• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1091-1102
• /
• 2012

With a recent rapid increase in infringement on privacy information, a need to protect privacy information is called for more than ever. Keeping pace with such concern and demands of the times, Korea has established and executed "Privacy Information Protection Act" on September 30th, 2011. This regulation was enacted from an individually regulated method to a basic regulation that includes public and private institutions. Also, the regulation includes diverse contents for the sake of protecting privacy information by expanding a range of protection subjects and limiting the process of uniquely identifiable information. In this context, the study has suggested a direction for development on Korea's Privacy information Protection Act by taking a look at the status on privacy information protection acts from home and foreign nations and conducting a comparative analysis between domestic and foreign acts.

• The Korean Society of Law and Medicine
• /
• v.24 no.4
• /
• pp.67-101
• /
• 2023

The utilization of generative AI in the medical field is also being rapidly researched. Access to vast data sets reduces the time and energy spent in selecting information. However, as the effort put into content creation decreases, there is a greater likelihood of associated issues arising. For example, with generative AI, users must discern the accuracy of results themselves, as these AIs learn from data within a set period and generate outcomes. While the answers may appear plausible, their sources are often unclear, making it challenging to determine their veracity. Additionally, the possibility of presenting results from a biased or distorted perspective cannot be discounted at present on ethical grounds. Despite these concerns, the field of generative AI is continually advancing, with an increasing number of users leveraging it in various sectors, including biomedical and life sciences. This raises important legal considerations regarding who bears responsibility and to what extent for any damages caused by these high-performance AI algorithms. A general overview of issues with generative AI includes those discussed above, but another perspective arises from its fundamental nature as a large-scale language model ('LLM') AI. There is a civil law concern regarding "the memorization of training data within artificial neural networks and its subsequent reproduction". Medical data, by nature, often reflects personal characteristics of patients, potentially leading to issues such as the regeneration of personal information. The extensive application of generative AI in scenarios beyond traditional AI brings forth the possibility of legal challenges that cannot be ignored. Upon examining the technical characteristics of generative AI and focusing on legal issues, especially concerning the protection of personal information, it's evident that current laws regarding personal information protection, particularly in the context of health and medical data utilization, are inadequate. These laws provide processes for anonymizing and de-identification, specific personal information but fall short when generative AI is applied as software in medical devices. To address the functionalities of generative AI in clinical software, a reevaluation and adjustment of existing laws for the protection of personal information are imperative.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.12
• /
• pp.251-258
• /
• 2012

The protection of medical information by major Issues on medical information to protect the individuals' privacy on medical information. Especially, Issues of medical service information, medical record, insurance, employment, Genetic technology including genetic test and screening, gene therapy and genetic enhancement is developing rapidly. Defensibility of medical information documentation is tested in the courts. medical information can be illicitly accessed from anywhere and transmitted across the quickly and with risk of detection. Once data is distributed on the internet, it may become available to anyone who wishes to purchase it, and it cannot be expunge. Patient privacy protection of medical information is controlled mostly by patient consent laws that define how and when a patient must consent before a physician may disclose the patient's medical information to anyone else. enterprise that offers consumers commodities or services is checking problem about customer information of management system is checking problem about customer information of management system essentially. Therefore, in this paper will find a way out to Protection of medical information by major Issues on medical information.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• v.9 no.2
• /
• pp.780-783
• /
• 2005

본 논문에서는 RFID를 기반으로 하는 유비쿼터스 사회에서 개인 프라이버시 침해 요인을 분석하고 RFID 프라이버시 보호를 위한 요구 사항을 도출한다. 또한 세계 각국 및 국제 단체에서 RFID 프라이버시 보호를 위한 세계 각구의 법제 동향 및 가이드라인 제정 동향에 대하여 분석한다. 이를 기반으로 국내의 RFID 프라이버시 보호 가이드라인을 분석하여 적용방안을 제시한다. 최종적으로 RFID 기술 구현에 따른 RFID 프라이버시 보호 방안을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.883-899
• /
• 2012

