• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.24 no.4
• /
• pp.167-176
• /
• 2024

The Personal Information Protection Commission was launched in August 2020 as an integrated control tower for personal information protection, but several problems have been pointed out in the personal information protection operation system. First, despite the fact that Korea's personal information protection system has an integrated legal system that regulates both the public and private sectors, it has been pointed out that it is difficult to carry out smooth personal information protection functions due to incomplete integration of protection functions, such as the Financial Services Commission being in charge of personal credit information protection and the Korea Communications Commission being in charge of personal location information protection. Next, despite the increasing number of public sector personal information leakage incidents, there is a lack of personnel with expertise and specialized support organizations to efficiently investigate them, and there is a concern that the lack of an efficient response system to personal information infringement by global IT companies in Korea in the era of digital commerce may weaken the protection of citizens' personal information. In order to solve these problems, I reviewed overseas cases and literature and proposed the following measures. First, it is necessary to centralize the personal information protection supervision function for credit information and location information to the Personal Information Protection Commission. Second, it is necessary to secure expertise by securing specialized personnel and establishing specialized institutions to respond to public sector personal information leakage incidents. Third, it is necessary to revitalize the domestic agency designation system and establish an international cooperation system to protect people's personal information in the digital commerce era. I believe that these measures to develop the personal information protection system will lead to more systematic personal information protection.

• Management & Information Systems Review
• /
• v.36 no.1
• /
• pp.81-94
• /
• 2017

In the age of information overload such as Internet of Things(IoT), big data, and cloud computing, Data and informations are collected to processed regardless of the individual's will. The purpose of this paper presents a model related to personal information overlord, information privacy risk, information privacy concern (collection, control, awareness) and personal information privacy protective response. The results of this study is summarized as follows. First, personal information overload significantly affects information privacy risk. Second, personal information overload significantly affects information privacy concern(collection, control, awareness) Third, information privacy risk significantly affects collection and awareness among information privacy concern, but control does not significantly affects. This results shows that users are cognitively aware the information risk through collection and awareness of information. Users can not control information by self, control of information does not affects. Last, information privacy concern(collection and awareness significantly affect information privacy protective response, but information privacy concern (control) does not affect. Personal information users are concerned about information infringement due to excessive personal information, ability to protect private information became strong.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.271-288
• /
• 2010

In this paper, we study the dysfunctions of cryptography as dual-use goods and national domestic encryption control policies like key recovery system and decryption order. And we examine risks of the breach of the peoples' constitutional rights like the right to privacy in these policies and analyze these policies by applying the principle of the ban on the over-restriction. Finally, we propose the direction and requirements of our national domestic encryption control policy that maintains the balance of peoples' constitutional rights and investigatory powers.

• Information Systems Review
• /
• v.17 no.3
• /
• pp.77-94
• /
• 2015

As Internet has become a popular media for sharing information, users create and share tremendous volume of information including large amount of personal information in cyberspace. Sharing private information online can enhance strength of social relationship but it could also bring negative consequences like information privacy invasion. Although many companies and governments address the importance of information privacy online, there are countless cases of crimes and hackings relating personal information online world wide. Since there are some researches investigating the role of governments and organizations on online privacy domain but there is little research regarding users' privacy protection behaviors. This study investigates relationship between Internet users' information privacy protection behavior and environmental factors. Especially, this study focuses on users' behaviors regarding information privacy protection technology adoption. According to our research results, users' online privacy protective behaviors positively affected by governmental regulations expressed as an information privacy protection law. In addition, if user is allowed to use anonymity when he or she uses online services, they have more tendencies to adopt privacy protection technologies. The detailed research findings and contribution are discussed as well.

• Journal of Information Management
• /
• v.36 no.1
• /
• pp.125-154
• /
• 2005

Due to the development of Internet and the collection and usage of the individual information, the infringements of the personal data have been increased rapidly. Regarding the personal data protection in the medical industry, it is clearly described in 'Act on Promotion of Information and Communication Network Utilization and information Protection, etc.'. the law is ratified on the basis of the service provider, therefore, it has its own limitation to be applied to medical industry. Therefore, this paper is to set the security standard and to discuss the range of legal application and considerations on its basis for the domestic medical institution at the electronic medical record system. We exemplify specific applicable content of the electronic signature in the electronic medical record also, present a security assessment item in electronic medical system and set the criteria for the security standard in the medical industry.

