- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 511 to 520 of 587 (0.212 seconds)| 511 |
公務機關之間傳輸個人資料保護規範之研究-以我國、美國及英國法為中心 / A Comparative Study of Regulations for the Protection of Personal Data Transmitted between Government Agencies in Taiwan, the U.S. and the U.K.林美婉, Lin, Mei Wan Unknown Date (has links)
政府利用公權力掌握之個人資訊包羅萬象,舉凡姓名、生日、身分證字號、家庭、教育、職業等。科技進步與網際網路發達,使原本散置各處之資料,可以迅速連結、複製、處理、利用;而為了增加行政效率與減少成本,機關透過網路提供公眾服務日益頻繁,藉由傳輸共用個人資料等情況已漸成常態。這些改變雖然對政府與民眾帶來利益,但是也伴隨許多挑戰,尤其當數機關必須共用資訊時,將使管理風險更添複雜與難度,一旦過程未加妥善管制,遭人竊取、竄改、滅失或洩露,不僅當事人隱私受損,也嚴重傷害政府威信。因此,凡持有個人資料的政府機關,均必須建立適當行政、技術與實體防護措施,以確保資料安全與隱密,避免任何可能危及資料真實之威脅與機會,而造成個人人格與公平之侵害。
隨著全球經濟相互連結以及網路普及,個人資料保護如今已是國際事務,這個趨勢顯現在愈來愈多的國家法律與跨國條款如OECD、歐盟、APEC等國際組織規範。而在先進國家中,美國與英國關於資訊隱私法制發展有其不同歷史背景,目前美國聯邦機關持有使用個人資料必須遵循的主要法規為隱私法、電腦比對與隱私保護法、電子化政府法、聯邦資訊安全管理法,以及預算管理局發布的相關指導方針;英國政府則必須遵守人權法與歐盟指令架構所制定的資料保護法,並且受獨立資訊官監督審核。此外,為了增加效率,減少錯誤、詐欺及降低個別系統維護成本,公務機關之間或不同層級政府所持有之個人資料流用有其必要性,故二國在資料傳輸實務上亦有特殊規定或作業規則。相較之下,我國2012年10月1日始施行的「個人資料保護法」對於公部門間傳輸個人資料之情形並無具體規定,機關內外監督機制亦付之闕如,使個人資料遭不當使用與揭露之風險提高。
為了保障個人資訊隱私權,同時使公務機關之間傳輸利用個人資訊得以增進公共服務而不違反當事人權益,本研究建議立法或決策者可參酌美國與英國法制經驗,明定法務部負責研擬詳細實施規則與程序以供各機關傳輸個人資料之遵循,減少機關資訊流用莫衷一是的情況;而為保證個人資訊受到適當保護,除了事先獲得當事人同意外,機關進行資料共用之前,應由專業小組審核,至於考慮採取的相關重要措施尚有:(1)建置由政策、程序、人力與設備資源所組成之個人資訊管理系統(PIMS),並使成為整體資訊管理基礎設施的一部分;(2)指派高階官員負責施行及維護安全控制事項;(3)教育訓練人員增加風險意識,塑造良好組織文化;(4)諮詢利害關係人,界定共用資料範圍、目的與法律依據;(5)實施隱私衝擊評估(PIA),指出對個人隱私的潛在威脅並分析風險減緩替代方案;(6)簽定正式書面契約,詳述相關權利與義務;(7)執行內外稽核,監督法規遵循情況,提升機關決策透明、誠信與責任。
關鍵詞:個人資料保護、隱私權、資訊隱私、資料傳輸、資料共用 / Governments have the power to hold a variety of personal information about individuals, such as the name, date of birth, I.D. Card number, family, education, and occupation. Due to advanced technology and the use of the Internet, personal data stored in different places can be connected, copied, processed, and used immediately. It is relatively common for government agencies to provide people with services online as well as transmit or share individual information to improve efficiency and reduce bureaucratic costs. These changes clearly deliver great benefits for governments and for the public, but they also bring new challenges. Specifically, managing risks around sharing information can sometimes become complicated and difficult when more than one agency is involved. If the government agency which keeps personal information cannot prevent it from being stolen, altered, damaged, destroyed or disclosed, it can seriously erode personal privacy and people’s trust in the government. Therefore, each agency that maintains personal data should establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of data and to protect against any anticipated threats or hazards to the integrity which could result in substantial harm on personality and fairness to any individual .
