International Journal of Fuzzy Logic and Intelligent Systems

  • 제11권3호
  • /
  • Pages.197-203
  • /
  • 2011
  • /
  • 1598-2645(pISSN)
  • /
  • 2093-744X(eISSN)
한국지능시스템학회 (Korean Institute of Intelligent Systems)
권호 표지
DOI QR코드

DOI QR Code

Standard Implementation for Privacy Framework and Privacy Reference Architecture for Protecting Personally Identifiable Information

  • 투고 : 2011.07.29
  • 심사 : 2011.08.25
  • 발행 : 2011.09.25
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Personal Identifiable Information (PII) is considered information that identifies or can be used to identify, contact, or locate a person to whom such information pertains or that is or might be linked to a natural person directly or indirectly. In order to recognize such data processed within information and communication technologies such as PII, it should be determined at which stage the information identifies, or can be associated with, an individual. For this, there has been ongoing research for privacy protection mechanism to protect PII, which now becomes one of hot issues in the International Standard as privacy framework and privacy reference architecture. Data processing flow models should be developed as an integral component of privacy risk assessments. Such diagrams are also the basis for categorizing PII. The data processing flow may not only show areas where the PII has a certain level of sensitivity or importance and, as a consequence, requires the implementation of stronger safeguarding measures. This paper propose a standard format for satisfying the ISO/IEC 29100 "Privacy Framework" and shows an implementation example for privacy reference architecture implementing privacy controls for the processing of PII in information and communication technology.

키워드

참고문헌

  1. http://www.oecd.org/document/18/0,3746,en_2649_34255_1815186_1_1_1_1,00&&en-USS_01DBC.html, "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data", 1980.
  2. Asia Pacific Economic Cooperation, "APEC Privacy Framework", 2005.
  3. http://www.law,cornell.edu/rules/frcp/index.html#chapter_v, "Federal Rule of Civil Procedure".
  4. ISO/IEC JTC1 SC27 "Privacy Framework", SC27 N9226, 2011.
  5. ISO/IEC JTC1 SC27 "Privacy Reference Architecture", SC27 N9228, 2011.
  6. ISO/IEC JTC1 SC27 WG5 "Study Period for a harmonized SC 27/WG 5 Vocabulary", SC27 N9401, 2011.
  7. ISO/IEC JTC1 SC27 WG5 "WG 5 SD1-WG 5 Roadmap", SC27 N9237, 2011.
  8. ISO/IEC JTC1 SC27 "Business plan for JTC1 SC27 Security Technique", SC27 N9463, 2010.
  9. ISO/IEC JTC1 SC27 "Resolutions of the 11th meeting of ISO/IEC JTC 1/SC 27/WG 5 in Singapore, April 11-15, 2011", SC27 N9920, 2011.
  10. HomelandSequrity Whitepaper, "Computer Network Security & Privacy Protection", 2011.
  11. http://www.cs.ucdavis.edu/-hchen/paper/passat09.pdf, "Noise Injection for Search Privacy Protection", 2011.
  12. http://isms.kisa.or.kr/kor/main.jsp, "Personal Information Management System", 2011.

피인용 문헌

  1. A Security Reference Model for the Construction of Mobile Banking Services based on Smart Phones vol.11, pp.4, 2011, https://doi.org/10.5391/IJFIS.2011.11.4.229
  2. Implementation Privacy Reference Architecture for Forensic Readiness vol.12, pp.1, 2012, https://doi.org/10.5391/IJFIS.2012.12.1.53