• Journal of Information Processing Systems
• /
• v.6 no.2
• /
• pp.185-196
• /
• 2010

This paper proposes a personal information protection model that allows a user to regulate his or her own personal information and privacy protection policies to receive services provided by a service provider without having to reveal personal information in a way that the user is opposed to. When the user needs to receive a service that requires personal information, the user will only reveal personal information that they find acceptable and for uses that they agree with. Users receive desired services from the service provider only when there is agreement between the user's and the service provider's security policies. Moreover, the proposed model utilizes a mobile agent that is transmitted from the user's personal space, providing the user with complete control over their privacy protection. In addition, the mobile agent is itself a self-destructing program that eliminates the possibility of personal information being leaked. The mobile agent described in this paper allows users to truly control access to their personal information.

• Journal of Information Technology Applications and Management
• /
• v.29 no.3
• /
• pp.57-74
• /
• 2022

Recently, big data services have been used in various fields. In this situation, this research studied the intention to provide personal information from users, which is necessary to provide useful big data services. A survey was conducted on college students and ordinary people who have understood big data services. And path analysis was performed through Amos' structural equation. As a result of the study, it was found that privacy risks, trust in service providers, individual innovativeness, service incentives, social influence, and service design are major variables influencing the intention to provide personal information. And it was found that trust in service providers plays a mediating role in influencing the intention to provide personal information. In addition, big data services were classified into types for information acquisition and types related to purchase. Accordingly, it was further analyzed whether major variables differ in the path affecting the intention to provide personal information, and new implications were found. Companies that actually develop and provide big data services should establish different strategies by reflecting research results depending on the type of big data service provided.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.151-159
• /
• 2014

Recently, spread of large amount Smartphones made users to download location-based service applications, which provided by application developers. These location-based service applications are convenient tool for users. Location-based service use technology to find location of user and provide information of user's location. Leakage of information of user's location and expose of privacy life raised new controversy. In this thesis, it will analyze relations of increase of Smartphone market, usage of Location-based service and severity of personal information leakage. Also, it will analyze examples of user's case of damage which caused by leakage personal information and find solutions to reduce damage of personal information leakage. In research, it will find cases of damage that cause by Location-based service. Also it will analyze and research cases of damage and present with graph and chart. In conclusion, to reduce and prevent from damage which caused by leakage personal information, it is important that users and application developers to realize danger of private and personal information leakage. Also, user's personal information must deal with cautiously and application developers have to research and develop the application with powerful security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.244-259
• /
• 2021

The economic value of personal information has its importance as an objective measure of valuation in commercial, legal, and policy areas. Until recently, however, personal information subjects have not properly recognized the economic value of personal information, which has led to the inability to exercise the right to self-determination of personal information by unconsciously agreeing to the terms and conditions of personal information service without recognizing the value of personal information provided to the service provider when subscribing to a specific service. Therefore, we will examine the methodologies for calculating the economic value of personal information and the practical guarantee of the right to self-determination of personal information and analyze the economic value of personal information through a survey. Also, we would like to propose various ways for the subject of personal information with limited cognitive resources to visually accept the economic value of personal information required by the terms and conditions and suggest the optimal visualization of personal information economic value to exercise the right to self-determination of personal information. To do so, in this paper, we have conducted two survey experiments to estimate the economic value of personal information. Based on the price of personal information by category retrieved from surveys, we have visualized the price of personal information in various forms and asked respondents to choose the optimal infographic that best represents the value of personal information visually. As a result, we have proposed an optimal usage of the infographic to 'nudge' information subjects about their right to self-determination of personal information, therefore opening the possibility of diminishing privacy paradox.

• Journal of Convergence for Information Technology
• /
• v.10 no.7
• /
• pp.20-32
• /
• 2020

This study is to develop and provide a personal information protection framework that enables IoT service providers to safely and systematically operate personal information of IoT service subjects in the overall process of providing IoT devices and services. To this end, a framework for personal information framework was derived through literature survey, and FGI with experts, it was divided into three stages, each of three stages: IoT service provision process and IoT personal information processing process. The study conducted an e-mail survey of related experts using AHP techniques to determine the importance of the components of the selected personal information protection framework. As a result, in the IoT service provision process, the IoT product and service design and development stage (0.5413) is the most important, and in the IoT personal information processing process, personal information protection in the collection and retention of personal information (0.5098) is the most important. Therefore, based on this research, as the IoT service is spreading, it is expected that a safe personal information protection framework will be realized by preventing security threats and personal information infringement accidents.

• Journal of Information Technology Services
• /
• v.19 no.1
• /
• pp.37-53
• /
• 2020

Today, our society is exposed to cyber threats, such as the leakage of personal information, as various systems are connected and operated organically with the development of information and communication technology. With the impact of these cyber risks, we are experiencing damage from the virtual world to the physical world. As the number of cases of damage caused by cyber attacks has continued to rise, social voices have risen that the government needs to manage cyber risks. Thus, information and telecommunication service providers are now mandatory to have insurance against personal information protection due to amendment of "the Act on Promotion of Information and Communication Network Utilization and Information Protection". However, the insurance management system has not been properly prepared, with information and communication service providers selecting the service operators based on sales volume rather than selecting them based on the type and amount of personal information they store and manage. In order for the personal information protection liability insurance system to be used more effectively in line with the legislative purpose, effective countermeasures such as cooperation with the government and related organizations and provision of benefits for insured companies should be prepared. Thus, the author of this study discuss the current status of personal information protection liability insurance system and the issues raised in the operation of the system. Based on the results of this analysis, the authors propsoe tasks and plans to establish an effective personal information protection liability insurance system.

• The Journal of Society for e-Business Studies
• /
• v.20 no.4
• /
• pp.77-102
• /
• 2015

FinTech service industry has been growing rapidly around the world. It has driven innovation in financial and payment service industry with different channels such as mobile based on Information and Communications Technology (ICT). However, FinTech service is vulnerable to different security threats due to use the valuable data such as personal information and financial information. It is undeniable that collection and use of those information may increase the possibility of identity theft or privacy breach. In this paper will develop a self-checklist for the Simple Payment service users (Privacy Pragmatists) who want to make a rational decision to protect their personal information. The checklist is going to let the users assess the personal information protection by performing the assessment themself when they use the service. The body of this paper is going to analyze the items of the checklist and through the analysis, will suggest a security policy for personal information protection of FinTech service.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1245-1255
• /
• 2015

As cloud computing services become popular, the concern on the data security of cloud services increases and the efforts for the data security become essential. In this paper, we describe the pros and cons of cloud computing including the definition of cloud. Then, we discuss the regulations about the protection of user data defined in cloud promotion act. Previous studies related to the privacy protection and the entrustment of personal information in cloud computing are reviewed. We examine how to store the personal information depending on the cloud service model. As a result, we argue that the entrustment of personal information should vary according to the cloud service model and we propose how to protect the personal information on IaaS and SaaS cloud service models.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.2
• /
• pp.239-251
• /
• 2014

The personal cloud is a service which approaches the personal contents scattering to all terminals and online space at the personal information-oriented age in which the person's digital device including the Smart-phone, MID, PC, IPTV and etc, increases and the personal online service including the blog, E-mail, UCC, social network service and ect, rapidly increasing for the cloud computing regardless of the terminal anywhere independently and can provide the high vale added personalization service through the analysis of the contents and processing. The future of the personal cloud market is prospected through the service and technology which enhances the understanding about the cloud computing, that is the next generation IT paradigm which the world IT companies pay attention to, and is provided and business strategy analysis of the security and normalizing and related companies.