As the global economy has become more interconnected and the Internet ubiquitous, personal data protection is by now a truly international matter. The trend is fully demonstrated by the growing number of national laws, supranational provisions, and international regulations, such as the OECD, the EU or the APEC rules. Among those developed countries, both the U.S. and the U.K. have their historical contexts of developing legal framework for information privacy. The U.S. Federal agency use of personal information is governed primarily by the Privacy Act of 1974, the Computer Matching and Privacy Protection Act of 1988, the E-Government Act of 2002 , the Federal Information Security Management Act of 2002, and related guidance periodically issued by OMB. The U.K. government has to comply with the Human Rights Act and the Data Protection Act of 1998 which implemented Directive 95/46/EC. Its use of individual data is overseen and audited by the independent Information Commissioner. Further, because interagency data sharing is necessary to make government more efficient by reducing the error, fraud, and costs associated with maintaining a segregated system, both countries have made specific rules or code of practice for handling the transmission of information among different agencies and levels of government. By contrast, Taiwan Personal Information Protection Act of 2010 which finally came into force on 1 October 2012 contains no detailed and clear provisions for data transmitted between government agencies. Moreover, there are also no internal or external oversight of data sharing practices in the public sector. These problems will increase the risk of inappropriate use and disclosure of personal data.
To protect individual information privacy rights and ensure that government agencies can enhance public services by data sharing without unreasonably impinging on data subjects’ interests, I recommend that law makers draw on legal experiences of the U.S. and the U.K., and specify that the Ministry of Justice has a statutory duty to prescribe detailed regulations and procedures for interagency data transmission. This could remove the fog of confusion about the circumstances in which personal information may be shared. Also, besides obtaining the prior consent of the data subject and conducting auditing by a professional task force before implementing interagency data sharing program, some important measures as follows should be taken: (1) Establish a Personal Information Management System which is composed of the policies, procedures, human, and machine resources to make it as part of an overall information management infrastructure; (2) Appoint accountable senior officials to undertake and maintain the implementation of security controls; (3) Educate and train personnel to raise risk awareness and create a good organizational culture; (4) Consult interested parties and define the scope, objective, and legal basis for data sharing; (5) Conduct privacy impact assessments to identify potential threats to individual privacy and analyze risk mitigation alternatives; (6) Establish a formal written agreement to clarify mutual rights and obligations; (7) Enforce internal as well as external auditing to monitor their compliance with data protection regulations and promote transparency, integrity and accountability of agency decisions.
Key Words: personal data protection, privacy rights, information privacy, data transmission, data sharing
|
| 512 |
Coding techniques for information-theoretic strong secrecy on wiretap channelsSubramanian, Arunkumar 29 August 2011 (has links)
Traditional solutions to information security in communication systems act in the application layer and are oblivious to the effects in the physical layer. Physical-layer security methods, of which information-theoretic security is a special case, try to extract security from the random effects in the physical layer. In information-theoretic security, there are two asymptotic notions of secrecy---weak and strong secrecy
This dissertation investigates the problem of information-theoretic strong secrecy on the binary erasure wiretap channel (BEWC) with a specific focus on designing practical codes. The codes designed in this work are based on analysis and techniques from error-correcting codes. In particular, the dual codes of certain low-density parity-check (LDPC) codes are shown to achieve strong secrecy in a coset coding scheme.
First, we analyze the asymptotic block-error rate of short-cycle-free LDPC codes when they are transmitted over a binary erasure channel (BEC) and decoded using the belief propagation (BP) decoder. Under certain conditions, we show that the asymptotic block-error rate falls according to an inverse square law in block length, which is shown to be a sufficient condition for the dual codes to achieve strong secrecy.
Next, we construct large-girth LDPC codes using algorithms from graph theory and show that the asymptotic bit-error rate of these codes follow a sub-exponential decay as the block length increases, which is a sufficient condition for strong secrecy. The secrecy rates achieved by the duals of large-girth LDPC codes are shown to be an improvement over that of the duals of short-cycle-free LDPC codes.
|
| 513 |
Data Protection and Data Security Concept for Medical Applications in a Grid Computing Environment / Ein Datenschutz- und Datensicherheits-konzept für medizinischen Anwendungen in einer Grid-Computing UmgebungMohammed, Yassene 28 October 2008 (has links)
No description available.
|
| 514 |
A multi-modular dynamical cryptosystem based on continuous-interval cellular automataTerrazas Gonzalez, Jesus David 04 January 2013 (has links)
This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis.
