Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.5.169

A Framework and Guidelines for Personal Data Breach Notification Act  

Lee, Chung-Hun (Graduate School of Information, Yonsei University)
Ko, Yu-Mi (Graduate School of Information, Yonsei University)
Kim, Beom-Soo (Graduate School of Information, Yonsei University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.5, 2011 , pp. 169-179 More about this Journal
Abstract
Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.
Keywords
Personal Data; Privacy; Data Controller; Data Processor; Personal Data Breach Notification Act; Data Breach; Notification Framework; Guidelines;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 문비치, 이유나, "조직 위기상황에서의 사과광고메시지 전략과 용서: 개인정보유출 사건을 중심으로," 한국언론학보, 53(6), pp. 354-378, 2009년 12월.
2 변순정, 이강신, 박광신, "개인정보 유.노출 등의 통지관련 국내외 법제 현황," 정보처리학회지, 18(6), pp. 35-42, 2008년 12월.
3 여성구, 심미나, 이상진, "웹 로그 데이터에 대한 개인정보 위협분석 및 보안 가이드," 정보보호학회논문지, 19(6), pp. 135-144, 2009년 12월.
4 이정숙, "미국 증권회사 컴플라이언스 프로그램의 이론적 배경과 특징," 한국증권법학회, 5(1), pp. 221-254, 2004년 6월.
5 임규철, "개인정보와 법," 보명Books, 2009년 7월.
6 최진혁, "기업 위기관리(Crisis Management) 전략에 관한 연구 - 해외 Pandemic Planning 사례를 중심으로," 한국기업경영학회, 17(4), pp. 149-169, 2010년 12월.
7 한국방송공사, "2009 소비자 행태조사 보고서," pp. 31-52, 2009년 12월.
8 한국인터넷진흥원, "2010년 인터넷 이용실태 조사," 방송통신위원회, pp. 8-9, 2010년 9월.
9 Coombs W. Timothy, "Ongoing crisis communication: planning, managing, and responding," Sage Publication, 2nd edition, Feb. 2010.
10 Debix, Inc., "Data Breach Incident," available at http://debix.com/workbook/index.php.
11 Fox Rothschild LLP, "Data security breaches: a first response checklist," available at http://www.foxrothschild.com.
12 Karin Retzer, "Data Breach Notification; The Changing Landscape in the EU," Computer law review international, pp. 39-42 , Feb. 2008.
13 Samuelson Law, Technology & Public Policy Clinic, "Security breach notification laws: views from chief security officers," University of California-Berkeley School of Law, Dec. 2007.
14 김지윤, 성민정, "언론보도에 반영된 조직의 위기관리 전략 분석," 한국지역언론학회 언론과학연구, 9(3), pp. 37-69, 2009년 9월.
15 National Conference of State Legislatures, State Security Breach Notification Laws in the USA, available at http://www.ncsl.org/default.aspx?tabid=13489.
16 강성주, "개인정보보호 어떻게 준비할 것인가," 한국CSO포럼, pp. 1-32, 2010년 12월.
17 권미진, "위기발생 및 해결과정에 있어서 사내커뮤니케이션적인 특성에 관한 고찰," 석사학위논문, 서강대 언론대학원, 2005년 8월.
18 State of California, California Office of Privacy Protection, available at http://www. privacyprotection.ca.gov.
19 Affinion Security Center, "Data breach response guide," Apr. 2009, available at http://www.breachshield.com.