• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.597-613
• /
• 2024

MyData is an approach of personal data management, which grants data subjects the right to decide how to use and where to provide their data. With the explicit consent of the subjects, service providers can collect scattered data from data sources and offer personalized services based on the collected data. In existing service models, personal data saved in data storage can be shared with data processors of service providers or third parties. However, once personal data are transferred to third-party processors, it is difficult for data subjects to trace and control their personal data. Therefore, in this paper, we propose a cloud model where both data storage and processor are located within a single cloud, ensuring that data do not leave the cloud.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.4
• /
• pp.227-232
• /
• 2014

Recent development and generalization of Internet technology contributes to the large scale of commerce and capital followed by appearance and growth of large portal sites. As a result, the personal data on the Internet not deleted for a long period of time is a new risk factor, for example, the invasion of people's privacy. In particular, exposing personal data like witch-hunts is a critical issue so that the person concerned cannot carry on with normal life. This study suggests the necessity of the right to request personal data deletion related to a person concerned on Internet sites, a method of introducing the right in Korea, and a method of improving the application.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.113-120
• /
• 2021

The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

• International Journal of Contents
• /
• v.13 no.1
• /
• pp.22-30
• /
• 2017

The diffusion of advanced mobile technology has introduced new types of personal information or 'location data'. These new data mean new opportunities for businesses, such as location-based services (LBS), but have resulted in new consumer anxieties regarding disclosure of personal information. This study examines the effects of the consumers' perceived control over "time-andplace" information in location-aware services on their perceived privacy risk. A total of 270 respondents participated in this study. Conditions of perceived privacy control were operationalized over time-and-place information, in a $2{\times}2$ factorial design. Results indicate that the perceived control over time-and-place personal information is a significant predictor of perceived risk, and control assurances over time-and-place information enhances the perception of control, thus alleviating the perceived risk. In addition, the effect is much more significant when time and place were combined.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.14 no.5
• /
• pp.2415-2421
• /
• 2013

Widespread personal data utilization has led personal data protection to its importance at core, and serious data spill has increased constantly as a result. Though various types of protection systems for data spill have been suggested, all these met failures in detection of personal data when printed out or preventing fatal data exposure without any protections when data spill happens. I propose API-Hook method which detects and controls personal data within printouts, and prevents data leakage through masking on the printed-out data. Also, it is verified if security is guaranteed on the documents containing personal data when implementing. In order to obtain security, it is essential to put more weights on the balance with availability than confidentiality.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.10
• /
• pp.43-48
• /
• 2016

This study is to examine how big data collects user's information and is used; the status quo of exposures of user's information, and various measures of self-control by the user. This study is also to look their ethical issues and discuss problems of privacy concerning big data. As a way for users to self-control their information, they need to check the log-in state of web portal sites and set up their account so that customized advertisement and location information cannot be tracked. When posting a blog, the value of posting should be controlled. When becoming a member of a web site, users must check the access terms before agreement and beware of chained agreements and/or membership joins in order to control the exposure of their personal information. To prevent information abuse through big data through which user's information is collected and analyzed, all users must have the right to control, block or allow personal information. For an individual to have the right to control over his information, users must understand the concept of user's information and practice ethics accompanied by newly given roles in the Internet space, which will lead to the establishment of the sound and mature information society on the Internet.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.32 no.7C
• /
• pp.667-673
• /
• 2007

In order to provide the efficient personalized services, the organizations and the companies collect and manage the personal information. The stored data have some slight differences among each subject. Even though the same attribute information leaks out, the personal privacy violation is different according to personal sensitivity. However, currently the organizations or the companies protect all the information as the same level. This paper reflects the sensitive attribute information of the information subject to each personal policy by the encrypting techniques. And then we propose a policy-based access control mechanism for the personal information which strictly prevents unauthorized information users from illegally accessing the personal information. In the proposed mechanism, the individuals' personal information which is encrypted with different keys is stored into the database. For the access control, information subjects set up their own access control policy for their sensitive personal information. Then it is possible to control the information access by providing the information to the information users according to personal and organizational privacy policy.

• Journal of Korean society of Dental Hygiene
• /
• v.13 no.3
• /
• pp.369-376
• /
• 2013

Objectives : The objectives of this study is to investigate the handwashing and use of personal protection equipment in dental hygienists and provide the basic data for dental infection control guideline. Methods : A questionnaire survey was performed in the dental hygienists who participated in the continuing education by the Daejeon City Commission in October 2012. The collected data were analyzed using PASW 18.0. Results : Handwashing was well practiced in group working for 3 to 5 years of employment. Those who took the infection cnotrol training used liquid soap, paper towel, dental mask, protective goggles, face shield, and gloves. Conclusions : Infection control is the most important practice in dental hygienists. So it is necessary to emphasize the inportnace of personal protection equipment including medical gloves, dental mask, and goggles.

• Journal of Institute of Control, Robotics and Systems
• /
• v.3 no.3
• /
• pp.318-322
• /
• 1997

A prototype of combustion zone monitoring system as been developed and installed into tuyeres of the blast furnace. The system consists of CCD(charge coupled device) cameras, sonic flow meters, an image processor and a personal computer. The personal computer collects raceway luminance data and operational data from the image processor that is connected to the color CCD camera from the blast furnace process computer, respectively. In addition, the sonic flow meters supply coal injection rate data to the personal computer. Then, the personal computer evaluates the combustion conditions with the raceway inspection algorithm. This integrated monitoring system allows us to detect abnormal raceway conditions and the clogging status of coal injection pipe. The image processing techniques of the system enable us to effectively monitor unburnt coal sticking to tuyere tip and injection lance wear conditions. Such a developed system ensures rapid and precise raceway inspection. The image processing capability of the system has helped operator to early detect both the unburnt coal sticking problem and the errosion problem of injection lance. Furthermore, the system could control the abnormal raceway condition based the the analysis results obtained from combustion monitoring.