This study will propose the policy priorities of cyber information security by AHP(Analytic Hierarchy Process) survey. The policy categories for AHP survey consist in the foundation of information security and activity of information security(1st hierarchy). In the second hierarchy, the foundation of information security was classified into laws-system, human resources, h/w-s/w technology and sociocultural awareness. And the activity of information security was divided into infrastructure protection, privacy protection, related industry promotion, and national security. Information policy alternatives were composed of 16 categories in the third hierarchy. According to the AHP result, in the perspective of policy importance, the modification of related laws was the first agenda in the policy priority, better treatment of professionals was the second, and the re-establishment of policy system was the third. In the perspective of policy urgency, the re-establishment of policy system was the first item, the modification of related laws was the second, and better treatment of professionals is the third.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.9-17
• /
• 2014

With the rapid development of the Internet and information technology, a company that deals with personal information does not have proper action to protect personal privacy and not take measures for the safe handling and management of personal information. It generates the case to abuse of personal information occurring frequently. In order to focus the effort to reduce damage and protect the privacy of personal information entity and enhance privacy laws based on the connection method and the processing of personal information, Korea encourages a company to follow regulation by providing certain criteria. However, in the case of items of measures standard of safety of personal information such as priority applicable criteria in accordance with the importance of itemized characteristics and the company of each individual information processing is not taken into account, and there are some difficulties to execute. Therefore, we derive criteria by law and reviewing existing literature related, the details of the measures standard of safety of personal information in this study and generate a hierarchical structure by using the KJ method for layering and quantification of the evaluation in integration of the reference item similar and the grouping. Accordingly, the weights calculated experts subject using the AHP method hierarchical structures generated in this manner, it is an object of the proposed priority for privacy and efficient more rational enterprise.

• Review of KIISC
• /
• v.15 no.2
• /
• pp.37-53
• /
• 2005

정보통신환경발달과 함께 지식사회에서 암호의 역할이 증대됨에 따라 OECD의 암호정책가이드라인 공표를 시점으로 각 국은 자국의 신정에 맞는 새로운 암호정책을 세우고 이에 따른 법$\cdot$제도를 정비하기 위해 본격적인 노력을 기울여오고 있다. 하지만 암호는 개인의 프라이버시를 보호할 수 있는 가장 유용한 수단인데 반해 암호의 범죄이용 등으로 인한 국가의 안녕과 법질서 혼란을 초래할 수 있다는 역기능도 상존하고 있다. 각 국의 정부는 이러한 우려 때문에 암호이용을 제한적으로 규제하려는 정책을 시도하여 왔으나 시민단체의 반대에 부딪쳐 암호의 자율이용 원칙과 국가 합법적 통제제고의 균형을 맞출 수 있는 암호정책을 세우는데 고심하고 있다. 본 교에서는 미국, 영국, 프랑스, 중국 등 주요 국가론 중심으로 암호이용을 활성화하고 암호의 역기능을 방지하기 위해 세운 암호정책 및 암호이용 관련 법제도 현황을 살펴보았다.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.149-156
• /
• 2015

The Personal Information Protection Commission shall be established under the direct jurisdiction of the President and shall independently perform affairs under its authority. It shall be comprised of total 15 members (5 members designated by the President, 5 members elected at the National Assembly and 5 members designated by the Chief Justice of the Supreme Court), including one minister-level Chairperson and one vice-minister-level standing member. Main functions of the Personal Information Protection Commission include deliberation and resolution of major policies and improvement of ordinances and systems related to personal information protection, coordination of opinions among public institutions in regards to the management of personal information, recommendation of improvement such as suspension of infringement by a central administrative agency, a local government and a constitutional institution, and submission of annual reports on personal information protection to the National Assembly. The function and role of the Personal Information Protection Commission regulated by the current law are insufficient in terms of independence and authorities of protection agencies compared to the international standard or level of discussion. The Commission thus cannot play a sufficient role as an independent agency for efficient protection of personal information. Therefore, there is a need for law revision that revives the purpose of the establishment of the Personal Information Protection Commission.

