Browse > Article
http://dx.doi.org/10.9708/jksci.2022.27.06.053

A study on Data Context-Based Risk Measurement Method for Pseudonymized Information Processing  

Kim, Dong-Hyun (Korea Internet & Security Agency)
Publication Information
Journal of the Korea Society of Computer and Information / v.27, no.6, 2022 , pp. 53-63 More about this Journal
Abstract
Recently, as digital transformation due to the COVID-19 pandemic accelerates, data to improve individual quality of life is being used in large quantities, and more reinforced non-identification processing procedures are required to utilize the most valuable personal information among data. In Korea, procedures for de-identification measures are presented through amendments to laws and guidelines, but there is no methodology to measure the level of de-identification in the field due to ambiguous processing standards and subjective risk measurement methods. This paper compares and analyzes the current status of policy and guidelines related to de-identification measures proposed at home and abroad to derive complementary points, suggests a data context-based risk measurement method centered on pseudonymized information processing, and verifies its validity. As a result of verification through Delphi survey and focus group interview (FGI), it was confirmed that the need for the proposed methodology and the validity of the indicators were high.
Keywords
BigData; Personal Information; De-Identification; Pseudonymized information; Pseudonym Risk Assesment;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 EU General Data Protection Regulation, "Recital(26)," 2018.
2 Economist, "The worlds most valuable resource is no longer oil, but data," 2017.
3 IMD, "World Digital Competitiveness Ranking 2021 Report," 2021.
4 Financial Services Commission, "Guidelines for processing anonymisation and Pseudonymization Information in the financial sector," 2020.
5 Information and Privacy Commissioner of Ontario, "De-Identification Guidelines for Structured Data," 2016.
6 M. Elliot, E. Mackey et al, "The Anonymisation Decision making Framework," UK Anonymisation Network, 2016.
7 D. Tanvi, R. Felix et al, "Five Safes: Designing data access for research,", University of Bristol, 2016.
8 G. Duncan, T. Elliot et al, "Statistical Confidentiality," New York Springer, 2011.
9 Personal Information Protection Act, "Article 28-2," 2021.
10 Dhkim, Sskim, "A New Scheme for Risk Assessment Based on Data Context for De- Identification of Personal Information," Journal of The Korea Institute of Information Security and Cryptology, Vol. 30, No. 4, pp. 719-734, Jun. 2020.   DOI
11 N. David, "How to Plan, Participate and Prosper in the Data Economy," Gartner Research, Mar. 2011.
12 Joint Government Departments in Korea, "Plans to revitalize the data and AI economy," 2019.
13 Joint Government Departments in Korea, "Guidelines for De-Identification of Personal Information," 2016.
14 Sweeney L, "k-anonymity: A model for protecting privacy," International Journal of Uncertainty, Vol. 10, No. 3, pp. 557-570, July. 2002.
15 ISO/IEC 20889, "Privacy enhancing data deident ification terminology and classification of techniques, Annex A," 2018.
16 Ministry of Health and welfare, "Guidelines for Health and Medical Data Utilization," 2020.
17 Ministry of the Interior and Safety, "Guidelines for processing Pseudonymization Information in the public sector," 2021.
18 HITRUST, "De-Identification Framework," 2015.
19 K. Emam, L. Arbuckle, "Anonymizing health data," O'Reilly book, pp. 29-33, 2013.
20 F. Prasser, F. Kohlmayer et al, "The Importance of Context: Risk-Based De-Identification of Biomedical Data," Methods of Information in Medicine, Vol. 55, No. 4, pp. 347-355, Aug. 2016.   DOI
21 NIST 800-188(2nd Draft), "De-Identifying Government Datasets," 2016.
22 Personal Information Protection Commission, "Guidelines for processing pseudonym information," 2021.