• Review of KIISC
• /
• v.33 no.6
• /
• pp.89-109
• /
• 2023

최근 AI와 로봇기술 등으로 개인정보를 포함한 데이터의 처리가 일상화됨에 따라 한국정부는 개인정보 비식별 조치 가이드라인 및 데이터 3법을 발표함으로써 개인정보 비식별화를 돕고자 하였다. 하지만 복잡한 비식별화 절차와 이의 효과에 대한 불명확함으로 기업들이 개인정보를 포함한 빅데이터의 활용에 어려움을 겪고, 동시에 시민단체나 소비자단체에서는 현 가이드라인에 따른 비식별화 절차가 개인정보를 보호하기에 충분하지 않다고 지적하고 있다. 본고에서는 비식별화 현황과 기술을 검토하고 현 가이드라인의 한계점을 보완 함으로써 데이터 활용 업체와 기관들의 정확한 비식별화를 돕고 빅데이터 활용의 활성화에 기여하고자 한다.

• Review of KIISC
• /
• v.29 no.4
• /
• pp.13-18
• /
• 2019

우리나라 정부는 2016년, 현행 개인정보보호 법령의 틀 내에서 데이터가 안전하게 활용될 수 있도록 관계부처 합동 <개인정보 비식별 조치 가이드라인>을 마련하여, 비식별 조치를 위해 사업자 등이 준수해야 할 비식별 조치 기준을 제시하였다. 그 후 국내에서는 조화로운 방향으로 개인정보보호와 활용을 이루기 위해 다양한 노력이 있었고 이와 관련하여, 본고에서는 국내 비식별 조치 추진현황 및 2016년 이후 한국 주도로 개발 중인 국제표준 2건 등 비식별 처리 분야의 국제표준화 동향을 살펴본다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2016.10a
• /
• pp.297-300
• /
• 2016

최근 빅데이터 산업이 발전하고 있는 상황에서 빅데이터 산업에 활용되는 개인정보의 보호에 관한 문제가 대두하고 있다. 빅데이터 산업에서 개인정보를 활용하기 위해서는 비식별화 조치를 해야 한다. 하지만 비식별화는 비식별화 평가 모델 자체의 취약성과 더불어 비식별화된 개인정보를 재식별화 하는 위험성도 존재한다. 본 논문은 적정성 평가 모델, 비식별화 조치 기술, 재식별에 관한 위험성을 연구하고 각 위험성에 대한 대응 방안을 통해 재식별화의 문제를 해결하여 빅데이터 산업에서 비식별화된 개인정보가 안전히 쓰일 수 있도록 해야 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.340-343
• /
• 2016

The Korean government published the personal information de-identification guideline on June 2016, which were made by related government ministries. The guideline's objective is that the invigoration of Korean bigdata industry on personal information protection under the current laws. However, if there is some unreasonable method or process in the guideline, it can be an obstacle to bigdata analysis. This article will review the guideline to find defects in methods and processes of de-identification evaluation, de-identification support and data-linkage and then propose the best solutions to improve them. Lastly, this article will mention how these solutions can invigorate Fintech industry.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.11-21
• /
• 2022

Although interest in de-identification measures for the safe use of personal information is growing at home and abroad, cases where de-identified information is re-identified through insufficient de-identification measures and inferences are occurring. In order to compensate for these problems and discover new technologies for de-identification measures, competitions to compete on the safety and usefulness of de-identified information are being held in Korea and Japan. This paper analyzes the safety and usefulness indicators used in these competitions, and proposes and verifies new indicators that can measure usefulness more efficiently. Although it was not possible to verify through a large population due to a significant shortage of experts in the fields of mathematics and statistics in the field of de-identification processing, very positive results could be derived for the necessity and validity of new indicators. In order to safely utilize the vast amount of public data in Korea as de-identified information, research on these usefulness metrics should be continuously conducted, and it is expected that more active research will proceed starting with this thesis.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.53-63
• /
• 2022

Recently, as digital transformation due to the COVID-19 pandemic accelerates, data to improve individual quality of life is being used in large quantities, and more reinforced non-identification processing procedures are required to utilize the most valuable personal information among data. In Korea, procedures for de-identification measures are presented through amendments to laws and guidelines, but there is no methodology to measure the level of de-identification in the field due to ambiguous processing standards and subjective risk measurement methods. This paper compares and analyzes the current status of policy and guidelines related to de-identification measures proposed at home and abroad to derive complementary points, suggests a data context-based risk measurement method centered on pseudonymized information processing, and verifies its validity. As a result of verification through Delphi survey and focus group interview (FGI), it was confirmed that the need for the proposed methodology and the validity of the indicators were high.

• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• The Journal of the Convergence on Culture Technology
• /
• v.2 no.4
• /
• pp.71-76
• /
• 2016

In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.719-734
• /
• 2020

This paper proposes a new measurement scheme for estimating the processing level according to risk when performing de-identification in the use of personal information by practitioners in the organization in line with the recently revised Data 3 Act. Our proposed methods considered the surrounding circumstances surrounding the data, not just the data, for risk measurement, and divided the data situation into three categories more systematically so that it can be applied in all areas in a general-purpose environment, the data utilization environment, and the data (self) so that it can be calculated quantitatively based on each context risk according to the presented classification. The proposed method is designed to calculate the risk of existing de-identifiable information in a quantitative manner so that personal information controller in general organizations can use it in practice, not just in the qualitative judgment of experts.