個人資料保護議題受到各國重視，組織為了遵循個人資料保護法規，避免商譽受損或遭受罰鍰，常使用隱私衝擊評估做為個人資料保護法規遵循性或隱私議題的一個評估工具。
目前隱私衝擊評估多半針對一般個人資料保護原則進行分析。而在一般個人資料保護原則當中，安全保護原則是要求企業必須採取適當的保護措施，保護所收集與使用的個人資料。雖然「安全」是隱私衝擊評估的評估項目之一，但是在組織需要深入評估、找出適合的安全措施，以滿足安全保護原則時，目前的隱私衝擊分析沒有提供一個細部的評估作法，使得企業可能需要額外使用一個方法或工具進行個資的安全評估，以滿足安全保護原則。在這個部分，目前一般會透過風險管理的方式，要求企業識別出主要的安全風險並採取相對應的因應措施。然而，若企業使用資訊安全風險評估技術評估個資安全風險，可能會因低估或忽略資產的價值，而使得評估出來的風險被低估。
為了解決問題，本研究使用資料流導向風險評估技術，開發出一個工具，以資料流程圖追蹤資料流的特性，協助評估者辨識出所有處理或儲存個資的資產，進行安全風險評估工作，並提供隱私衝擊評估讓組織將其他的個人資料保護原則也納入評估的工作。
而本研究的貢獻在於，在個資保護議題與個資法規逐漸受到企業重視的情況下，能夠提供企業一個較完善的資訊安全風險評估工具，讓企業可以因此採用最適當的安全控制措施。

Personal data protection has become an important issue recently. Several countries have enacted personal data protection regulations. To follow the personal data protection regulations, organizations are requested to perform privacy impact assessment (PIA). Security evaluation is critical to privacy impact analysis. In this case, organizations need to assess whether they have adopt appropriate security safeguards to protect personal data. However, current PIA approaches usually do not address how to find out appropriate security safeguards. In this case, organizations usually need to evaluate risks to personal data and adopt appropriate countermeasures to treat the risks. In state-of-the-art, organizations can use asset-driven and process-oriented approaches to evaluate risks to personal data. However, if organizations use existing information security risk assessment approaches, the risk may be underestimated.
For the very sake of that, this study proposes data-oriented risk assessment approaches and develops associated tools to assess risks to personal data in an organization. The approach uses data flow diagrams to trace personal data flows to help organizations to identify all the assets used or stored personal data. Then, risks to the assets and associated personal data are evaluated. Therefore, this study contributes to provide a means and associated tools for organization to evaluate risks to personal data more accurately and adopt appropriate safeguards to protect the data.

[1] C. Alberts, and A. Dorofee, “OCTAVE Threat Profiles,” Avalible at: http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf, 2004.
[2] ARTICLE 29 DATA PROTECTION WORKING PARTY, “Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications,” EU 00327/11/EN WP 180, February 11 2011.
[3] B. Blakley, E. McDermott, and D. Geer, “Information security is information risk management,” In Proceedings of the 2001 workshop on New security paradigms, Cloudcroft, New Mexico, 2001.
[4] B. Suh, and I. Han, “The IS risk analysis based on a business model,” Inf. Manage., vol. 41, no. 2, pp. 149-158, 2003.
[5] B. W. Boehm, “Software Risk Management: Principles and Practices,” IEEE Software, pp. 32-41, January/February 1991.
[6] C. Bennett, R. Bayley, A. Charlesworth, and R. Clarke, “Privacy impact assessments： International study of their applications and effects,” United Kingdom（UK）, Information Commissioner's Office（ICO）, October 2007.
[7] Commission of the European Communities, “EU Commission Recommendation of the Implementation of Privacy and Data Protection Principles in Applications Supported by RFID,” EU Commission Recommendation, 2009.
[8] CLUSIF Methods Commission, “MEHARI 2010 Risk analysis and treatment Guide,” CLUSIF（Club de la Securite de l'Information Francais）, August 2010.
[9] CRAMM., http://www.cramm.com/.
[10] Canadian Standards Association, “Model Code for the Protection of Personal Information: A National Standard of Canada,” CAN/CSA-Q830-96, 2001.
[11] C. J. Alberts, and A. Dorofee, “OCTAVE Criteria, Version 2.0,” Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, CMU/SEI-2001-TR-016, ADA3399229, December 2001.
[12] D. Tancock, S. Pearson, and A. Charlesworth, “A Privacy Impact Assessment Tool for Cloud Computing,” In Proceedings of Cloud Computing Technology and Science（CloudCom）'2010, pp.667-676, 2010.
[13] European Union, “Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data,” Official Journal of the European Communities, 1995.
[14] Europe’s Information Society, “Privacy and Data Protection Impact Assessment Framework for RFID Applications,” Europe’s Information Society Thematic Portal, January 12 2011.
