• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1245-1255
• /
• 2015

As cloud computing services become popular, the concern on the data security of cloud services increases and the efforts for the data security become essential. In this paper, we describe the pros and cons of cloud computing including the definition of cloud. Then, we discuss the regulations about the protection of user data defined in cloud promotion act. Previous studies related to the privacy protection and the entrustment of personal information in cloud computing are reviewed. We examine how to store the personal information depending on the cloud service model. As a result, we argue that the entrustment of personal information should vary according to the cloud service model and we propose how to protect the personal information on IaaS and SaaS cloud service models.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• International Journal of Computer Science & Network Security
• /
• v.24 no.8
• /
• pp.32-42
• /
• 2024

The Internet of Things (IoT) is set to transform patient care by enhancing data collection, analysis, and management through medical sensors and wearable devices. However, the convergence of IoT device vulnerabilities and the sensitivity of healthcare data raises significant data integrity and privacy concerns. In response, this research introduces the Smart-Coord system, a practical and affordable solution for securing healthcare IoT. Smart-Coord leverages blockchain technology and coordinate-based access management to fortify healthcare IoT. It employs IPFS for immutable data storage and intelligent Solidity Ethereum contracts for data integrity and confidentiality, creating a hierarchical, AES-CBC-secured data transmission protocol from IoT devices to blockchain repositories. Our technique uses a unique coordinate system to embed confidentiality and integrity regulations into a single access control model, dictating data access and transfer based on subject-object pairings in a coordinate plane. This dual enforcement technique governs and secures the flow of healthcare IoT information. With its implementation on the Matic network, the Smart-Coord system's computational efficiency and cost-effectiveness are unparalleled. Smart-Coord boasts significantly lower transaction costs and data operation processing times than other blockchain networks, making it a practical and affordable solution. Smart-Coord holds the promise of enhancing IoT-based healthcare system security by managing sensitive health data in a scalable, efficient, and secure manner. The Smart-Coord framework heralds a new era in healthcare IoT adoption, expertly managing data integrity, confidentiality, and accessibility to ensure a secure, reliable digital environment for patient data management.

• Journal of Digital Convergence
• /
• v.18 no.6
• /
• pp.17-32
• /
• 2020

This study analyzes the regulatory issues of stakeholders, the firm, the government, and the individual, in the data industry using the principal-agent theory. While the importance of data driven economy is increasing rapidly, policy regulations and restrictions to use data impede the growth of data industry. We applied descriptive case analysis methodology using principal-agent theory. From our analysis, we found several meaningful results. First, key policy actors in data industry are data firms and the government among stakeholders. Second, two major concerns are that firms frequently invade personal privacy and the global companies obtain monopolistic power in data industry. This paper finally suggests policy and strategy in response to regulatory issues. The government should activate the domestic agent system for the supervision of global companies and increase data protection. Companies need to address discriminatory regulatory environments and expand legal data usage standards. Finally, individuals must embody an active behavior of consent.

• Convergence Security Journal
• /
• v.24 no.2
• /
• pp.133-140
• /
• 2024

The spread of Direct-to-Consumer (DTC) genetic testing, where users request tests directly, has been increasing. With growing demand, certification systems have been implemented to grant testing qualifications to non-medical institutions, and the scope of tests has been expanded. However, unlike cases in less regulated foreign countries, disease-related tests are still excluded from the domestic regulations. The existing de-identification method does not adequately ensure the uniqueness and familial sharing of genomic information, limiting its practical utility. Therefore, this study proposes the application of fully homomorphic encryption in the analysis process to guarantee the usefulness of genomic information while minimizing the risk of leakage. Additionally, to safeguard the individual's right to self-determination, a privacy preservation model based on Opt-out is suggested. This aims to balance genomic information protection with maintainability of usability, ensuring the availability of information in line with the user's preferences.

