Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2022.12.05.001

A Study on Developing the Compliance for Infringement Response and Risk Management of Personal Information to Realize the Safe Artificial Intelligence Services in Artificial Intelligence Society  

Shin, Young-Jin (Division of AI Software Engineering-Information Security, PaiChai University)
Publication Information
Journal of Convergence for Information Technology / v.12, no.5, 2022 , pp. 1-14 More about this Journal
Abstract
This study tried to suggest crisis management compliance to prevent personal information infringement accidents that may occur in the process because the data including personal information is being processed in the artificial intelligence (AI) service process. To this end, first, the AI service provision process is divided into 3 processes such as service planning/data design and collection process, data pre-processing and purification process, and algorithm development and utilization process. And 3 processes are subdivided into 9 stages following to personal information processing stages to infringe personal information. All processes were investigated with literature and experts' Delphi. Second, the investigated personal information infringement factors were selected through FGI, Delphi, etc. for experts. Third, a survey was conducted with experts on the severity and possibility of each personal information infringement factor, and the validity and adequacy of the 94 responses were verified. Fourth, to present appropriate risk management compliance for personal information infringement factors in AI services, a method for calculating the risk level of personal information infringement is prepared by utilizing the asset value of personal information, personal information infringement factors, and the possibility of infringement accidents. Through this, the countermeasures for personal information infringement incidents were suggested according to the scored risk level.
Keywords
Artificial intelligence (AI) Service; Personal Information Protection; Personal Information Infringement Accident; Severity of Infringement Factors; Personal Information Crisis Management Compliance; Expert's Delphi; Focus Group Interview(FGI);
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 Personal Information Protection Commission. (2015). Analysis of personal information infringement factors in the Internet of Things era and investigation of actual cases. Personal Information Protection Committee.
2 Personal Information Protection Committee. (2021. 5. 31). Artificial Intelligence (AI) Personal Information Protection Self-Checklist.
3 K. W. Kug. (2019. 3. 2). Application examples by Artificial intelligence technology and industry, Weekly trend, 15-27.
4 E. J. Hong, S. J. Lee, D. W. Hong & C. H. Seo. (2019). Analysis of privacy issues and countermeasures in neural network learning, Journal of Digital Convergence. 17(7), 285-292.   DOI
5 J. H. Jeon. (2015). Analysis on the Security threat factors of the Internet of Things. Convergence security journal. 15(7), 47-53.
6 K. J. Choi. (2015). A Study for Developmental Change of Personal Information Protection Law System in the Age of Big Data and Internet of Things (IoT). Chung_Ang Law Review, 17(4), 7-50.   DOI
7 S. H. Park & D. S. Choi. (2017). Artificial Intelligence and Security Issues, Review of KIISC, 27(3), 27-32.
8 Personal Information Protection Committee & Korea Internet & Security Agency. (2021). Artificial Intelligence and Personal Information Protection. The 6th Pseudonym Information Expert Training Materials.
9 H. J. Shim. (2018). The Paradox of Artificial Intelligence (AI) and Privacy: Focusing on AI Voice Assistants. KISDI Premium Report.
10 Ministry of Science, Technology, and Information & National Information Society Agency. (2021). A guide to building datasets for artificial intelligence learning.
11 C. H. Lim, J. Y. Kim & J. H. Choi. (2009). Profiling of Cyber-crime by Psychological View, Journal of the Korea Institute of Information Security and Cryptology, 19(4), 115-124.   DOI
12 EU. (2016). General Data Protection Regulation (GDPR).
13 Cyber Security Strategic Headquarters. (2018). Severity evaluation criteria (draft) for critical infrastructure service failures due to cyber attacks(Online). https://www.nisc.go.jp/conference/cs/ciip/dai14/pdf/14shiryou 12-2 .pdf
14 Korea Internet & Security Agency. (2021). Main contents of EU artificial intelligence (AI) regulation and protection of personal information. Personal Information Protection Monthly Trend Analysis, 5, 1-15
15 D. S. Choi. (2016). Artificial Intelligence and Fintech Security. Review of KIIC, 26(2), 35-38.
16 D. H. Kim. (2021. 5. 23). AI guidelines' from around the world will compete.. A small step domestically. News Tomato(Online). http://m.gobest.news.dreamwiz.com/NEWSAXmV7Is1a3AFLjqbk89k
17 UK Biometrics and Forensics Ethics Group. (2019). Ethical issues arising from the police use of live facial recognition technology. Interim report of the Biometrics and Forensics Ethics Group Facial Recognition Working Group.
