• Journal of Digital Convergence
• /
• v.17 no.11
• /
• pp.127-136
• /
• 2019

In the social media, information that users share with service providers can be divided into personal identification information such as gender and age and privacy-related information such as photos and comments. However, previous works on IS and service management have shed relatively little light on the difference of information-sharing decisions depending on the type of information. This study examines information-sharing decisions by separating the two types of information. A structural equation modeling method is used to test the research model based on a sample of 350 Facebook in South Korea. Analysis results show that self-expression, trust, and perceived security had a significant positive effect on both user's intentions to give personal identification information and their intentions to give privacy-related information. However, privacy concerns negatively affected their intentions to give personal identification and intention to give privacy-related information. The analysis results confirm that there was no difference between decision-making processes about sharing personal identification information and ones about sharing privacy-related information.

• The Journal of Society for e-Business Studies
• /
• v.24 no.1
• /
• pp.121-137
• /
• 2019

De-identification is a method by which the remaining information can not be referred to a specific individual by removing the personal information from the data set. As a result, de-identification can lower the exposure risk of personal information that may occur in the process of collecting, processing, storing and distributing information. Although there have been many studies in de-identification algorithms, protection models, and etc., most of them are limited to structured data, and there are relatively few considerations on de-identification of unstructured data. Especially, in the medical field where the unstructured text is frequently used, many people simply remove all personally identifiable information in order to lower the exposure risk of personal information, while admitting the fact that the data utility is lowered accordingly. This study proposes a new method to perform de-identification by applying the k-anonymity protection model targeting unstructured text in the medical field in which de-identification is mandatory because privacy protection issues are more critical in comparison to other fields. Also, the goal of this study is to propose a new utility metric so that people can comprehend de-identified data set utility intuitively. Therefore, if the result of this research is applied to various industrial fields where unstructured text is used, we expect that we can increase the utility of the unstructured text which contains personal information.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.268-271
• /
• 2019

최근 인공지능과 빅데이터 등 최첨단 기술이 빠른 속도로 의료 정보시스템에 도입됨에 따라 환자정보를 포함한 민감한 개인정보에 대한 사이버 공격이 급증하고 있다. 다양한 개인정보 비식별화에 대한 표준이 제안되었지만, 데이터의 범주에 따른 기법 적용에 대한 연구가 미비하다. 본 논문에서는 EHR 데이터를 위한 심근경색을 대상으로 하는 원격 의료 시스템을 위한 개인정보들에 대한 민감도를 4단계로 분류하고 이에 따른 비식별화 기법에 대해 제안한다. 본 논문에서 제안한 EHR 데이터에 대한 분류 및 비식별화 기법은 다양한 의료 정보 서비스를 위한 프라이버시 보호에 활용될 수 있다.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• The Journal of the Korea Contents Association
• /
• v.19 no.5
• /
• pp.553-561
• /
• 2019

In this study, the method of quality measurement for the statistical usefulness of de-identified data was examined in terms of prediction accuracy by statistical modeling. In the era of the 4th industrial revolution, effective use of big data is essential to innovation through information and communication technology, but personal information issues are constrained to actively utilize big data. In order to solve this problem, de-identification guidelines have been established and the possibility of actual re-identification of personal information has become very low due to the utilization of various de-identification methods. On the other hand, strong de-identification can have side effects that degrade the usefulness of the data. We have studied the quality of statistical usefulness of the de-identified data by KLT model which is a representative de-identification method, A case study was conducted to see how statistical accuracy of prediction is degraded by de-identification. We also proposed a new measure of data usefulness of the de-identified data by quantifying how much data is added to the de-identified data to restore the accuracy of the predictive model.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.552-555
• /
• 2017

It is de-identification that emerged to find the trade-off between the use of big data and the protection of personal information. In particular, in the field of medical that deals with various semi-identifier information and sensitive information, de-identification must be performed in order to use medical consultation such as EMR and voice, KakaoTalk, and SNS. However, there is no separate law for medical information protection and legislation for de-identification. Therefore, in this study, we present the current status of de-identification of personal information, the status and case of de-identification of medical information, and finally we provide issues and solutions for medial information protection and de-identification.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.417-421
• /
• 2003

2000년 고기형 등이 발표한 땋임군상에서의 공개키 암호시스템은 후속적으로 다양한 이론적 분석 및 응용기법이 연구되고 있다 땋임군에서의 공개키 암호화기법과 서명기법은 기존에 제안되었으나 개인식별기법은 제안된 바가 없다. 본 논문에서 우리는 땋임군에서의 서명기법에 바탕을 둔 개인식별기법을 제안하고 그 안전성을 증명한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.977-983
• /
• 2013

This paper presents result of researching personal information exposure of Korean twitter and facebook users. Personally identifiable information such as e-mail and phone numer is exposed in the accounts less than 1%. However there are many cases that a person is identified by non personally identifiable information. For example, 350 thousands accounts are distinguished with other accounts because its name is unique. Using combination of information such as name and high school, we can distinguish 2.97 millions accounts. We also found 170 thousands account pairs that are candidate of one users' own account. Linkability between two accounts in two different domains means that the person is identified. Currently, only personally identifiable information is protected by policy. This paper shows that the policy has limited effects under the circumstances that a person can be identified by non personally identifiable information and the account linking is possible.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2005.11a
• /
• pp.67-70
• /
• 2005

현대사회에서는 자신도 알지못하는 많은 정보들이 유포된다. 이때 정보들은 개인의 익명성을 보장하기위해 성명, 성별, 주민등록번호와 같은 개인식별 애트리뷰트를 생략한채로 유포된다. 그러나 널리퍼져있는 이러한 정보들은 다른 외부 정보와 조인되므로써 유일하게 개인을 식별하게끔 하는 조인공격을 받을 수 있다. 하지만 이러한 조인공격시 여러데이터가나오게하므로써 개인식별을 어렵게 또는 불가능하게하는 방법을 k-anonymization이라고하고 이러한 k-anonymization을 지원하는 방법으로 이전부터 여러가지가 있다. 이전의 방법들로는 각 subset마다 k-anonymization을 검사해야했으나 Lefevre와 DeWitt가 제안한 Incognito 방법을 사용하면 한번의 검사로 모든k-anonymization을 보장할 수 있다. 이 논문에서는 이러한 Incognito를 bitmap index를 사용하므로써 성능을 개선시키는 기법을 제시한다.