• Journal of Internet Computing and Services
• /
• v.10 no.2
• /
• pp.29-40
• /
• 2009

The development of information technology such as the internet has brought about rapidly changes the old medical technology, e-Healthcare has been to raise social issue. The e-Healthcare which new turning point of paradigm in the medical information develops the medical policy in Korea and the technology, the prospective of reverse engineering in internet environment is incurring problems such as distribution of critical information and invasion and infringement of privacy, etc. In this research, we suggest the Role Based Access Control System, HPIP-e-Healthcare Privacy Information Protection, for solving above problem. The HPIP is composed 4 mechanisms such as Consolidate User Identity, Hospital Authorization, Medical Record Access Control, Patient Diagnosis and we are also prototyping the HPIP for feasible approach in the real computing environment.

• Journal of the Korea Society of Computer and Information
• /
• v.16 no.11
• /
• pp.189-200
• /
• 2011

With rapid development and contribution of IT technology IT fushion healthcare service which is a form of future care has been changed a lot. Specially, as IT technology unites with healthcare, because delicate personal medical information is exposed and user's privacy is invaded, we need preperation. In this paper, u-healthcare service model which can manage patient's ID information as user's condition and access level is proposed to protect user's privacy. The proposed model is distinguished by identification, certification of hospital, access control of medical record, and diagnosis of patient to utilize it efficiently in real life. Also, it prevents leak of medical record and invasion of privacy by others by adapting user's ID as divided by user's security level and authority to protect privacy on user's information shared by hospitals.

• Journal of Convergence for Information Technology
• /
• v.9 no.7
• /
• pp.100-105
• /
• 2019

As IoT Technology develops and Era of Hyperconnectivity comes, various kinds of customized services became available. As a next-generation display, a smart mirror accesses multimedia devices and provides various services, so it can serve as a social learning tool for the children and the old ones, as well as adults who need information. Smart Mirror must be able to identify users for individualized services. However, since the Smart Mirror is an easily accessible device, there is a possibility that information such as an individual's pattern and habit stored in the smart mirror may be exposed to the outside. Also, the other possibility of leakage of personal location information is through personal schedule or appointment stored in the smart mirror, and another possibility that privacy can be violated is through checking the health state via personal photographs. In this research, we propose a system that identify users by the information the users registered about their physique just like their face, one that provides individually customized service to users after identifying them, and one which provides minimal information and service for unauthenticated users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.317-326
• /
• 2012

Internet service provider is able to collect personal information to prevent the violations of the rights of service providers and customers using internet. But there are still many debates going on between a personal privacy and a regulation. Proxy servers are used in various technical purposes include bypass access. Although the proxy server users are increasing but there are not any proper institutional mechanisms and regulations to protect users. In this study, we discuss the two sides of a proxy service includes its privacy protection function and the cyber-crime threat and propose supplementary measures to mediate between the interests of public and private.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.5
• /
• pp.987-999
• /
• 2021

Recently, Federated learning has become an issue due to privacy invasion caused by data. Federated learning is safe from privacy violations because it does not need to be collected into a server and does not require learning data. As a result, studies on application methods for utilizing distributed devices and data are underway. However, Federated learning is no longer safe as research on the reconstruction attack to restore learning data from gradients transmitted in the Federated learning process progresses. This paper is to verify numerically and visually how well data reconstruction attacks work in various data situations. Considering that the attacker does not know how the data is constructed, divide the data with the class from when only one data exists to when multiple data are distributed within the class, and use MNIST data as an evaluation index that is MSE, LOSS, PSNR, and SSIM. The fact is that the more classes and data, the higher MSE, LOSS, and PSNR and SSIM are, the lower the reconstruction performance, but sufficient privacy invasion is possible with several reconstructed images.