||It can be found that some of personal profiles were theft or leaked from the recent fraud cases, whether in public or non-public agencies. The important legal basis and providing relevant norms of personal data protection named "Computer-Processed Personal Data Protection Act" was announced in 1995. Because the area of data protection just be limited in the processing of data within the computer and confined to some industries, the act has been outdated and flawed. In view of this, "Computer-Processed Personal Data Protection Act Amendment" was gone through the entire three-reading procedure by legislative Yuan by significantly modifying the contents and renamed it to "Personal Data Protection Act" on April 2010. From now on, public agencies, non-official agencies and individuals should all follow this new version act when collecting, processing or using personal data. Furthermore, new act also extends the protection scope, not just computer processing data but also includes manual processing t information.|
It’s a very important block to protect companies’ and customers’ confidential information from being leaked on information security management. In the past, the plan for information security mostly is to prevent hackers, viruses and other external attacks and develop information security policies. Some enterprises are considering more holistic by constructing intrusion prevention system (IPS), intrusion detection system (IDS), firewall, antivirus wall, identity authentication and other security mechanisms. But just as home protection, no one can guarantee not be stolen even having a standing guard over 24 hours or anti-theft device or watchdogs, etc. Similarly, the risk of data leakage could not be reduced to zero no matter how to consolidate the information protection security.
Public agencies have a lot of personal information relying on their positions. After the new version act implemented, they will be subject to the new norms of the Personal Information Protection Act when collecting, processing and using personal data. This study focuses on building appropriate information security architecture and management mechanism for public agencies so can meet the new requirements.