DOI QR코드

DOI QR Code

제4차 산업시대의 개인정보 관리수준 진단지표체계 개선방안: 특정 IT기술연계 개인정보보호기준 적용을 중심으로

The Improvement Plan for Indicator System of Personal Information Management Level Diagnosis in the Era of the 4th Industrial Revolution: Focusing on Application of Personal Information Protection Standards linked to specific IT technologies

  • 신영진 (배재대학교 지능SW공학부 정보보안학)
  • Shin, Young-Jin (Division of Intelligent SW Engineering-Information Security, PaiChai University)
  • 투고 : 2021.09.24
  • 심사 : 2021.12.20
  • 발행 : 2021.12.28

초록

개인정보보호위원회에서 공공기관을 대상으로 시행하고 있는 개인정보 관리수준 진단제도의 지표체계는 「개인정보 보호법」의 법적 준수사항을 점검하지만, 새로운 IT기술의 도입에 따르는 개인정보보호사항을 기준으로 적용하는 데 한계가 있었다. 따라서, 본 연구에서는 제4차 산업혁명의 핵심기술인 빅데이터, 클라우드, 사물인터넷, 인공지능을 특정IT기술의 도입에 따라, 개인정보보호가 강화될 수 있도록 별도의 지표체계가 운영될 수 있도록 지표체계의 개선방안을 제안하고자 한다. 이를 위해서 선정한 특정IT기술의 개인정보보호사항에 관한 국내외 문헌조사를 통해 지표체계의 구성요소를 도출하고, 공공기관의 개인정보 보호담당자 대상으로 한 설문조사 및 개인정보보호 전문가대상으로 FGI/Delphi분석을 통해 진단지표로 선정하였다. 이렇게 선정한 지표체계는 먼저, 모든 특정IT기술의 기획 및 설계단계에서부터 개인정보보호원칙(PbD)과 가명정보처리 및 비식별 조치에 관한 기준의 적용여부를 점검하는 공통지표를 선정하였다. 이외에 빅데이터에 관한 2개 점검항목, 클라우드에 관한 개인정보 처리방침 게재 사항 등 5개 점검항목, 사물인터넷관련 원칙적용, 로그기록 관리 등 5개 점검항목, 인공지능에 관한 원칙 적용 등 4개 점검항목을 선정하였다. 이처럼 본 연구는 개인정보 관리수준 진단제도의 발전을 위해 새로운 IT기술변화에 대응할 수 있도록 개인정보보호의 신속한 대응을 유도하는 진단제도가 되도록 제언하고자 하였다.

This study tried to suggest ways to improve the indicator system to strengthen the personal information protection. For this purpose, the components of indicator system are derived through domestic and foreign literature, and it was selected as main the diagnostic indicators through FGI/Delphi analysis for personal information protection experts and a survey for personal information protection officers of public institutions. As like this, this study was intended to derive an inspection standard that can be reflected as a separate index system for personal information protection, by classifying the specific IT technologies of the 4th industrial revolution, such as big data, cloud, Internet of Things, and artificial intelligence. As a result, from the planning and design stage of specific technologies, the check items for applying the PbD principle, pseudonymous information processing and de-identification measures were selected as 2 common indicators. And the checklists were consisted 2 items related Big data, 5 items related Cloud service, 5 items related IoT, and 4 items related AI. Accordingly, this study expects to be an institutional device to respond to new technological changes for the continuous development of the personal information management level diagnosis system in the future.

