Global ETD Search

31	Audit cloudových služeb pro malé a střední podniky / Cloud Computing Audit for Small and Medium Enterprises Kroft, Karel January 2014 (has links) Cloud computing brings to the world of information systems many opportunities but also new risks. The main one is decreased customer ability to directly control the security of information and systems, because administration responsibility passes to providers. This thesis focuses on cloud services auditing from the small and medium enterprises perspective. In introduction, this work defines information system audit terminology, characterizes cloud services and analyzes international legislation. Standardization organizations, published standards and methodologies that are widely respected in IT field are introduced. For the trust mediation in the cloud are important independent third-party audits and organizations specializing in the examination and control of cloud providers. The assumptions list is assembled on this basis to support screening process and to check, whether enterprise, service providers and services are ready for creating efficient and safe cloud system. The assumptions are applied to selected cloud service providers.
32	Analýza zpracování osobních údajů podle Nařízení GDPR / Personal Data Processing Analysis under the GDPR Regulation Slámová, Gabriela January 2018 (has links) This diploma thesis deals with the proposal of a personal data protection system according to the General Data Protection Regulation in the organization Dentalife s.r.o.. The proposal was implemented on the basis of an analysis of the current situation which revealed serious shortcomings in line with the General Data Protection Regulation. Based on the identified deficiencies, a recommendation has been drawn up which, in the event of its subsequent implementation, will put the current situation into line with this Regulation. The theme of the diploma thesis was selected primarily because of its up-to-date and missing materials that would describe and explain the individual steps of the whole process of analysis and implementation.
33	Zobrazení a úprava informací v Transparency and Consent Framework / Transparency and Consent Framework Data Listing and Editing Postulka, Aleš January 2021 (has links) This thesis deals with the development of multilingual for web browsers Mozilla Firefox and Google Chrome. The purpose of the extension is to enable the automated management of provided consents to the processing of personal data on websites using the Transparency and Consent Framework. Extension was developed on the basis of knowledge about this framework and about legal norms GDPR and ePrivacy Directive, which deal with the protection of personal data. Knowledge of the method of developing extensions for web browsers using WebExtensions was also used during the implementation. During testing, consent was successfully enforced in 96,2 % of tested websites in Mozilla Firefox. In Google Chrome, success has been achieved in 82,1 % of tested websites. The banner requiring consent was not displayed in 33 % of websites in Mozilla Firefox and in 31,1 % of websites in Google Chrome.
34	Moderní technologie v medicíně a právo / Modern Technologies in Medicine and Law Konečná, Klaudie January 2020 (has links) Modern Technologies in Medicine and Law Abstract This thesis deals with the application of modern technologies in medicine from the perspective of law. The primary aim of this work is to analyse the given provisions of the Civil Code, Act on Health Services and Act on Medical Devices, and also to determine whether the current legislation represents a suitable legal framework able to respond to the implementation of modern technology in the healthcare sector. In connection with this analysis, author presents possibilities of legislative changes that would respond to these modern technologies. The work inter alia deals with the question of whether the use of some of these technologies within the provision of healthcare services can be considered compliant with the principle of lege artis. In the first chapter, the reader is introduced to the topic of the thesis. This chapter defines the basic terms and presents an overview of the legislation related to the chosen topic. The second chapter represents a main part of the thesis, where author deals with the topic of artificial intelligence. In this chapter, the reader is acquainted with the term of artificial intelligence and the definition of its legal status. Subsequently, author evaluates whether the current legislation constitutes appropriate legal frameworks...
