• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.4
• /
• pp.923-939
• /
• 2012

In the information society, to serve the normal economic activity and to delivery the public service is to secure the privacy information. The government endeavors to support with the privacy protection laws and public organizations. This paper is to study the privacy protection policy in the major countries by analyzing the laws and organizations. At last, The study is to examine the policy tasks to support the privacy protection policy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.347-363
• /
• 2024

As the number of cyberattacks against the National Critical Information Infrastructure (NCII) is steadily increasing, many countries are strengthening the protection of National Critical Information Infrastructure (NCII) through the enactment and revision of related policies and legal systems. Therefore, this paper selects countries such as the United States, the United Kingdom, Japan, Germany, and Australia, which have established National Critical Information Infrastructure (NCII) protection systems, and compares and analyzes the promotion system of each country's National Critical Information Infrastructure (NCII) protection policy. This paper compares the National Critical Information Infrastructure (NCII) protection system of each country with the cybersecurity system and analyzes the promotion structure. Based on the policy model theory, which is a modification of Allison's theory and Nakamura & Smallwood's theory, this paper analyzes the model of each country's promotion system from the perspective of policy-making and policy-execution. The United States, Japan, Germany, and Australia's policy-promotion model is a system-strengthening model in which both policy-making and policy-execution are organized around the protection of the National Critical Information Infrastructure (NCII), while the United Kingdom and South Korea's policy-promotion model is an execution-oriented model that focuses more on policy-execution.

• Journal of the Korean Home Economics Association
• /
• v.40 no.9
• /
• pp.79-95
• /
• 2002

In this paper the consumer protection regulations of 16 wide area self-governments in Korea are studied. Status of consumer protection policy committees and their general policies for consumer protection of these wide area self-governments are also investigated. The data of consumer protection regulation were collected from the internet web-site of each self-government and the status of consumer protection policy committee and the general policy for consumer protection were obtained by requesting each self-government to report administration information during May through October in 200l. 13 of 16 wide area self-governments except Daegu, Inchon, and Jejudo have own consumer protection regulations. Major parts of these regulations conform the standard regulation of ministry of Government Administration and Home Affairs. Many of the consumer protection policy committees reported that they do not have meetings constantly. Moreover since the price of goods and services is the typical subject of meetings, the committees do not seem to properly play the role of a consumer protection policy authority. Contents of the general policy for consumer protection of many self-governments are simple description of detailed practicing plans according to the general consumer protection policy of the national government. By criticizing the problems aroused during the study of consumer protection policy of self-governments, suggestions are given which will help for the development of consumer policy of wide area self-governments.

• Informatization Policy
• /
• v.25 no.3
• /
• pp.29-51
• /
• 2018

As the core technology of the Fourth Industrial Revolution, the Internet of Things has been developed and has enabled various services, and personal information has been handled freely in the process. However, the infringement threat of personal information is increasing as more convenient services are provided and more information devices including smart devices are connected to the network. Therefore, this study is to analyze prioritizing personal information protection policy indicators in order to provide IoT services by constructing secure environment for implementing the Internet of things as the core technology of the 4th Industrial Revolution. This study reviewed personal information protection policy indicators based on the literature survey, and identified 3 fields, 9 areas, and 25 indicators through Delphi analysis for experts. The weights were calculated based on the AHP survey for 66 experts and the results were used to present the relative importance and priority of the policy indexes. The results of this study found the policy field was the most important, followed by the technical field, and the administrative field. Of the three areas of the policy field, strengthening the personal information protection laws related to IoT is the most important, while among the indicators, promoting and revising the personal information protection law related to IoT is the most important. Comparisons of the fields, areas, and indicators of IoT-related personal information protection policies found consistent values. The personal information protection policy indicators derived this way will contribute to the nation's competitiveness by expanding secure IoT policies in the future.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1037-1055
• /
• 2016

After the enactment of the Personal Information Protection Act, policies and activities for the personal information protection have been actively promoted. However the people are showing negative attitudes about personal information, as the ongoing personal data leakages. Therefore, authors tried to empirical analysis of the effectiveness of national policy on the protection of personal information, using SERVQUAL model, focused on the people's perception, in order to identify that how the people recognized current policy. Authors find that the public has perceived the effectiveness of the policy positively, but the level of their awareness is low. And we identify that the people are highly aware of the policy's effectiveness for Immediacy, Convenience and Responsibility, while they have the lowest effectiveness for Efficiency. The policy's improvement focused on the public's low expectations/perceptions and effectiveness awareness, is required in order to develop people-oriented national privacy policy that are satisfied by the people.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.107-115
• /
• 2012