[15] Francisco Lopez Crespo, Miguel Angel Amutio Gomez, and Javier Candau. MAGERIT - version 2: Book I - The Method. MINISTERIO DE ADMINISTRACIONES PUBLICAS, Madrid, 2006.
[16] GBDe（Global Business Dialogue on E-Commerce）, “Consumer Confidence-Personal Data Privacy Protection,” GBDe, September 14 2001, Avalible at: http://www.gbd-e.org/ig/cc/Personal_Data_Privacy_Protection_Sep01.pdf.
[17] M. Howard and D. E. Leblanc, “Writing Secure Code 2nd Ed.”, Redmond, WA, USA: Microsoft Press, 2003.
[18] Information and Privacy Commissioner of Ontario, “Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act,” October 2005, Available at: http://www.ipc.on.ca/images/Resources/up-phipa_pia_e.pdf.
[19] Information Commissioner's Office, “Privacy Impact Assessment Handbook v2.0,” I.K. Wilmslow, 2009, Available at: http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/files/PIAhandbookV2.pdf.
[20] ISO/IEC, “Information technology - security techniques - information security management systems – requirements,” ISO/IEC 27001:2005 International Standard, 2005.
[21] ISO/IEC, “Information technology - security techniques - information security management systems - Information security risk management,” ISO/IEC 27005:2008 International Standard, 2008.
[22] Internal Revenue Service（IRS）, “Best Practices: Privacy - Model information technology privacy impact assessment,” Federal Chief Information Officers（CIO） Council Sub-Committee on Privacy Recommendation, February 25 2000, Available at: http://www.cio.gov/Documents/pia for it irs model.pdf.
[23] OECD, “OECD guidelines on the protection of privacy and transborder flows of personal data,” Organization for Economic Cooperation and Development, 1980.
[24] Office of the Victorian Privacy Commissioner, “Privacy Impact Assessments Report Template,” May 2009.
[25] R. Clarke, “Privacy impact assessment: Its origins and development,” Computer Law & Security Review, 25（2009）, pp.123-135.
[26] R. Clarke, “An evaluation of privacy impact assessment guidance documents,” International Data Privacy Law, Oxford Journals, vol. 1, Issue2, 2011, pp. 111-120.
[27] Risk Mosaic., http://www.riskmosaic.com/.
[28] S. Abu-Nimeh, and N. R. Mead, “Privacy risk assessment in privacy requirements engineering,” In RELAW: The Second International Workshop on Requirements Engineering and Law, 2009.
[29] S. Abu-Nimeh, S. Miyazaki, and N. R. Mead, “Integrating privacy requirements into security requirements engineering,” In Proceedings of the 21st International Conference on Software and Knowledge Engineering, 2009, pp. 542–547, 2009.
[30] Service Alberta, “Privacy Compliance: Privacy Impact Assessments Chapter 9.3（pp. 328–33） of ‘Guidelines and Practices,” 2005, rev. 2009, pp. 328, 330, Available at: http://www.servicealberta.ca/foip/resources/chapter-9.cfm.
[31] Shi-Cho Cha, Li-Ting Liu, and Bo-Chen Yu, “Process-Oriented Approach for Validating Asset Value for Evaluating Information Security Risk,” In Proceedings of International Conference on IEEE Computational Science and Engineering, vol. 3, 29-31, August 2009, pp. 379 - 385.
[32] S. Taubenberger , and J. Jurjens, “IT Security Risk Analysis based on Business Process Models enhanced with Security Requirements,” International Conference on Model Driven Engineering Languages and Systems（MODELS）, vol. 413, 28 September 2008.
[33] 中華民國法務部, “個人資料保護法,” 2010.
[34] 中華民國法務部, “APEC隱私保護綱領-中英對照版本,”中華民國法務部出版物, Avalible at: http://www.moj.gov.tw/public/attachment/7199515432.pdf.
[35] 中華民國立法院國會圖書館, “個人資料保護法修正沿革”.
[36] 范姜真媺, “日本個人資訊保護法之立法—基本原則之介紹,” 銘傳大學法學論叢,第1期, 2003年11月,頁45.
[37] 郭戎晉, “日本「個人資料保護管理體系」與「隱私標章」制度之初探,” 資訊法務透析,第20卷,第12期,頁2-12, ISSN:1608-9499, 2008年12月.
[38] 辜任廷, “一個兼顧資訊透明與落實之RFID應用隱私權政策撰寫指引,” 碩士論文,國立台灣科技大學資訊管理研究所, 2010.
[39] 潘兆娟, “網路企業自律機制對消費者信任影響之研究：隱私保護及交易安全認知觀點,” 博士論文,國立政治大學科技管理研究所, 2006.