35	Sledování zaměstnanců v kontextu Obecného nařízení o ochraně osobních údajů / Monitoring of employees in context of General Data Protection Regulation Röslerová, Karolína January 2020 (has links) 1 Monitoring of employees in context of General Data Protection Regulation Abstract This diploma thesis focuses on the supervision and monitoring of employees from multiple perspectives. Based on the relevant European and national caselaw the thesis specifies whether employees shall have right to the protection of their privacy and integrity at the workplace. Thesis also analyses selected aspects of personal data protection with emphasis on personal data of employees as data subjects processed by employers as controllers. In particular attention is devoted to selected obligations, which arises from General Data Protection Regulation for such personal data processing in the light of relevant statements and guidelines provided by the European Data Protection Board, Article 29 Data Protection Working Party and the Office for Personal Data Protection. Thesis in detail addresses the supervision of employees carried out by § 316 of the Labour code, whereas interprets its provisions as well as conditions for establishing the supervision of employees arising from such interpretation. Classification of the provisions of the § 316 paragraph 1 to 3 and their interdependencies are further outlined. Thesis defines monitoring as one way to carry out supervision under paragraph 2 through the analysis of the term...
36	Personal data protection in context of cyberwarfare Tovkun, Yulia January 2023 (has links) This thesis highlights the importance of a comprehensive approach to personal data protection in the context of cyber warfare. By combining legislative analysis, analysis of cyber incidents, threat modeling, and risk assessment, a robust framework can be developed to identify and mitigate security and privacy threats effectively. This study serves as a foundation for future research in the field of personal data protection and cybersecurity. Personal Data Protection Cyber Warfare Threat Modeling Risk Assessment Legislation Analysis Annan elektroteknik och elektronik
37	Proteção de dados pessoais: um direito relevante no mundo digital / Protection of personal data: a relevant law in the digital Word Henrique, Lygia Maria Moreno Molina 22 February 2016 (has links) Made available in DSpace on 2016-04-26T20:24:13Z (GMT). No. of bitstreams: 1 Lygia Maria Moreno Molina Henrique.pdf: 615418 bytes, checksum: c987b4fdb53a154420790f23c0ef6d1f (MD5) Previous issue date: 2016-02-22 / This work has as its central point the study of the right to protection of personal data and how this right is related to the flow of personal data, driven by dynamic new Internet economy. Reflectively, we will analyze issues relevant to the topic and to the current moment, starting with a social approach, broader and more comprehensive, which unfolded form will culminate in the development of the protection of personal data, both in international law, as in Brazil. Also, it will be object of study the use of data as a raw material for the provision of the services offered by companys.com, in order to create innovation and increase competition between them. As well as, we will demonstrate which options of control and protection of personal data the consumer / user has to protect their privacy. Conclusively, by evaluation of brazilian legislative propositions about personal data protection, we will issue a critical-reflective judgment about the failures and successes of each one front to the topics relevant to the protection of personal data / Essa dissertação tem como ponto central o estudo do direito à proteção de dados pessoais e de que modo este direito se relaciona com a circulação de dados pessoais, impulsionada pela nova e dinâmica economia