• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.397-409
• /
• 2014

According to the Personal Information Protection Act(PIPA) which is legislated in March 2011, the individual or company that handles personal information, called Personal information processor, should encrypt some kinds of personal information kept in his Database. For convenience sake we call it DB Encryption in this paper. Law enforcement and the implementation agency accordingly are being strengthen the supervision that the status of DB Encryption is being properly applied and implemented as the PIPA. However, the process of DB Encryption is very complicate and difficult as well as there are many factors to consider in reality. For example, there are so many considerations and requirements in the process of DB Encryption like pre-analysis and design, real application and test, etc.. And also there are surely points to be considered in related system components, business process and time and costs. Like this, although there are plenty of factors significantly associated with DB Encryption, yet more concrete and realistic validation entry seems somewhat lacking. In this paper, we propose a realistic DB Encryption Assurance Framework that it is acceptable and resonable in the performance of the PIPA duty (the aspect of the individual or company) and standard direction of inspection and verification of DB Encryption (the aspect of law enforcement).

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.20 no.2
• /
• pp.492-497
• /
• 2019

This study analysed the legal concept of personal information(PI), which was not differentiated from behavioral information, and established it clearly for invigorating online targeted advertising(OTA), which draw attention in big data era; by selecting Guidelines of Assessment of Data Breach Incident Factors and Guidelines of Measures for No-Identifying Personal Information based on Personal Information Protection Act(PIPA) and Enforcement Decree of the PIPA. As a result, PI was defined as any kind of information relating to (1)a living individual(not group, corporate body or things etc.); (2)makes possibly identify the individual by his or her identifiers such as name, resident registration number, image, etc. (not included if not identify the individual); and (3)including information like attribute values which makes possibly identify any specific individual, if not by itself, but combined with other information which can be actually collected and combined). Specifically, PI includes basic, proper distinguishable, sensitive and other PI. It is suggested that PI concept should be researched continually with digital technology development; the effectiveness of the Guidelines of PI Protection in OTA, the legal principles of PI protection from not only users' but business operators' perspectives and the differentiation between PI and behavioral information in OTA should be researched.

• Industry Promotion Research
• /
• v.9 no.1
• /
• pp.47-55
• /
• 2024

In the transportation sector, reducing total vehicle mileage and passenger vehicle traffic are proposed as strategies to achieve carbon neutrality. To achieve this, MaaS services must be actively promoted with the goal of revitalizing public transportation. In order to promote MaaS, individual movement data is required, such as the individual's means of movement, route, and conversion of the individual's means of use. However, in Korea, there are legal limitations in collecting and utilizing data on individual movements. As the right to request transmission of personal information was newly established in the revised Personal Information Protection Act in 2023, a law was established to collect and utilize data on individual movements. However, enforcement ordinance, detailed rules, instructions, guidelines must be prepared, and the standardization of data format and transmission system for collecting my data needs to take precedence.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1267-1276
• /
• 2013

Cloud consumers who use cloud computing services are obliged to review and monitor the legal compliance of cloud providers who are consigned the processes of the PII (personally identifiable information) from them. This paper presented possible scenarios for cloud PII outsourcing and suggested PIMS (personal information management system) controls for outsourcing management between cloud consumers and cloud providers by analyzing both international standards and domestic certification schemes related to cloud computing and/or privacy management based on the legal obligations for PII outsourcing from Korean "Personal Information Protection Act (PIPA)". The controls suggested can be applicable for developing the guidance of complying with privacy laws in organizations or the checklist of PII outsourcing management in PIMS certification.