隨著新興科技的進步，越來越多的企業都在蒐集資料，蒐集的資料越多，就能更了解使用者，以便提供更貼近使用者需求的服務。但是，不當的資料蒐集與保護所造成的隱私風險，成了不可輕視的問題。尤其在2018年5月25日後GDPR ( General Data Protection Regulation )正式實施，因為其高額的罰款，使得各國政府機構、組織還有公司企業更重視隱私保護的相關議題。
企業必須確保如何評估隱私的安全性，以及落實隱私保護。一旦蒐集了資料，就必須要保護這些資料的安全性。就這點來說，最重要的是要做風險評估。然而，各企業或組織在落實GDPR中，雖然有些國家訂出了法律層面的通則和標準，但仍然沒有一個具體的方法，能讓企業做好個資風險評估。
有鑑於此，本研究將提供一個不複雜且易懂的方法，使企業能用來識別及評估個人資料安全的風險，透過一個直觀的方式去呈現資料處理的流程，並從隱私工程的角度去進行威脅模型評估，對資料流程去做建模、定義流程、系統架構，提供一個不需耗費大成本又可以滿足基本法規要求的方法論，來對資料流程安全做分析。本研究所提的方法特色為能夠呈現資料流的關聯性，並將之反映在風險評估上。然而，過去在做PIA，或是考量資料去識別的風險、個人資料安全分析方法時，並沒有考慮到資料去識別化對於資料的影響，但是如果設計風險評估的時候，若能把去識別化的影響帶入評估考量，就可以更精準的去評估相關的風險。因此，本研究結果所提出對資料安全的風險評估方法，可望能作為往後資料價值相關研究的參考。

With the advances of data collecting and processing emerging technologies, more and more companies collect customer data to provide more tailored service for competitive advantages. However, the privacy risks caused by improper data collection and protection should be brought into the spotlight. Especially, GDPR was officially effected on the 25th May 2018. Moreover, to avoid the high fines of violating GDPR, companies have to pay more attention to protect customer data.
After collecting personal data, the enterprises must ensure how to protect the data security and implement. In this regard, the most important thing is to do a risk assessment. Currently, although there are many guidelines being proposed to help organizations to comply with GDPR in managing security risks of collected personal data. However, the guidelines do not provide details how to evaluate the security risks of collected personal data.
Therefore, this study provides an uncomplicated and easy approach, to identify and assess the risks of personal data security. With the proposed method, organizations can identify how risks of personal data are changed and provide advices about the risks based on relationship of data processed. It could meet the basic regulatory requirements without the large cost. The proposed scheme focuses on the relationship of data and uses data relationship to refine the results of security risks evaluation. However, when doing PIA in the past, it did not consider the impact of de-identification on data. Consequently, the proposed scheme can advise companies to adopt PET technologies, considering the risks of data de-identification and personal data security analysis methods, such as de-identification and visualize their effects. So that the impact of the assessment can be more accurate to assess the associated risks .
To sum up, the thesis can hopeful contributes to providing a novel and uncomplicated means for organizations to evaluate their security risks of personal data.

[1] Warren, S. D., & Brandeis, L. D. (1890). Right to privacy. Harv. L. Rev., 4, 193.
[2] The U.S. Department of Health and Human Services (HHS) [Online]. Available: https://www.hhs.gov/about/historical-highlights/index.html
[3] European Commission, Article 32 "Security of processing" EU 2016/679 (GDPR), [Online]. Available: http://www.privacy-regulation.eu/en/article-32-security-of-processing-GDPR.htm
[4] ISO/IEC, “ISO/IEC 29134:2017(en), (2017). Information technology - Security techniques -Guidelines for privacy impact assessment,” [Online]. Available: https://www.iso.org/standard/62289.html
[5] Erika McCallister, Tim Grance, Karen Scarfone. (2010). National Institute of Standards and Technology. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), Special Publication 800-122, U.S. Department of Commerce, April. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
[6] Solove, D. J. (2016). A brief history of information privacy law. Proskauer on privacy, PLI.
[7] First Amendment, Amendment I, United States Constitution, Legal Information Institute [Online]. Available: https://www.law.cornell.edu/constitution/first_amendment
[8] Organization for Economic Co-operation and Development(OECD), [Online]. Available: https://www.oecd.org/
[9] OECD Guidelines for the Protection of Privacy and Transborder Data Flows, [Online].Available:https://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
[10] Directive 95/46/EC European Parliament and of the Council (1995) [Online]. Available: http://data.europa.eu/eli/dir/1995/46/oj
[11] European Commission, Article 25(1), "Cross-border issues under EU data protection law with regards to personal data protection" European Union (EU) [Online]. Available: https://www.tandfonline.com/doi/full/10.1080/13600834.2017.1330740
[12] General Data Protection Regulation (EU) 2016/679 [Online]. Available: https://gdpr-info.eu/ [Online]. Available:https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/#targetText=Article%205(1)%20requires%20that,lawfulness%2C%20fairness%20and%20transparency')%3B&targetText=(c)%20adequate%2C%20relevant%20and,processed%20('data%20minimisation')%3B
[13] European Commission, Article 35 "Data protection impact assessment" EU 2016/679 (GDPR) [Online]. Available: http://www.privacy-regulation.eu/en/article-35-data-protection-impact-assessment-GDPR.htm
[14] Wright, D. (2011). Should privacy impact assessments be mandatory? Communications of the ACM, 54(8), 121-131.