da Internet. De forma reflexiva, analisaremos questões pertinentes ao tema e ao momento atual, iniciando com uma abordagem social, mais ampla e abrangente, a qual de forma desdobrada culminará na evolução da tutela de dados pessoais, tanto na legislação internacional, como na brasileira. Será ainda, objeto de estudo a utilização dos dados como matéria-prima para prestação dos serviços das empresas.com, de modo a criar inovações e acirrar a concorrência entre estas. Assim como, vamos demonstrar quais as opções de controle e tutela em relação à circulação de dados pessoais o consumidor/usuário possui a resguardar sua privacidade. De modo conclusivo, mediante a avaliação das proposituras legislativas brasileiras acerca da proteção de dados pessoais, emitiremos um juízo crítico-reflexivo sobre as falhas e êxitos de cada propositura, frente aos temas relevantes à tutela de dados pessoais Proteção de dados pessoais Economia da Internet Privacidade Circulação de dados pessoais Dados como matéria-prima Evolução da tutela de dados pessoais Buscadores Busca enviesada Direito de escolha do consumidor Prosumer Web 2.0 Direito ao esquecimento Personal data protection Internet economy Privacy Personal data circulation Data as a raw material Evolution of personal data protection Searcher Search bias Right of choice of the consumer Prosumer Right to be forgotten
38	Principe de finalité, protection des renseignements personnels et secteur public : étude sur la gouvernance des structures en réseau Duaso Calés, Rosario 09 1900 (has links) Thèse réalisée en cotutelle avec l'Université de Montréal et l'Université Panthéon-Assas Paris II / La question de la protection des renseignements personnels présente des enjeux majeurs dans le contexte des réseaux. Les premières lois en la matière au Canada et en Europe avaient pour base une série de principes qui sont encore aujourd’hui d’actualité. Toutefois, l’arrivée d’Internet et des structures en réseau permettant l’échange d’un nombre infini d’informations entre organismes et personnes ont changé la donne et induisent de nouveaux risques informationnels. Le principe de finalité, pierre angulaire des systèmes de protection des renseignements personnels, postule le caractère adéquat, pertinent et non excessif des informations collectées par rapport à l’objet du traitement et exige qu’elles soient uniquement utilisées à des fins compatibles avec la finalité initiale. Nous retracerons l’historique de ce principe et analyserons la manière dont la doctrine, la jurisprudence et les décisions du CPVPC comme de la CNIL ont contribué à délimiter ses contours. Nous étudierons comment ce principe se manifeste dans la structure en réseau de l’administration électronique ou du gouvernement électronique et nous relèverons les nouveautés majeures que présente l’État en réseau par rapport au modèle d’État en silo, ainsi que la nécessité d’une gouvernance adaptée à cette structure. Nous examinerons également la présence de standards juridiques et de notions à contenus variable dans le domaine de la protection des renseignements personnels et nous tenterons de montrer comment la finalité, en tant que principe ou standard, a les capacités de s’adapter aux exigences de proportionnalité, d’ajustement et de mutation continuelle qui sont aujourd’hui au cœur des défis de la gouvernance des réseaux. Finalement, il sera question de présenter quelques pistes pour l’adoption de mécanismes d’adaptation « réseautique » pour la protection des renseignements personnels et de montrer dans quelle mesure ce droit, capable de créer un cadre de protection adéquat, est également un « droit en réseau » qui possède tous les attributs du « droit post-moderne », attributs qui vont rendre possible une adaptation propre à protéger effectivement les renseignements personnels dans les structures, toujours