• Journal of the Korea Convergence Society
• /
• v.13 no.4
• /
• pp.25-37
• /
• 2022

The government and private companies are endeavoring to help the digital healthcare industry grow. This includes easing regulations on the big data industry such as the amendment of the Data 3 Act. Despite these efforts, however, there have been constant demands for the amendment of laws related to the medical field and for securing medical data transmissions. In this paper, the Data 3 Act of Korea and the legal system related to healthcare are examined. Then the legal, institutional, and technical aspects of the strategies are compared to understand the issues and implications. Based on this, a legal and institutional strategy suitable for the digital healthcare industry in Korea is suggested. Additionally, a direction to improve social perception along with technical measures such as safe de-identification processing and data transmission are also proposed. This study hopes to contribute to the spread of various convergent industries along with the digital healthcare industry.

• Convergence Security Journal
• /
• v.14 no.3_2
• /
• pp.3-12
• /
• 2014

The government was fully aware of the gravity of a recent massive leak of personal information of credit card users. Meanwhile, the government just took a light disciplinary action by imposing a fine, but it showed its intention to strengthen the regulations by taking the severest disciplinary action. The tightened regulations against personal information leak will be applied to the private security industry without exception to protect individual people's property and lives if such an incident occurs in that industry that deals with a wide variety of personal information such as CCTV data or privacy information all the time. The purpose of this study was to examine the state of the protection and management of personal information for service users among private security firms in an effort to suggest some reform measures. The findings of the study were as follows: First, administrators or managers who are involved with personal information protection should make a full-fledged effort to gather information. Second, counseling or related programs should be provided for small and mid-sized security firms to guarantee thorough personal information protection. Third, Korea Security Association should improve the educational system related to personal information protection to resolve problems with this education currently provided for managers and employees of these companies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1293-1308
• /
• 2014

The cause of privacy extrusion in credit card company at 2014 is usage of the original data in test system. By Electronic banking supervision regulations of the Financial Supervisory Service and Information Security business best practices of Finance information technology (IT) sector, the data to identify the customer in the test system should be used to convert. Following this guidelines, Financial firms use converted customer identificaion data by loading in test system. However, there is some risks that may be introduced unintentionally by user mistake or lack of administrative or technical security in the process of testing. also control and risk management processes for those risks did not studied. These situations are conducive to increasing the compliance violation possibility of supervisory institution. So in this paper, we present and prove the process to eliminate the compliance violation possibility of supervisory institution by controlling and managing the unidentified conversion customer identification data and check the effectiveness of the process.

• The Journal of Economics, Marketing and Management
• /
• v.10 no.4
• /
• pp.13-24
• /
• 2022

Purpose: Although numerous research has covered content on trends in the adoption and use of wearable devices, their uses across several sectors such as healthcare, gaming, and fashion, there seems to be a considerable paucity with regard to empirical research focusing on the solutions for factors that undermine the effectiveness of wearable devices in healthcare. The present research aims to highlight what has been covered on wearable devices in healthcare while highlighting the limitations for future research. Research design, data, and methodology -The present authors conducted one of the most famous qualitative literature approach which has been called as PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analysis) statement. The selecting criteria for eligible prior studies was estimated by whether studies are suitable for the current research, identifying they are peer-reviewed and issued by notable publishers between 2017 and 2022. Result - Our results indicated that (1) Increasing the Affordability and User Education on Wearable Devices in Healthcare (2) Tackling the Technological Issues in Wearable Devices to Promote Healthcare Delivery (3) Solving Security and Privacy Issues Associated with Wearable Devices (4) Promoting Standards and Appropriate Regulations for Wearable Devices. Conclusion - To add, resolving the technological issues associated with wearable devices in healthcare will ensure that the new devices in the market will have longer battery life, multiple functions, and enhanced accuracy, thus ensuring that patients receive better care. Necessary interventions are taken on time to avoid any deleterious consequences such as proliferating mortality rates among the different patient groups.

• The Journal of the Korea Contents Association
• /
• v.17 no.7
• /
• pp.408-415
• /
• 2017

The aim of this study is to discuss some of the prominent ideas which use drone for police works. Focusing on the extent of the utility and practicability of using drone in policing, this paper attempts to address both positive and negative aspects in conjunction with related statutes and regulations. This study uses a qualitative case study approach and offers three practical implications including: (1) enacting a law that covers using drones in policing, (2) hiring technical professionals or training police officers to prevent illegal drones and to implement a variety of policing strategies, and (3) collecting data and information on crime and criminals and then developing the best way to respond to these problems.