|
| 515 |
A multi-modular dynamical cryptosystem based on continuous-interval cellular automataTerrazas Gonzalez, Jesus David 04 January 2013 (has links)
This thesis presents a computationally efficient cryptosystem based on chaotic continuous-interval cellular automata (CCA). This cryptosystem increases data protection as demonstrated by its flexibility to encrypt/decrypt information from distinct sources (e.g., text, sound, and images). This cryptosystem has the following enhancements over the previous chaos-based cryptosystems: (i) a mathematical model based on a new chaotic CCA strange attractor, (ii) integration of modules containing dynamical systems to generate complex sequences, (iii) generation of an unlimited number of keys due to the features of chaotic phenomena obtained through CCA, which is an improvement over previous symmetric cryptosystems, and (iv) a high-quality concealment of the cryptosystem strange attractor. Instead of using differential equations, a process of mixing chaotic sequences obtained from CCA is also introduced. As compared to other recent approaches, this mixing process provides a basis to achieve higher security by using a higher degree of complexity for the encryption/decryption processes. This cryptosystem is tested through the following three methods: (i) a stationarity test based on the invariance of the first ten statistical moments, (ii) a polyscale test based on the variance fractal dimension trajectory (VFDT) and the spectral fractal dimension (SFD), and (iii) a surrogate data test. This cryptosystem secures data from distinct sources, while leaving no patterns in the ciphertexts. This cryptosystem is robust in terms of resisting attacks that: (i) identify a chaotic system in the time domain, (ii) reconstruct the chaotic attractor by monitoring the system state variables, (iii) search the system synchronization parameters, (iv) statistical cryptanalysis, and (v) polyscale cryptanalysis.
|
| 516 |
論跨境資訊流通與資料保護之兩難與平衡─從TPP下的資料當地化議題出發 / The Dilemma and Balance between Trans-border Data Flow and Data Protection on Issue of Data Localization in The TPP黃致豪, Huang, Chih Hao Unknown Date (has links)
隨著全球電子商務的蓬勃發展,為在資訊流通與資料保護之間取得平衡,跨境資訊流動議題在國際經貿整合中往往也成為各國談判的焦點之一。其中,TPP中各國更進一步地處理「當地設立伺服器」議題,並提案將以「必要性測試」作為各國施行該措施之前提,本文遂就該測試在相關措施下之運作進行探討,並針對我國未來制度上與國際接軌之方向提出建議。
本文透過文獻分析法,歸納出必要性測試的評估過程中有「替代性措施對政策目標之貢獻程度」、「政策目標或價值之重要性」、「對國際貿易之限制性」幾個重要因素,另外在針對澳洲措施的分析中,有司法管轄權、技術、國際間合作狀況與行政成本,需納入考量之因素。然而,我國法制中尚未有更具體的管制措施,而經貿協議中僅止於承認彼此之資訊流通管制規範。未來或可參考澳洲之做法,同時由前歸納之因素評估該作法之必要性。 / The issue of trans-border data flow has been treated as one of those significant trade liberalization topics while global electronic commerce continues to surge and countries are striving to build common ground on the balance between data flow as well as data protection. Among these efforts of trade integration, “necessity test” was proposed when the members within TPP go further to negotiate whether the regulation of “localization data center” should be banned or not. In this article, we will conduct analysis toward how will the test work with potentially disputing measures and provide suggestions for Taiwan’s legislation to be geared to international treaties and standards.
Through documentary analysis, factors evaluated against possible alternative measures when exercising necessity tests are summed up as contribution made by the compliance measure to the enforcement of the law or regulation at issue, the importance of the common interests or values protected by that law or regulation, and the accompanying impact of the law or regulation on imports or exports. Furthermore, as what has been shown by analyzing the Australian measure, we concluded that jurisdiction, techniques, international cooperation and administrative costs should also be taken into account. However, due to the lack of more practical measures and the topic in Taiwan’s concluded trade agreements is still in its infancy, I suggested that related authority can take the Australia’s measure as an example on basis of the above-mentioned factors.
|
| 517 |
Asmens duomenų apsaugos teismų sistemoje teisiniai aspektai / Legal aspects of personal data protection in the judicial systemŠivickas, Manvydas 30 December 2006 (has links)
The means of personal data protection in courts, legal acts, regulating that, are analyzed in the final work ,,Legal aspects of personal data protection in the judicial system“. The implementation of information technologies in the work of courts has fasten the judge of cases, though when the automate administration of personal data started, the danger personal data to be detected has increased, breaking the persons` right to privacy. The author also analyses the purpose of a courts` information system LITEKO and the data, which is administrated with this program. It is aiming to find out the measures, which can be used to strengthen the protection of personal data. The author while analyzing the practical situation of personal data protection in courts, gives recommendations, how occurring problems could be solved. The work brings us to the main conclusion, that personal data protection and the right to the privacy should not be made absolute. The ways how to protect personal data and the right to privacy in court processes, to guarantee the quality of court process and the reliability in courts should be found.