changeantes, où circulent aujourd’hui les informations. / Personal data protection poses significant challenges in the context of networks. The first laws on this matter both in Canada and in Europe were based on a series of principles that remain valid today. Nevertheless, Internet and the development of network-based structures that enable infinite exchange of information between institutions and individuals are changing the priorities and, at the same time, present new risks related to data protection. The purpose principle, which is the personal data protection systems cornerstone, stresses the relevance and adequate yet not excessive nature of the collected information vis à vis the objective of data collection. The purpose principle also requires that the information shall not further be processed in a way incompatible with the initial purpose. We will describe the origins and evolution of this principle, as well as its present relevance and scope analysing the doctrine, jurisprudence and decisions of the Office of the Privacy Commissioner in Canada and of the Commission nationale de l’informatique et des libertés (CNIL) in France. We will also examine how this principle is reflected in the network structure of the digital administration and of the electronic government. We will also underline the differences between a network-based State and a « silo-based » State, each needing its structure of governance. Within the context of personal data protection, we will explore the presence of legal standards and of concepts with a changing nature. An effort will be made to highlight how purpose, be it as a principle or as a standard, has the capacity to adapt to the requirements of the core principles of the current network governance, such as proportionality, adjustment and continuous mutation. Finally, the objective is to reflect on some personal data protection network adaptation mechanisms, and to demonstrate how personal data protection can work in a network that includes all « post-modern law » elements that allow for true adaptation for effective personal data protection within the ever changing structures where data is being exchanged. Protection des renseignements personnels Vie privée Gouvernement électronique Internet Standard juridique Principe de finalité Réseau Gouvernance Personal data protection Electronic government Privacy Internet Legal standard Purpose principle Network Governance
39	我國與美國聯邦對身分竊用法律之比較研究 / A comparative study on the identity theft related laws and practices of Taiwan (R.O.C.) and U.S.A 徐子文, Hsu, Tzu Wen Daniel Unknown Date (has links) 因為資通訊科技之普及發達，提升經濟、社會活動的便捷性並豐富人們的生活品質，但一面兩刃，它同時也蘊藏了新興犯罪的機會，對經濟、社會活動之正常運作帶來威脅。其中，身分資料偷竊及身分冒用（以下簡稱「身分竊用」），已然成為資訊社會時代嚴重的新興犯罪之一。「身分竊用」一般俗稱為「身分竊盜」，其係由英文原文identity theft直譯而來。其實身分無從竊盜起，英文原文的identity theft其實也是簡稱，完整的意義是identity theft and assumption，係指行為人未經授權擅用他人用已表彰其身分的證明或資訊，從而冒用他人之身分，遂行各式活動。本研究為求接近其實際文意內涵，在本研究中將其譯為「身分竊用」。同為自由開放和高度科技化之社會，美國法律制度和社會機制環境雖與我多有不同，但其面對相同問題時的所受之影響和相對處理方式，或可為我國在處理同類問題時之參考。美國在身分竊用之相關法律，自從1970年代以降，至少制定20件以上的相關法律。先是從個人金融隱私權的保護著手，如在1970年制定《公平信用報告法》(FCRA)、1974年所制定的《隱私權法》(Privacy Act)。1998年則進一步制定通過《身分竊用嚇阻法》(Identity Theft and Assumption Deterrence Act)，明文規範「身分竊用」為刑事犯罪行為。《身分竊用嚇阻法》最重要價值是確認了身分被竊用的人也是犯罪被害者，相較於之前只有因犯罪者使用身分竊用手法而被詐騙失去財務的人才被認為是受害者，有了很大的進步。而之後的法律制定和實務處理即朝向個人資料保護、身分竊用預防和損害抑制，以及執法訴追等方向前進。本研究以身分識別理論為起點，探討身分竊用在現代資訊社會中之角色和因身分識別資料被竊取冒用所發生之行為對個人社會和經濟的影響，蒐集美國聯邦自1970代迄今所制定和處理身分竊用相關之法律並予以摘錄分類，最後比較兩國對身分竊用問題處理之異同，並嘗試提出借鏡調和應用的建議。本研究蒐集整理，並將其群組為四種類型。分別是：（一）身分竊用罪法群；（二）個人身分證之相關法群；（三）消費者信用報告法群，以及（四）個人資料保護法群。本研究發現，我國和美國雖然均面臨到身分竊用的問題，但因為國情和制度的不同，所受到的影響程度和所採取對應問題的方式也因此不同。例如：我國和美國在對個人識別號碼的態度和處理不同，美國是盡量打破個人利用單一獨特(unique)號碼進行識別的機制，而我國則是大量的使用。在個人身分證明文件上，我國較為統一，美國則較為分散，迄今尚未有全國統一性的身分識別證。在個人識別資料庫的建置和運用上，我國相對集中，美國重分散。我國對個人資料的保護是遵循歐盟模式，採取從上而下立法的方式。相反的，美國在個人資料保護作為上比較傾向建置一個結合法規、命令和自我管理的架構，而非由政府制訂的單一法規，係採由下而上模式。