Open Access  Subscription Access

個人資料保護法施行細則第17 條闡明：「......所稱資料經過處理後或依其揭露方式無從識別當事人，指個人資料以代碼、匿名、隱藏部分資料或其他方式，無從辨識該特定個人」亦即通稱之「去識別化(De-identification)」的議題，自2014年11月17日法務部法律字第10303513040號函之函釋：「去識別化之個人資料依其呈現方式已無從直接或間接識別該特定個人者即非屬個人資料」起，其「驗證(Certification)」成為我國標準化工作項目的優先項目。根基於此，本文探討國際標準組織(InternationalOrganization for Standardization, ISO)於此議題之標準化作業的全景與我國宜實做之驗證方案。Enforcement Rules of the Personal Information Protection Act Article 17 states that ＂the Act shall mean the personal information processed by ways of code, anonymity, hiding parts of information or other manners so as to fail to identify such a specific person.＂, so as call the ＂Deidentification＂ issue. Since 2014, Nov 17^(th) the Ministry of Justice has explained that ＂Deidentified personal information cannot identify directly or in-directly a specified individual.＂ certification has become our standardization primary issue. Thus, we discuss what ISO's standardize work and what we should do in certifications.

驗證; 去識別化; 個人資料管理系統; 資訊安全管理系統; 標準化; Certification; De-identification; Personally Information Management System (PIMS); Information Security Management System (ISMS); Standardization