|
| 518 |
Zur Erzeugung hochauflösender datenschutzkonformer MischrasterkartenDießelmann, Markus, Meinel, Gotthard 10 February 2015 (has links) (PDF)
Die zunehmende Verfügbarkeit adressbezogener Daten im Zusammenhang mit der Nutzung geometrischer Raster zur Raumuntergliederung haben die Voraussetzungen für kleinräumige Analysen deutlich verbessert. Bei der Verwendung personenbezogener Daten müssen datenschutzrechtliche Vorgaben eingehalten werden, falls die Rasterzellen zu wenig Fallzahlen enthalten. Vielfach werden diese Rasterzellen ausgeblendet, wodurch Informationen in der Karte verloren gehen.
Eine datenschutzkonforme Alternative stellt die Aggregation von Rasterzellen dar, bis die Fallzahlen einen vorgegebenen Grenzwert überschreiten. In diesem Beitrag werden Möglichkeiten vorgestellt und bewertet, nach denen sich datenschutzkonforme Mischrasterkarten erzeugen lassen. Besonderes Augenmerk wird auf die Auflösungsverluste der erzeugten Mischrasterkarten gelegt, um geeignete Datengrundlagen für kleinräumige Analysen zu schaffen.
|
| 519 |
Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectivenessFrangopoulos, Evangelos D. 31 March 2007 (has links)
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject. / Information Systems / M. Sc. (Information Systems)
|
| 520 |
Le droit à la protection des données personnelles : recherche sur un droit fondamental / The right to data protection : study on a human rightDebaets, Émilie 12 December 2014 (has links)
La révolution numérique est ambivalente. Si elle constitue un moyen de renforcer la capacité de l'Etat à réaliser ses missions et celle des individus à exercer certains de leurs droits, elle permet simultanément l'enregistrement et la conservation d'une part croissante de l'existence individuelle quotidienne. Face au renforcement des possibilités de contrôle de l'individu, il est régulièrement proposé d'inscrire, dans les textes situés au sommet d, la hiérarchie des normes, un droit fondamental à la protection des données personnelles car l'existence d'un tel droit améliorerait la protection offerte à l'individu. La thèse procède à une analyse descriptive, explicative et évaluative du droit fondamental à la protection des données personnelles. Afin de démontrer la construction d'un tel droit par la jurisprudence constitutionnelle française et les jurisprudences européennes, l'étude s'est d'abord attaché à découvrir les soubassements de celui-ci. Ce droit a ensuite pu être précisé et distingué des autres droits fondamentaux tels que le droit au respect de la vie privée. Afin de mesurer la portée de ce droit, l'étude s'est ensuite attachée à analyser les restrictions dont il peut faire l'objet lorsqu'il entre en conflit avec d'autres intérêts individuels également protégés ou avec des contraintes collectives relevant de l'intérêt général. L'amélioration de la protection offerte à l'individu n'est donc pas aussi évidente qu'il pourrait paraitre. Elle pourrait cependant résulter de la restructuration du processus normatif que ce droit fondamental à la protection des données personnelles implique. / The digital revolution is ambivalent. On the one hand, it empowers the State to strengthen its ability to fulfil its responsibilities and the individuals to exercise some of their rights, yet on the other hand, it enables the capturing and storing of an increasing part of day to day personal life. In order to address the increased surveillance of individuals, proposals are regularly put forward to incorporate, at the very highest judicial level, a human right to personal data protection, as the existence of such a right would improve the protection afforded to individuals. This thesis undertakes a descriptive, explanatory and evaluative analysis of the human right to personal data protection. In order to examine the making of such a right by the French constitutional court, the European Court of Human Rights and the Court of Justice of the European Union, this study sets out first to reveal its foundations. The right to data protection is then clearly identified and distinguished from other human rights such as the right to privacy. In order to measure the extent of such a right, the study then focusses on analysing the restrictions to which it may be subject when in conflict with other equally protected individual rights or with collective constraints of general interest. The enhancement of the protection afforded to the individual is therefore not as straightforward as it may initially seem. Such enhancement could however arise from the restructuring of the normative process which this human right to data protection implies.
|
Page generated in 0.2978 seconds