• Journal of Digital Convergence
• /
• v.9 no.6
• /
• pp.81-90
• /
• 2011

Companies using internet as a kind of marketing means are increasing rapidly according to the expansion trend of e-commerce through internet and consumers also use internet as the common means of purchasing necessary articles. E-commerce using internet has advantages without limitation to temporal and spatial accessibility and general consumers and unspecified individuals also use internet to purchase their goods as well as general transactions such as advertisement, contract, payment and claim settlement. 'In the age of information, invasion of personal information resulted from the development of information and communication technology is one of the greatest problems all the countries in the world face. Therefore, Personal information protection Act is one of basic laws to protect personal information and rights and it is also an essential law in the age of information. In that sense, new Personal information protection Act is the advanced act containing various items to minimize the national damages from the leaking of private information and protect right to informational self-determination in the information society. It is expected that this legislation contributes to reduce the leaking of private information, enhance the level of privacy protection and develop privacy related industries. However, active participation of all members of our society and improvement of their recognition should be preceded for the rational and legal use of private information and the settlement of its protection culture. While the purpose of Personal information protection Act can protect privacy from collection, leaking, misuse and abuse of private information and enhance national interests and protect personal dignity and value, it also must perform the roles of balancing privacy protection with liberal information flow.

• Review of KIISC
• /
• v.21 no.5
• /
• pp.21-26
• /
• 2011

최근 들어 인터넷사업자들이 웹상에서 제공하는 새로운 서비스가 각국의 개인정보보호 법제에 저촉되는 사례가 늘고 있다 인터넷사업자들이 국경을 넘어 정보를 수집하고 이를 가공처리, 저장하는 과정에서 본인의 동의를 얻지 않거나 개인정보를 익명처리하지 않은 것이 주로 문제가 되고 있다. 본고는 국제적으로 서비스를 하고 있는 대형 인터넷사업자가 프라이버시 침해 혐의를 받고 있는 사례를 알아보고, 무엇이 문제가 되는지 쟁점을 검토하였다. 특히 현지 감독당국이 글로벌 인터넷사업자의 위법사실을 적발하였더라도 해당 사업자가 대리인이나 분신 도구를 통하여 행동한 사실이 없으면 본사에 제게를 가할 수 없는 실정이다. 사이버공간에서는 실제 위반행위자가 없더라도 중대한 개인정보를 침해하는 결과를 가져온다면 영화 <아바타>에서와 같은 해결방법을 모색해볼 수 있다. 아바타는 독자적인 사고나 판단능력이 전혀 없지만, 나비족이 사는 낙원이 지구인에 의하여 파괴될 수 있는 상황에서 아바타와 이를 조종하는 사람들이 한 몸이 되어 나비족과 힘을 합쳐 아름다운 낙원을 지켜낸다. 즉, 인터넷사업자가 국내 실재하지 않더라도 그의 활동결과로 볼 수 있는 침해행위가 발생하고, 그 결과 회복할 수 없는 피해가 발생할 우려가 있으며, 본인과 아바타를 한 몸으로 볼 수 있다면 아바타를 통해 위법행위를 저지른 본사의 책임자를 처벌할 수 있어야 한다. 만일 그 책임자를 특정할 수 없더라도 그의 감독책임이 있는 본사 법인에 책임을 물을 수 있다고 본다. 만일 법원에서 이러한 '아바타 이론'을 수용한다면 국내에서도 외국 본사에 벌금을 과하는 등 처벌이 가능할 것이다. 다만, 해당 인터넷사업자의 반발도 만만치 않을 것이므로 주요국 개인정보 감독기구는 수사정보를 교환하는 등 국제적으로 긴밀한 협조체제를 갖출 필요가 있다.