Informatization Policy (정보화정책)

National Information Society Agency (한국지능정보사회진흥원)
권호 표지
DOI QR코드

DOI QR Code

Evaluating the Efficiency of Personal Information Protection Activities in a Private Company: Using Stochastic Frontier Analysis

개인정보처리자의 개인정보보호 활동 효율성 분석: 확률변경분석을 활용하여

  • Jang, Chul-Ho (Personal Data Strategy Team, Korea Internet & Security Agency) ;
  • Cha, Yun-Ho (Personal Data Strategy Team, Korea Internet & Security Agency) ;
  • Yang, Hyo-Jin (Personal Data Strategy Team, Korea Internet & Security Agency)
  • Received : 2021.09.23
  • Accepted : 2021.11.12
  • Published : 2021.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The value of personal information is increasing with the digital transformation of the 4th Industrial Revolution. The purpose of this study is to analyze the efficiency of personal information protection efforts of 2,000 private companies. It uses a stochastic frontier approach (SFA), a parametric estimation method that measures the absolute efficiency of protective activities. In particular, the personal information activity index is used as an output variable for efficiency analysis, with the personal information protection budget and number of personnel utilized as input variables. As a result of the analysis, efficiency is found to range from a minimum of 0.466 to a maximum of 0.949, and overall average efficiency is 0.818 (81.8%). The main causes of inefficiency include non-fulfillment of personal information management measures, lack of system for promoting personal information protection education, and non-fulfillment of obligations related to CCTV. Policy support is needed to implement safety measures and perform personal information encryption, especially customized support for small and medium-sized enterprises.

본 연구는 4차 산업혁명의 디지털 전환과 함께 날로 가치가 증가하고 있는 개인정보를 보호하기 위한 민간기업의 개인정보보호 활동 효율성을 분석하고자 하였다. 민간기업 2,000개의 개인정보처리자를 대상으로 효율성 분석 방법 중 모수적 추정 방법인 확률변경분석을 이용하여 보호 활동의 절대적 효율성을 측정하였다. 특히 효율성 분석을 위한 산출변수로는 개인정보 활동 지수를 활용하였으며, 투입변수로는 개인정보보호 예산과 담당자 수를 활용하였다. 분석 결과, 효율성은 최소 0.466에서 최대 0.949로 전체 평균 0.818 즉 81.8%로 분석되었으며, 비효율성의 주된 원인으로는 개인정보 안전한 이용과 관리조치 미이행, 개인정보보호 교육 추진 체계 미흡 및 영상정보처리기기 관련 의무 미이행 등으로 분석되었다. 따라서 사회 전반의 개인정보보호 수준 제고 및 개인정보보호 활동 효율성 향상을 위해서는 안전조치 이행과 개인정보 암호화 등에 대한 정책적 지원이 요구되며, 특히 중소 영세기업에 대해서는 맞춤형 컨설팅이 필요하다.

