| 摘要: | 許多國際組織皆制定有保護隱私權與個人資料的規範,故保護隱私權與個人資料幾乎成為國際社會的共識。為了避免資料當事人受到個資外洩的侵害,臺灣、歐盟、美國、澳洲、韓國個資保護相關法律皆有要求個資外洩時,洩漏個資之機關需將個資外洩的事實與因應措施通報資料當事人。歐盟、澳洲、韓國甚至規定除通知資料當事人外,亦應通知主管機關,由此可見要求個資外洩者需負通知義務已成了許多國家的共識。惟我國個資外洩通知義務的規範,與其他國家相較仍有檢討空間。
從人性尊嚴之憲法的觀點出發,憲法除保障學生個人的資訊隱私權外,學生之心理健康與人格發展亦屬於人性尊嚴之憲法所保護之範圍。而透過馬斯洛需求層次理論可知,強化個資外洩通知義務的規範,可協助滿足學生的心理需求,以增進學校教育學生之成效,故我國個資外洩通知義務的規範即有參酌外國法進行修法的必要。另透過資料安全稽核機制,可協助教育機構發現其個資保護的漏洞,故教育機構應強化其資料安全稽核機制。而教育機構在蒐集、處理或利用個資的過程中,仍可能不慎洩漏學生個資,透過修訂個資外洩通知義務規範、強化資料安全機制,將有助於減輕個資外洩對學生權利之侵害。
最後,本文建議我國應由專責主管機關受理個資外洩通知,並賦予該機關對違反通知義務的對象裁處行政罰或移送相關單位懲戒之權力。通知義務規範內容部分,個資法應就通知政府機關與資料當事人的內容、時間、方式進行詳盡規範,並要求洩漏個資機關提供資料當事人連繫管道。此外,教育機構應檢討資料安全稽核的制度,並將其所蒐集之學生個資進行有效的利用,以達成增進學校教育學生成效之目的。
Under the impact of many international organizations’ regulations on the protection of privacy and personal information, protecting privacy and personal information has almost become the consensus of the international community. Many countries, such as Taiwan, the EU, the United States, Australia and South Korea, have passed data breach notification laws, requiring leaking institutions to notify the data subject the fact that personal information has been infringed and the responding measures which have been taken in the event of data breach. In the EU, Australia, and South Korea, the laws even prescribe that leaking institutions should notify the competent authority in addition to the data subject when the data is leaked. Data breach notification has become the consensus of many countries. However, the norm of data breach notification in Taiwan, compared with other country’s norm, is still in need of improvement.
This article discusses student data breach notification from two aspects : (a) Maslow's hierarchy of needs (b) data security audit mechanism. From the view of human dignity in Constitution, the Constitution not only guarantees students’ information privacy but also students’ mental health and personality development. Through Maslow's hierarchy of needs, strengthening the regulations of data breach notification can help to meet the psychological needs of the students, and improve the effectiveness of the school education. Therefore, it is necessary to refer to foreign laws for the revision of the data breach notification law in Taiwan. In addition, establishing a mechanism of auditing information security can help the education agency to discover loopholes in its data protection. The education agency should strengthen its mechanism of auditing information security. Revising the data breach notification law and strengthening a mechanism of auditing information security will help mitigate the violation of student rights in the event of data breach .
In conclusion, this article first suggests that we should establish the Independent Public Authority to receive the data breach notification, and give the authority the power to exercise administrative sanction for those who violate the notification obligation or the power to transfer the violators to the related units to be disciplined. Secondly, Personal Information Protection Act in Taiwan should provide detailed instructions on t the content , the time and the mode of notifying the authority and the data subjects, and require data leakers to provide means by which the data subjects may contact the authority. Thirdly, the education agency should review the mechanism of auditing information security and effectively use student personal information to enhance the effectiveness of school education. |