[15] Wright, D., Finn, R., & Rodrigues, R. (2013). A comparative analysis of privacy impact assessment in six countries. Journal of Contemporary European Research, 9(1).
[16] European Commission, Article 29 Working Group WP248 Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”for the purposes of Regulation 2016/679
[17] Wright, D. (2013). Making privacy impact assessment more effective. The Information Society, 29(5), 307-315
[18] ENISA (2018) Handbook on Security of Personal Data Processing. European Union Agency For Cybersecurity English (en) [Online]. Available: https://www.enisa.europa.eu/publications/handbook-on-security-of-personal-data-processing
[19] European Commission, Article 37, "Designation of the data protection officer" EU 2016/679 (GDPR) [Online]. Available: http://www.privacy-regulation.eu/en/article-37-designation-of-the-data-protection-officer-GDPR.htm
[20] Wright, D., Finn, R., & Rodrigues, R. (2013). A comparative analysis of privacy impact assessment in six countries. Journal of Contemporary European Research, 9(1).
[21] Wright, D. (2013). Making privacy impact assessment more effective. The Information Society, 29(5), 307-315.
[22] Clarke, R. (2011). An evaluation of privacy impact assessment guidance documents. International Data Privacy Law, 1(2), 111-120.
[23] Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons
[24] Peter Torr (2011) Microsoft's Windows Phone multitasking [Online]. Available: https://channel9.msdn.com/events/speakers/Peter-Torr
[25] LINDDUN: a privacy threat analysis framework [Online]. Available:
https://people.cs.kuleuven.be/~kim.wuyts/LINDDUN/LINDDUN.pdf
[26] Cha, S. C., Liu, L. T., & Yu, B. C. (2009, August). Process-oriented approach for validating asset value for evaluating information security risk. In 2009 International Conference on Computational Science and Engineering (Vol. 3, pp. 379-385). IEEE.
[27] Cha, S. C., Hsu, T. Y., Xiang, Y., & Yeh, K. H. (2018). Privacy Enhancing Technologies in the Internet of Things: Perspectives and Challenges. IEEE Internet of Things Journal, 6(2), 2159-2187.
[28] European Commission, (2018). Recital 26 EU 2016/679 (GDPR), [Online]. Available: http://www.privacy-regulation.eu/en/recital-26-GDPR.htm
[29] Dwork, C. (2011). Differential privacy. Encyclopedia of Cryptography and Security, 338-340.
[30] Sahai, A., & Waters, B. (2005, May). Fuzzy identity-based encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (pp. 457-473). Springer, Berlin, Heidelberg.
[31] Li, N., Li, T., & Venkatasubramanian, S. (2007, April). t-closeness: Privacy beyond k-anonymity and l-diversity. In 2007 IEEE 23rd International Conference on Data Engineering (pp. 106-115). IEEE.
[32] The Council of Canadian Academies, (2015). Accessing Health and Health-Related Data in Canada -The Expert Panel on Timely Access to Health and Social Data for Health Research and Health System Innovation, [Online]. Available:
https://secure.cihi.ca/free_products/privacy-policy-2017-en.pdf (2017).
[33] NHS Digital, Anonymisation Standard for Publishing Health and Social Care Data-About this information standard, [Online]. Available:http://content.digital.nhs.uk/isce/publication/isb1523
[34] Health Insurance Portability and Accountability Act (1996) United States Congress
[35] Safe Harbor, European Court of Justice [Online]. Available: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework
[36] EU WP 216, (2014) [Online]. Available: https://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/index_en.htm
[37] El Emam, K., & Fineberg, A. (2009). An overview of techniques for de-identifying personal health information. Access to Information and Privacy Division of Health Canada.
[38] El Emam, K. (2010). Risk-based de-identification of health data. IEEE Security & Privacy, 8(3), 64-67.
[39] BSI, BS 10012:2017, (2017). Data protection. Specification for a personal information management system [Online]. Available: https://shop.bsigroup.com/en/ProductDetail/?pid=000000000030175849
[40] Sweeney, L. (2002). k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05), 557-570.
[41] Article 32 of Directive 95/46/EC stipulates, “Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive at the latest at the end of a period of three years from the date of its adoption”.
[42] European Commission, Article 5 " Principles relating to processing of personal data" EU 2016/679 (GDPR), [Online]. Available: http://www.privacy-regulation.eu/en/article-5-principles-relating-to-processing-of-personal-data-GDPR.htm