我國現在使用的國民身分證和身分證號在實體世界所建構的通用身分識別體系，因為個人資料庫雖分散但可集中連線查詢管理的特性，其在身分竊用防制機制的優勢因此建立。美國在對抗身分竊用問題所採取的方式雖因為國情和歷史的不同而和我國有相當程度的差異，但其在犯罪嚇阻控制上特別注意建立執法機關的查緝能力、訴追工具和司法機關量刑裁判的嚇阻效益，仍值得我國學習。本研究對於「美國聯邦量刑委員會」在其《量刑基準》上針對身分竊用罪的量刑考量及該委員會如此設計之源由稍有描述，或可為後續研究或實務參考之用。 / Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The first victim of identity theft is the person whose identity has been assumed by the identity thief and this person can suffer adverse consequences if they are held accountable for the perpetrator's actions. The other victims are those who were defrauded by identity theft tactics. Along with the prevalence of information and communication technology, identity theft is becoming a great threat to common people and even to national security. This study has collected more than 20 pieces of U.S.A. federal acts and statutes that related to combating identity theft problems. This study then categorizes then into 4 groups, namely 1) identity theft criminalization; 2) national personal identification system; 3) consumer credit report; and 4) personal data protection. In the mean time, this study also collected related laws and Taiwan (R.O.C.) for comparison. The government organization structures and legal systems between U.S.A. and Taiwan (R.O.C.) are very different, though the common goal of fighting identity theft is the same; the measures are quite different as well. In short, in terms of laws and personal identification system, the U.S.A. is more decentralized while in Taiwan (R.O.C.) it is more centralized. Taiwan (R.O.C.) has a national-wide and unified personal identification system that put it in a better position to respond and mitigate to identity theft impacts. On the other hand, from the law enforceability aspect, the study finds the U.S.A. provides better tools to law enforcement agencies and prosecutors to bring the offenders to justice in court and the judges have relatively more clear guidelines for case consideration and sentence. 身分竊用身分竊盜身分詐欺冒用身分個人資料保護電腦犯罪 Identity Theft Identity Fraud Privacy Personal Data Protection Cyber Crime
40	公務機關之間傳輸個人資料保護規範之研究－以我國、美國及英國法為中心 / A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K. 林美婉, Lin, Mei Wan Unknown Date (has links) 政府利用公權力掌握之個人資訊包羅萬象，舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達，使原本散置各處之資料，可以迅速連結、複製、處理、利用；而為了增加行政效率與減少成本，機關透過網路提供公眾服務日益頻繁，藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益，但是也伴隨許多挑戰，尤其當數機關必須共用資訊時，將使管理風險更添複雜與難度，一旦過程未加妥善管制，遭人竊取、竄改、滅失或洩露，不僅當事人隱私受損，也嚴重傷害政府威信。因此，凡持有個人資料的政府機關，均必須建立適當行政、技術與實體防護措施，以確保資料安全與隱密，避免任何可能危及資料真實之威脅與機會，而造成個人人格與公平之侵害。　　隨著全球經濟相互連結以及網路普及，個人資料保護如今已是國際事務，這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中，美國與英國關於資訊隱私法制發展有其不同歷史背景，目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法，以及預算管理局發布的相關指導方針；英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法，並且受獨立資訊官監督審核。此外，為了增加效率，減少錯誤、詐欺及降低個別系統維護成本，公務機關之間或不同層級政府所持有之個人資料流用有其必要性，故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下，我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定，機關內外監督機制亦付之闕如，使個人資料遭不當使用與揭露之風險提高。為了保障個人資訊隱私權，同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益，本研究建議立法或決策者可參酌美國與英國法制經驗，明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循，減少機關資訊流用莫衷一是的情況；而為保證個人資訊受到適當保護，除了事先獲得當事人同意外，機關進行資料共用之前，應由專業小組審核，至於考慮採取的相關重要措施尚有：（1）建置由政策、程序、人力與設備資源所組成之個人資訊管理系統（PIMS），並使成為整體資訊管理基礎設施的一部分；（2）指派高階官員負責施行及維護安全控制事項；（3）教育訓練人員增加風險意識，塑造良好組織文化；（4）諮詢利害關係人，界定共用資料範圍、目的與法律依據；（5）實施隱私衝擊評估（PIA），指出對個人隱私的潛在威脅並分析風險減緩替代方案；（6）簽定正式書面契約，詳述相關權利與義務；（7）執行內外稽核，監督法規遵循情況，提升機關決策透明、誠信與責任。關鍵詞：個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用 / Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual . As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data. To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions. Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing 個人資料保護隱私權資訊隱私資料傳輸資料共用 personal data protection privacy rights information privacy data transmission data sharing

Search results