키워드

참고문헌

  1. Y. J. Shin, S. Y. Cho, G. H. Chae & H. G. Choi. (2021). The Research on improvement of personal information management level diagnosis system, Korean Internet & Security Agency.
  2. Personal Information Protection Commission. (2021.3). 2021 Public Institutions Personal Information Management Level Diagnosis Manual.
  3. J. H. Cheong (2010). Study on AHP and Non-Parametric Verification on the Importance of the Diagnosis Indicators of Personal Information Security Level. Journal of The Korean Data Analysis Society. 12(3), 1499-1510.
  4. S. H. Lee, H. E. Park & S. G. Choi. (2011. 6). A Study on index improvement of personal information protection level diagnosis in the public organizations. Proceedings of Symposium of the Korean Institute of communications and Information Science, 207-208.
  5. Y. J. Shin, H. C. Jeong & W. Y. Kang. (2012). A Study of Priority for Policy Implement of Personal Information Security in Public Sector: Focused on Personal InformationSecurity Index. Journal of the Korea Institute of Information Security & Cryptology, 22(2), 379-390. https://doi.org/10.13089/JKIISC.2012.22.2.379
  6. M. S. Jeong & K. H. Lee. (2015. June) A Study on Personal Information Protection Management Assessment Method by DEA. Journal of the Korea Institute of Information Security & Cryptology. 25(3), 691-701. DOI : 10.13089/JKIISC.2015.25.3.691
  7. C. H. Jang & Y. H. Cha. (2021). A Study on the Determinants of Personal Information Protection Activities: With a Focus on Personal Information Managers Informatization Policy, 28(1), 64-76. DOI : 10.22693/NIAIP.2021.28.1.064
  8. C. W. Park, J. W. Kim & H. J. Kwon. (2016). An Empirical Research on Information Privacy Risks and Policy Model in the Big data Era. The Jounal of Society for e-Business Studies. 21(1), 131-145. DOI : 10.7838/jsebs.2016.21.1.131
  9. Y. W. Lee, H. M. Jang & S. P. Hong. (2012. Nov.). A Design of the Large-Scale Personal Information Management Model for Privacy Protection in BigData Environments, Korean Proceeding of Symposium of Society for Internet Information, 29-30.
  10. S. H. Na & E. N. Huh. (2012. Nov.). Privacypreserving Reference Model for Personal Cloud. Seminar Proceeding of The Korean Institute of Information Scientists and Engineers. 39(2C), 146-148.
  11. Y. J. Shin. (2015. March). A Study on Development for Conformity Assessment Indicators of Privacy in Cloud Services. Journal of Korean Associastion for Regional Information Society. 18(1), 1-31. DOI : 10.22896/karis.2015.18.1.001
  12. J. D. Kim, D. H. Park & H. Y. Youm. (2015). A Study on development of privacy indicators in the context of cloud service level agreement Journal of Digital Convergence. 13(2), 115-120. DOI : 10.14400/JDC.2015.13.2.115
  13. Y. J. Shin. (2018. Sept.). A Study on Developing Policy Indicators of Personal Information Protection for Expanding Secure Internet of Things Service. Information Policy. 25(3), 29-51. DOI : 10.22693/NIAIP.2018.25.3.029
  14. Y. J. Shin. (2018. Sept.). A Study on Developing and Applying Framework and Assessment Standard of It's Conformity of Personal Information Protection for IoT Service Subject. Journal of Korean Associastion for Regional Information Society, 23(2), 83-117. DOI : 10.22896/karis.2020.23.2.004
  15. W. T. Lee & J. M. Kang. (2016. 8. 31). A study on Model of Personal Information Protection based on Artificial Intelligence Technology or Service. The Journal of The Institute of Internet, Broadcasting and Communication (IIBC). 16(4), 1-6. DOI : 10.7236/JIIBC.2016.16.4.1
  16. Korea Communications Commission, Korea Internet & Security Agency. (2015). Big data privacy guideline commentary,
  17. Ministry of Public Administration and Security, (2021. 6. 25). Provision and Use of Pseudonym Information in the Public Sector More Safely, Ministry of Public Administration and Security Press Release.
  18. H. J. Lim. (2017. April). Analysis of personal information de-identification processing methods in big data environment. Electronic Finance and Financial Security, 8, 13-17.
  19. Information Commissioner's Office. (2017). Big data, artificial intelligence, machine learning and data protection.
  20. Korea Communication Commission. (2011). SLA guide in Cloud computing.
  21. Korea Internet & Security Agency. (2019). Information Protection and Personal Information Protection Management System Certification System Guide.
  22. Lloyd's Register. (n.d.). Lloyd's Register, cloud security assurance (Online). https://www.lr.org/ko-kr/csa-star/
  23. J. W. Kim. (n.d). ISO/IEC 27018, International Standards for personal information protection of Cloud Service., Data Protection & Privacy(Online). https://blog.naver.com/n_privacy/222432267736
  24. Ministry of Science and ICT, Korea Internet & Security Agency, (2020). Cloud Service Security Certification System Evaluation Criteria Commentary.
  25. D. H. Lee & N. J. Park. (2017). Proposal of Technology and Policy Post-Security Management Framework for Secure IoT Environment, Journal of KIIT. 15(4), 127-138. DOI : 10.14801/jkiit.2017.15.4.127
  26. AhnLab. (2016.10.5), IoT Security Guide for the Internet of Things Era (Online). https://blog.daum.net/simjy/11993768
  27. Personal Information Protection Committee & Korea Internet & Security Agency, (2020. Dec.). Guidelines for Protection of Personal Information Automatically Processed,
  28. Korea Internet & Security Agency. (2016). Guide to Cryptographic Authentication Technology in Internet of Things (IoT) Environment
  29. H. M. Jung, K. M. Jeong & H. J. Cho. (2017. Nov.). A Design for Security Functional Requirements of IoT Middleware System. Journal of the Korea Convergence Society. 8(11), 63-69. DOI : 10.15207/JKCS.2017.8.11.063
  30. IoT Security Alliance. (2016). IoT Common Security Guidelines, 2016.
  31. Johan Sjolund. (2020). Cybersecurity evaluation of IoT systems, South-Eastern Finland University of Applied Sciences.
  32. G. J. Lee, (2021. 7. 27). Setting up standards for personal information protection such as artificial intelligence and autonomous driving, Information and Communication Newspaper (Online). https://www.koit.co.kr/news/articleView.html?idxno=80658
  33. Sejong Law Firm, (2021. 5. 21). Legal issues related to the use of unstructured data in light of the Personal Information Protection Commission's sanction for 'Leeruda'. (Online). http://www.shinkim.com/kor/media/newsletter/1498
  34. Personal Information Protection Committee. (2021. 5. 31). Artificial Intelligence (AI) Personal Information Protection Voluntary Checklist.
  35. Australian Government, Department of Industry, Science, Energy and Resource. (2019. Nov.). Artificial Intelligence : Australia's Ethics Framework, A Disscussion Paper (Online). https://consult.industry.gov.au/strategic-policy/artificial-intelligence-ethics-framework/supporting_documents/ArtificialIntelligenceethicsframeworkdiscussionpaper.pdf
  36. European Commission. (2020). White Paper on Artificial Intelligence - A European approach to excellence and trust, COM.
  37. European Commission. (2021. 4. 21) Proposal for a Regulation laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) and amending certain Union legislative acts
  38. S. K. Han, (2021). Implementation of the European Union's Draft AI Act, 2021 KISA Report.
  39. J. K. Lee. (2021). Examine the meaning of disposition of 'Leeruda'. 2021 KISA Report Korea Internet & Security Agency,
  40. Reuters. (2021. 4. 21). EU set to ratchet up AI fines to 6% of turnover - EU document.
  41. Korea Internet & Security Agency, (2021). Regulation and protection of personal information of main contents of EU artificial intelligence(AI). Personal Information Protection Monthly Trend Analysis, 5, 1-10.