由的保護,立法者宜參考美國法,修改部分訴訟法來處理此問題。 / On the internet, people can express themselves anonymously far easier than in the physical world. This fact has dramatically changed both the quantities and qualities of anonymous speech. On the bright side, anonymity brings more autonomy. Dissenters can express their real opinions, which they might never have the courage to speak out in public. It, in turn will promote the diversity and integrity of the marketplace of ideas. Yet, anonymity also makes it more difficult to hold the speakers accountable. In addition, compared to speech in the real physical world, malicious online anonymous speech will cause more serious permanent harms.
Today, governments around the world are either relying on the “Ex Post Compensation and Punishment” approach or the “Real-Name Verification System” to regulate online anonymous speech. Under the former approach, internet users can express their opinions anonymously, but if the content of their speech is malicious and causes damages to other people, the victim can seek disclosure of the speaker’s identity in order to take legal actions against the speaker. In contrast, under the latter system, internet users have to provide their personal information (real identities) to the ISPs or ICPs appointed by governments and complete the verification process before they can post their words. Some real name systems go even further by banning anonymous speech completely. By making users feel like they are being supervised by the public, the real name system wishes to deter indecent contents
This thesis argues that online anonymous speech is protected by the Constitution, and the ‘Ex Post Compensation and Punishment’ is a preferred approach because it can better balance the conflicting rights. In Taiwan, although the government has chosen the ‘Ex Post Compensation and Punishment’ approach, current civil/criminal procedural laws and practices afford little protection to online anonymous speakers. The plaintiff, who is allegedly harmed by the anonymous speech, can easily bring a “Strategic Lawsuit,” with the sole purpose of obtaining the identity of the online anonymous speaker. Consequently, this thesis suggests that, in order to better protect the freedom of anonymous speech, the legislators of Taiwan should refer to U.S. laws and practices and revise several provisions of Taiwan’s Code of Civil Procedure and Code of Criminal Procedure.
|
Page generated in 0.13 seconds