• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.169-179
• /
• 2011

Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.99-116
• /
• 2023

The importance of data in the era of the 4th industrial revolution, a hyper-connected society based on information technology such as data and AI, is increasing, and the government is actively enacting and revising laws to revitalize the data economy. It is necessary to prevent and improve problems that may set an obstacle to the revitalization of the data industry or setting the wrong direction, such as possibility of conflict between the regulatory law(Personal Information Protection Act) and the Data Activation Act, differences in position by type of specialized agencies, performance scope of Data Specialist Organization and Expert Data Combination Agency, etc. In regard, I would like to analyze the role, current situation, and use cases of Expert Data Combination Agency, listen to field opinions, and derive and introduce measures to expand the role of Expert Data Combination Agency and improve them to vitalize the data economy

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• Korean small business review
• /
• v.42 no.1
• /
• pp.19-41
• /
• 2020

In Korea, punitive damages were introduced in the 2011 Fair Transactions in Subcontracting Act(FTSA), and in 2019 the Patent Act, Trade Secret Protection Act(TSPA), Industrial Technology Protection Act(ITPA), and Mutually Beneficial Cooperation Act(MBCA). In punitive damages, the judgment of 'intentional' is especially important, and it is necessary to refer to US precedents since there is no accumulated case. Major Company can avoid intentional counseling through the advice of lawyers, but SMEs may have to punish punitive damages due to a lack of awareness of the system. In the case of TSPA, ITPA, FTSA, and MBCA, except for Patent Act, the provisions related to proof of damage have not been well maintained yet. Therefore, the data submission order system of these laws needs to be revised to the level of patent Act need to be. TSPA needs to be amended in the future to estimate the amount of the royalties in estimating the amount of damages so that it can receive the 'reasonably' estimated amount rather than the usual amount. On the other hand, ITPA, FTSA, and MBCA do not have any provisions for the estimation of damages. Besides, it is difficult to evaluate the technology value in the case of leakage or deodorization of new technologies. Therefore, valuation needs to be carried out by a credible institution along with the development of a model for calculating damages.

• Journal of the Korea Convergence Society
• /
• v.11 no.12
• /
• pp.233-242
• /
• 2020

We posit that employee ownership through defined contribution (DC) plans results in managerial entrenchment, and then examine the effect of the enactment of the Pension Protection Act of 2006 on the relation between the employee ownership and firm performance. By conducting Ordinary Least Square regression with the data from Form 5500 over the period of 1999-2014, we find that firms with large employee ownership increase their firm value measured by Tobin's Q after the adoption of the Act. These findings suggest that the adoption of the Act has been effective to mitigate the negative effect of managerial entrenchment by decreasing the employee ownership and reinforcing the fiduciary duty of plan trustees. Given the fact that we test the effects of the diversification rule on employee ownership using firm performance, further research could aim to examine the effects of the rule on employee ownership using stock return or market reaction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.279-286
• /
• 2020

On February 4, 2020, the Personal Information Protection Act ("Privacy Act") was amended to facilitate the convergence and utilization of data, a key resource of the Fourth Industrial Revolution, and to support the development of the data industry. As the scope of the law applies to telecommunications operators, financial operators, and personal information processing providers, the scope of related dispute settlement is expected to increase. Therefore, this paper first introduces the role and function of the Personal Information Dispute Committee and the institutional standards for personal information dispute mediation, and researches the roles and issues that the Personal Information Dispute Mediation Committee should play in accordance with the revision of the Data 3 Law. In this study, For efficient operation of personal information dispute mediation, expert deliberation by field, new adjustment criteria for new industrial technologies, way to secure business continuity between the Personal Information Dispute Committee and the Personal Information Committee, Secure the link between the mediation decision and courts, and Suggested the strengthening of the operational standards for collective dispute mediation.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.87-92
• /
• 2014

We have noted a possibility of big data as a solution of social problem and pending issue. At the same time big data has a problem of privacy. Big data and privacy were in conflict. In this paper we pointed out that issue and propose a planning of big data based on privacy using case study of advanced country.

• Journal of Labour Economics
• /
• v.36 no.2
• /
• pp.67-94
• /
• 2013

Using data from the Economically Active Population Survey: Supplement by Employment Type, This paper examines the effects of the 2007 Act on the Protection of Fixed-term and Part-time Employees on employment levels. Since the Act is applied to only individuals below 55 years of age, we restrict the analysis sample to men whose ages are close to 55 at the time of the survey. For such a sample, the empirical analysis combines regression discontinuity design with a difference-in-differences. The results suggest that the employment effect of the 2007 Act takes a U-shape. The results suggest that the employment effect of the 2007 Act takes a U-shape. The negative effect of the Act was largest around August 2008, a year after it took effect. The negative effects on employment faded away toward August 2009.