Keywords

References

  1. Aigner. D. & Chu, S. (1968). "On Estimating the Industry Production Function." American Economic Review, 58, 826-839.
  2. Aigner, D., Lovell, A. K. & Schmidt, P. (1977). "Formulation and Estimation of Stochastic Frontier Production Function Models." Journal of Econometrics, 6, 21-37. https://doi.org/10.1016/0304-4076(77)90052-5
  3. Banker, R. D. & Natarajan, R. (2008). "Evaluating Contextual Variables Affecting Productivity Using Data Envelopment Analysis." Operations Research, 56(1), 48-58. https://doi.org/10.1287/opre.1070.0460
  4. Battese, G. E. & Corra, G. S. (1977). "Estimation of a Production Frontier with Application to the Pastoral Zone of Eastern Australia." Australian Journal of Agricultural Economics, 21, 169-179. https://doi.org/10.1111/j.1467-8489.1977.tb00204.x
  5. Battese, G. E. & Coelli, T. J. (1995). "A Model for Technical Inefficiency Effects in a Stochastic Frontier Production Function for Panal Data." Empirical Economics, 20(2), 325-332. https://doi.org/10.1007/BF01205442
  6. Boussofiane, A., Dyson, R. G. & Thanassoulis, E. (1991). "Applied data envelopment analysis." European Journal of Operational Research, 52, 1-15. https://doi.org/10.1016/0377-2217(91)90331-O
  7. Charnes, A., Cooper, W. W. & Rhodes, E. L. (1978). "Measuring the Efficiency of Decision Making Units." European Journal of Operational Research, 2(6), 429-444. https://doi.org/10.1016/0377-2217(78)90138-8
  8. Choi, W., Kim, W. & Kook, K. (2018). "An Evaluation of the Efficiency of Information Protection Activities of Private Companies." Convergence security journal, 18(5), 25-32.
  9. Coelli, T., Rao, D., O'Donnell, C. & Battese, G. (2005). An introduction to efficiency and productivity analysis (2nd ed.). New York : Springer.
  10. Farrell, M. J. (1957). "The Measurement of Productive Efficiency." Journal of the Royal Statistical Society, Series A, General, 120(3), 253-281. https://doi.org/10.2307/2343100
  11. Greene, H. W. (1990). "A Gamma-Distribution Stochastic Frontier Models." Journal of Econometrics, 46, 141-164. https://doi.org/10.1016/0304-4076(90)90052-U
  12. Jang, C. & Cha, Y. (2021). "A Study on the Determinants of Personal Information Protection Activities: With a Focus on Personal Information Managers." Informatization Policy, 28(1), 64-76. https://doi.org/10.22693/NIAIP.2021.28.1.064
  13. Jeong, M. & Lee, K. (2015). "A Study on Personal Information Protection Management Assessment Method by DEA." Journal of the Korea Institute of Information Security and Cryptology, 25(3), 691-701. https://doi.org/10.13089/JKIISC.2015.25.3.691
  14. Lee, H., Park, M. & Cha, Y. (2016). "An Evaluation on the Efficiency of Privacy Protection by Types of Public Institutions." Korean journal of policy analysis and evaluation, 26(4), 163-188. https://doi.org/10.23036/KAPAE.2016.26.4.007
  15. Meeusen, W. & J. van den Broeck(1977). "Efficiency Estimation from Cobb-Douglas Production Function With Composed Error." International Economics Review, 18, 435-444. https://doi.org/10.2307/2525757
  16. Park, T., Yoon, K., Moon, S. & Lim, J. (2010a). "Evaluating the Efficiency of Information Security Organizations in Public Sector Using DEA Models." Journal of the Korea Institute of Information Security and Cryptology, 20(6), 209-220. https://doi.org/10.13089/JKIISC.2010.20.6.209
  17. Park, T., Lim, J. & Moon, S. (2010b). "Evaluating the Education Efficiency of Information Security Organizations in Public Sector Using DEA Models." Journal of Korean Association for Regional information Society, 13(4), 1-24.
  18. Schmidt, P. & Lovell, A. K. (1979). "Estimation Technical and Allocative Inefficiency Relative to Stochastic Production and Cost Frontiers." Journal of Econometrics, 9(3), 343-366. https://doi.org/10.1016/0304-4076(79)90078-2
  19. Shin, Y. (2006). "An Evaluation on the Efficiency of Privacy Protection by Public Institutions." Journal of local government studies, 18(1), 87-106.
  20. Shin, Y. (2009). "A Study on developing the policy of personal information protection in Korea : Focused on management of personal information in central government and local government." Informatization Policy, 16(1), 41-53.
  21. Shin, Y. (2018). "A Study on Developing Policy Indicators of Personal Information Protection for Expanding Secure Internet of Things Service." Informatization Policy, 25(3), 29-51. https://doi.org/10.22693/NIAIP.2018.25.3.029
  22. Kim, H. (2020). "An Study on Analysis Model of E-goverment Business Regulation Using Delphi and AHP Method." Informatization Policy, 27(2), 40-65. https://doi.org/10.22693/NIAIP.2020.27.2.040