18 J. L. Kim. (2018). Relation between Artificial Intelligence and Information Security. Communications of the Korean Institute of Information Scientists and Engineers. 36(2), 14-17.   DOI
19 Y. J. Shin. (2021). A Study on the Application of Responsibility and Principle for Personal Information Protection in AI Services. Korea Criminal Intelligence Review, 7(1), 45-74.   DOI
20 L.Floridi et al. (2018). AI4People-An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations. Minds and Machines. 28, 689-707. DOI : 10.1007/s11023-018-9482-5   DOI
21 G. B. Song & J. K. Lee. (2020). Discussions on the Commercialization of AI and the Protection of Personal Information - Focusing on Image Data and Profiling -. Korean Security Journal, 65, 453-476.   DOI
22 D. H. Kim, S. W. Yoon & Y. P. Lee. (2013). Security for IoT Service. The Journal of The Korean Institute of Communication Sciences. 30(8), 53-59
23 Korea Internet & Security Agency. (2020). A Study on Improvement Plans for Personal Information Protection Policy for Fostering the Artificial Intelligence Industry. Service Proposal Request Form.
24 National Information Society Agency. (2018). Threats, and countermeasures against the exploitation of artificial intelligence. NIA Special Report.
25 M. Comiter. (2019). Attacking Artificial Intelligence. Harvard Kennedy School Belfer Center for Science and International Affairs, 2019-08.
26 S. J. Sohn & S. J. Ahn. (2021). A Study on the Artificial Intelligence Ethical Principle Classification Model. Proceeding of the Korean Association of Computer Education. 25(2), 111-114.
27 R. Goosen, A. Rontojannis, S. Deutscher, J. Rogg, W. Bohmayr & D. Mkrtchian. (2018. 11. 13). Artificial Intelligence Is a Threat to Cybersecurity. It's Also a Solution. Technology & Digital BCG(Online). https://www.bcg.com/publications/2018/artificial-intelligence-threat-cybersecurity-solution.aspx
28 Y. J. Shin. (2020). A Study on Developing and Applying Framework and Assessment Standard of Its Conformity of Personal Information Protection for IoT Service Subject. Journal of Korean Association of Regional information Society, 23(2), 83-117   DOI
29 Y. D. Kim and W. C. Jang. (2016). Direction of Improvement of Privacy Protection Regulation for Promoting Artificial Intelligence Industry. Journal of Law and Economic Regulation, 9(2), 161-176
30 Personal Information Protection Commission & Korea Internet & Security Agency. (2020). Personal Information Impact Assessment Performance Guide.
31 Australian Government, Department of Industry, Science, Energy, and Resource. (2019). Artificial Intelligence: Australia's Ethics Framework, A Discussion Paper, 1-76.
32 C. H. Park & D. W. Hong. (2019). Differential Privacy Technology Resistant to the Model Inversion Attack in AI Environments. Journal of the Korea Institute of Information Security & Cryptology, 29(6), 589-598. DOI : 10.13089/JKIISC.2019.29.3.589   DOI
33 B. G. Lee. (2021). The final report on the development of AI dysfunction prevention technology by deceptive attacks. Information and Communication Planning and Evaluation Institute, Ministry of Science and ICT
34 Korea Internet & Security Agency. (2021). Main contents of EU artificial intelligence (AI) regulation and protection of personal information. Monthly trend analysis of personal information protection. 5, 1-15.
35 The legislative power plant. (2018). Overseas discussions on AI privacy issues(Online). http://blog.naver.com/PostView.nhn?blogId=legislationpp&logNo=221408527453
36 National Information Society Agency. (2017). Korea AI Company Status Survey Report, 1-119.
37 D. S. Choi. (2017). Artificial Intelligence and Security. The Journal of The Korean Institute of Communication Sciences, 34(10), 31-37.
38 Y. J. Shin. (2021). The Improvement Plan for Personal Information Protection for Artificial Intelligence (AI) Service in South Korea. Journal of Convergence for Information Technology. 11(3), 20-33. DOI : 10.22156/CS4SMB.2021.11.03.020   DOI
39 J. H. Kim et al. (2016). A study on the protection of personal information in the field of artificial intelligence and robotics, Personal Information Protection Committee.