研究論文／A Study on Privacy Policy of University/Academic Libraries in Taiwan／林呈潢、陳虹碩

保障使用者隱私的概念，在我國圖書館界已存在多年，但訂有隱私權政策之大學圖書館仍屬少數；2010 年我國修正《個人資料保護法》(以下簡稱個資法)，強調「個人資料自主決定權」(資訊自主權)、「安全維護義務」以及「合理利用」等三個重點。規範個人資料的蒐集（個資法§5）、處理（個資法§2）及利用（個資法§16）有助於隱私權的保護。同時，一舉將個資法外洩賠償上限從現行法二千萬元提高到二億元，圖書館身為握有大量使用者個人資料的機構應更加謹慎小心。本研究採用內容分析法，分析國外大學圖書館隱私權政策，整理出重要的隱私權保護內容。再依據內容分析法結果，整理出隱私權政策內涵，做為結構性訪談的依據，以探討目前我國大學圖書館所面臨的隱私權議題和面對這些隱私權問題的處理方式、對於制定隱私權政策的看法（含動機與困境），以及制定隱私權政策的相關做法，最後彙整可供我國大學圖書館建置隱私權政策參考之內容，包括人員權限控管、使用者個人資料的用途、適用範圍等11 個項目。 The concept of privacy protection has been around in librarianship in Taiwan for years, but only a few academic/university libraries have set up the privacy policy for library patrons. In 2010, revised edition of the Personal Information Protection Act (hereinafter “ the PIPA”) was enacted to enforce namely “the rights of self-determination of personal information” (named hereinafter “The Information Right of Self-Determination”), “the obligation of proper security measures” and “the fair use.” The PIPA, enacted to govern the collection (§5), processing (§2) and use (§16) of personal information, is significantly helpful for the privacy protection. In the meantime, the revised PIPA governs the total amount of fine for disclosing the personal information should from NT 20,000 to up to NT$200 million. The libraries, as organizations that possess a great quantity of the patrons’ personal information, should be keen to this issue. This study utilized content analysis as its primary research method for data collection and analysis. The first step is to analyze the privacy policy of academic libraries in other countries, and to extract the important issues in their privacy policy. The second step is to organize the meaningful contents of the privacy policy based on the results of the first step of content analysis. The acquired meaningful contents are then used as a basis of structured interviews. There are four research themes in this study, namely discussion of the key topics of the privacy policy concerned by the academic libraries in Taiwan; the strategies of dealing the problems of privacy policy; the opinions of formulating the privacy policy (including motivation and dilemma); and decision-making process of the policy. Last, this study aims to synthesize the significant issues of privacy policy for the reference of academic libraries in Taiwan. There are 11 key aspects contained in the policy, including access control, the use of personal information, the proper scope, and so on. 頁次：94-110