2024 年 12 月 4 日
各位師長同仁好,
依教育部113年11月7日來函提醒:
- 學校為行政目的使用資通系統或雲端資通服務(如Google 表單、Microsoft Forms 等問卷調查服務)涉及蒐集個人資料者,應注意下列事項:
- 資料蒐集最小化:僅蒐集適當、相關且限於處理目的所必要之個人資料,處理及利用時,不得逾越特定目的之必要範圍,並應與蒐集之目的具有正當合理之關聯。
- 存取控制:應注意檔案存取權限設定,應採最小權限原則,僅允許使用者依目的,指派任務所需之最小授權存取。
- 使用雲端資通服務者,應詳閱設定內容,不宜使用者共同編輯個人資料檔案清冊,並應注意避免設定允許顯示其他使用者作答內容(如Google 表單不應勾選「顯示摘要圖表和其他作答內容」),避免使用者能瀏覽其他使用者資料,造成個人資料外洩。公佈前應確實做好相關設定檢查,並實際操作測試,確認無誤後再行發布。
- 傳輸之機密性:網路傳輸應採用網站安全傳輸通訊協定(HTTPS)加密傳輸,並使用TLS 1.2 以上版本傳輸。
- 資料儲存安全:如涉及蒐集個人資料保護法第6 條之個人資料或其他敏感個人資料,應以加密方式儲存。
- 應訂定個人資料保存期限,並於期限或業務終止後將蒐集之個人資料予以刪除或銷毀,避免個人資料外洩。
- 另提醒教職員工在處理個人資料時,應注意以下法規:
-
- 依個人資料保護法第11條第3項「個人資料蒐集之特定目的消失或期限屆滿時,應主動或依當事人之請求,刪除、停止處理或利用該個人資料。」,當事人之影片應於作業批改完成後立即刪除並下架,並確保離線備份皆已刪除。
- 依個人資料保護法第16條「公務機關對個人資料之利用,除第六條第一項所規定資料外,應於執行法定職務必要範圍內為之,並與蒐集之特定目的相符。」,僅蒐集適當、相關且限於處理目的所必要之個人資料,處理及利用時,不得逾越特定目的之必要範圍,並應與蒐集之目的具有正當合理之關聯。
- 依個人資料保護法第28條第1項「公務機關違反個人資料保護法規定,致個人資料遭不法蒐集、處理、利用或其他侵害當事人權利者,負損害賠償責任。」,應注意當事人影片或其他個人資料是否正當使用及留存,以避免違反個人資料保護法之規定。
Dear Colleagues:
A reminder from the Ministry of Education, dated November 7, 2024:
- Universities shall pay attention to the following points when using information systems or cloud-based services (such as Google Forms, Microsoft Forms, and other survey services) to collect personal information for administrative purposes:
- Data collection minimization: Only collect personal information that is appropriate, relevant, and necessary for the intended purpose. During processing and use, the data should not exceed the necessary scope of the specific purpose, and it should be reasonably and justifiably related to the purpose of collection.
- Access control: Attention should be given to file access permissions, following the principle of least privilege. Users should only be granted the minimum necessary access based on the purpose and tasks assigned.
- Users of cloud-based information services should carefully review the settings and avoid allowing users to collaboratively edit personal information files or records. They should also ensure that the settings do not permit displaying other users’ responses (for example, in Google Forms, the option “Show summary charts and other responses” should not be selected). This is to prevent users from viewing other users’ data, which could lead to personal information leakage. Before publishing, a thorough check of the settings should be conducted, along with practical testing to ensure everything is correct before release.
- Confidentiality of transmission: Network transmissions should use secure communication protocols (HTTPS) for encrypted transmission, and TLS version 1.2 or higher should be used for data transfer.
- Data storage security: If the collection involves personal information protected under Article 6 of the Personal Information Protection Act or other sensitive personal information, it should be stored in an encrypted format.
- A retention period for personal information should be established, and personal information should be deleted or destroyed after the retention period or upon the termination of the matter, to prevent any leakage of personal information.
- Additionally, faculty and staff members should pay attention to the following regulations when handling personal information:
-
- In accordance with Article 11, Section 3 of Personal Information Protection Act, “When the specific purpose of personal information collection disappears or the retention period expires, the personal information should be proactively deleted, or processing or usage should be stopped upon the request of the data subject.” Therefore, an individual’s video should be deleted and removed from the platform immediately after the grading process is completed, and it should be ensured that all offline backups are also deleted.
- In accordance with Article 16 of the Personal Information Protection Act, “Public authorities’ use of personal information, except for data specified in Article 6, Section 1, should be within the necessary scope for performing statutory duties and should align with the specific purpose for which it was collected.” Only appropriate, relevant, and necessary personal information should be collected for the intended purpose, and during processing and usage, it must not exceed the necessary scope of the specific purpose and should be reasonably and justifiably related to the purpose of collection.
- In accordance with Article 28, Section 1 of the Personal Information Protection Act, “Public authorities that violate the provisions of the Personal Information Protection Act, resulting in the unlawful collection, processing, use, or other infringement of the data subject’s rights, shall be liable for damages”. It is important to ensure that a data subject’s videos or other personal information are used and retained properly to avoid violating the provisions of the Personal Information Protection Act.