The level of information protection is relatively low, in comparison with the informatisation in this country. The budget for information protection is also quite marginal at 5% of the entire information-related policy budget. The passive information protection practices by companies, which focus more on the aftermaths, lead to repeated expenses for risk management. The responses to the violation of information protection should be changed from the current aftermaths-oriented focus to prevention and early detection of possible violations. We should also realize that the response to a violation of protected information is not a responsibility of an individual but a joint responsibility of the nation and the industry. South Korea has been working towards to building a systematic foundation since 2004 when guidelines were announced regarding the information protection policy and the safety diagnosis. The current level of safety policies cannot provide a perfect protection against actual violation cases in administrative, technological and physical ways. This research evaluates the level of prevention that the current systematic protection policy offers, and discusses its limitation and possible ways for improvement. It also recommends a list effective measures for protection against information violation that companies can employ to maintain the actual target safety level.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.13 no.1
• /
• pp.37-48
• /
• 2017

As the risk of technical leakage is increasing, technology protection support systems for small and medium-sized businesses have gained attention. This paper analyzed the perception gap of the user and policy-maker regarding technology protection support systems. First, to identify key elements of technology protection support systems and construct measurement factors, interviews with experts are conducted. Then, surveys are conducted to analyze the perception differences between the users and policy-makers. Factor analysis and ANOVA have been utilized to analyze survey results. The result shows that the perception gaps exist in the following areas: management system, cost reduction, copyright protection, customer satisfaction, leakage prevention, and awareness. To enhance the effectiveness of technology protection support systems, this paper suggests technology protection support systems should be customized in terms of the company's size and type of busines.

• Journal of Information Technology Services
• /
• v.22 no.6
• /
• pp.1-15
• /
• 2023

This study compares and analyzes the legal systems of Korea, the European Union, China, and the United States based on the disclosure principles and processing policies for personal data processing and provides references for seeking improvements in our legal system. Furthermore, this research aims to suggest institutional implications to overcome data transfer limitations in the upcoming digital economy. Findings on a comparative analysis of the relevant legal systems for disclosing privacy policies in four countries showed that Korea's privacy policy is under the eight principles of privacy proposed by the OECD. However, there are limitations in the current situation where personal information is increasingly transferred overseas due to direct international trade e-commerce. On the other hand, the European Union enacted the General Data Protection Regulation (GDPR) in 2016 and emphasized the transfer of personal information under the Privacy Policy. China also showed differences in the inclusion of required items in its privacy policy based on its values and principles regarding transferring personal information and handling sensitive information. The U.S. CPRA amended §1798.135 of the CCPA to add a section on the processing of sensitive information, requiring companies to disclose how they limit the use of sensitive information and limit the use of such data, thereby strengthening the protection of data providers' rights to sensitive information. Thus, we should review our privacy policies to specify detailed standards for the privacy policy items required by data providers in the era of digital economy and digital commerce. In addition, privacy-related organizations and stakeholders should analyze the legal systems and items related to the principles of personal data disclosure and privacy policies in major countries so that personal data providers can be more conveniently and accurately informed about processing their personal information.

• The Journal of Society for e-Business Studies
• /
• v.21 no.2
• /
• pp.135-150
• /
• 2016

As the privacy issues are all around the world, the intrusion into personal privacy is concerning. For that reason, government established the article from the personal information protection law that has to notice the privacy policy to users on the online site. and the matter of privacy invasion make concern toward behavior of online user. Although there are rules to carrying legal binding force in accordance with, because it is full of text and uncomfortable to read so that its readability is low. In the same context, each other has different state of understanding with the policy for personal information has been playing an important role. In this approach, companies and government do not think this over deeply and do just for what their practical use is. That is the reason why this research start, and the result expecting for real. As the result in the participant who cognize the privacy policy display pattern, they have certain type to do. In this article, the certain behavior doing is remarkable with the privacy policy. According to privacy concern, privacy fundamentalist reveals such a compromise reaction to protect their information when they know what information which the privacy manager of service provider collect. This study arrives at the result depending on the gap of privacy group that the group of checking the policy contents, especially the group which has high privacy concern, they move forward to protect their emotion and put a constructive plan into protective action. Otherwise, the group of unchecking the policy contents and following their own thinking of privacy policy are not deemed statistically significant. Therefore, this is considered to support more various implications than the previous issues and alternatives about privacy policy pattern and user protection behavior of privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.53-63
• /
• 2011

An SNS(Social Network Service) enables people to form a social network on online as in the real world. With the rising popularity of the service, side effects of SNSs were issued. Therefore we propose and implement a policy-based privacy protection module and access control policy language for ensuring the right of control of personal information and sharing data among SNSs. The policy language for protecting privacy is based on an attribute-based access control model which grants an access to personal information based on a user's attributes. The policy language and the privacy protection module proposed to give the right of control of personal information to the owner, they can be adopted to other application domains in which privacy protection is needed as well as secure sharing data among SNSs.