• 정보보호학회논문지
• /
• 제23권4호
• /
• pp.781-797
• /
• 2013

오늘날 기업들은 비용절감, 업무의 효율성, 서비스 품질 향상 등의 이유로 외부 기업 또는 개인사업자에게 개인정보 처리 업무를 위탁 운영하는 경우가 증가하고 있다. 하지만, 개인정보 처리 업무 위탁 즉, 수탁사가 증가할수록 제공되는 개인정보의 종류와 량이 증가하며, 이에 따른 관리 포인트와 보안 위협도 함께 증가하게 된다. 따라서, 본 연구에서는 개인정보 처리 업무 위탁 시 준수해야 할 법률사항을 분석하고, 현재 개인정보 처리 업무를 위탁 받아 사업을 진행하는 수탁사들의 개인정보보호 수준 분석 및 문제점을 도출하여 기업이 개인정보 처리 업무 위탁에 있어서 개인정보를 보호하고 수탁사들을 효과적으로 관리 감독할 수 있는 방안에 대하여 제안하고자 한다.

• 융합정보논문지
• /
• 제8권1호
• /
• pp.179-185
• /
• 2018

빅데이터는 이제 더 이상 미래 혁신의 아이콘이 아니라 인류가 당면한 과제를 해결하기 위한 하나의 수단으로써 공고히 자리매김해 가고 있다. 빅데이터의 활용과 개인정보 보호는 분명 양면성을 갖고 있다. 데이터의 활용을 강조할 경우 개인이 공개를 원하지 않는 사생활은 필연적으로 침해 될 것이고, 개인정보 보호를 강조할 경우 어설픈 수준의 빅데이터 연구만 가능해 공공의 목적을 달성 하는데 어려움을 겪을 수 있다. 본 연구에서는 개인정보 침해의 문제점을 알아보고 빅데이터의 활용과 개인정보의 보호를 하기 위해서 취합하는 빅데이터를 익명화하는 방안을 제시하였다. 이를통해 빅데이터 활용 뿐만 아니라 개인정보 침해의 문제점을 해결할 수 있을 것으로 보인다.

• 아동학회지
• /
• 제37권6호
• /
• pp.119-132
• /
• 2016

Objective: The purpose of this study was to analyze the operation and personal information management of public and private kindergarten homepages. Methods: A total of 2,846 kindergartens were selected from the I-Sarang portal service for analyzing operation, and 217 self-operating homepages were selected for evaluating management. Seven evaluation items from three domains (information gathering procedures and scope, information security, and management of file exposure protection) were used. Wireshark and Google were used for analyzing some evaluation items. Results: The operating ratio of kindergarten homepages was low and most of the kindergartens self-operated their homepages. The evaluation of the information gathering procedures and scope showed that the rule of consent process was not rigidly followed but that the rule of legality for information gathering was followed. Items related to information security were followed at very low levels. As for the management of file exposure protection, the evaluation of items related to the prevention of attachment disclosure showed that the rule of protecting personal information included in an attached file was followed but that the notice regarding information protection was not. Across all evaluation items, the level of personal information management was higher in public (vs. private) kindergartens. Conclusion: These results indicate methods to more securely and effectively manage personal information on kindergarten homepages.

• 보건의료산업학회지
• /
• 제14권1호
• /
• pp.103-110
• /
• 2020

Objectives: In this paper, we propose the ethical education direction by analyzing the personal information recognition and practice of music therapists. Methods: For the analyses, we selected 60 music therapists who answered a questionnaire from members of K Music Therapy Association, and analyzed task recognition and practice ask performance using IPA method. Results: In the IPA table, the areas of high recognition and practice (1) are the areas of personal information protection information management. In the IPA table, the areas of low awareness and high practice (2) are areas of privacy communication for those who have completed ethics education. In the IPA table, the areas of low awareness and low practice (3) are areas of privacy communication when ethics education is not completed. In the IPA table, areas of high awareness and low levels of practice (4) are areas of privacy protection. Conclusions: Continuing education should be provided to improve the curriculum on the protection of personal information for music therapists, thereby raising the awareness and practice of privacy.

• 디지털산업정보학회논문지
• /
• 제8권3호
• /
• pp.33-39
• /
• 2012

Since the passing of the Personal Information Act in March 2011 and its initial introduction in September, over the one year to date diverse security devices and solutions have been flowing into the market to enable observance of the relevant laws. Beginning with security consulting, corporations and institutions have focused on technology-based business in order to enable observance of those laws competitively in accordance with 6-step key procedures including proposal, materialization, introduction, construction, implementation, and execution. However there has not been any investment in human resources in the field of education such as technology education and policy education relative to the most important human resources field nor investment in professionals in the organization for the protection of personal information or in human resources for operating and managing IT infrastructure for actual entire personal information such as special sub-organizations. In this situation, as one process of attracting change from the nature of the technology-based security market toward a professional human resource-based security infrastructure market, it is necessary to conduct research into standardization modeling concerning special organizational composition and a management system for the protection of personal information.

• 정보보호학회논문지
• /
• 제29권6호
• /
• pp.1437-1446
• /
• 2019

각종 개인정보 유출사고를 계기로 정부에서는 강화된 개인정보보호 대책을 시행하였고, 금융회사들은 정부 대책에 의거 개인정보 오남용 여부를 주기적으로 점검하는 등 노력을 기울이고 있지만 개인정보 오남용 문제는 여전히 개선되지 않고 있는 실정이다. 본 연구는 금융회사 직원을 대상으로 개인정보 오남용 모니터링 시스템을 이용한 현장실험 결과를 분석하여 오남용 문제 개선방안을 제시하고자 한다. 특별억제이론에 기반하여 오남용 행위자를 조치 하는 방법에 따른 오남용 방지 효과를 확인하고, 오남용 행위자들의 담당업무 및 근속연수와 오남용 행위 간의 관련성을 분석하였다. 분석결과를 바탕으로 제시하는 개선방안들이 실효성 있는 정책수립에 활용되기를 기대한다.

• 융합정보논문지
• /
• 제11권1호
• /
• pp.71-79
• /
• 2021

본 연구는 빅데이터 산업과 디지털 광고 산업의 발전을 위한 비식별개인정보의 활용이라는 측면과 개인정보 보호 측면 사이의 갈등 관점에서 조망해보았다. 본 연구는 연구목적을 달성하기 위하여, 논문, 법조문, 행정 규정, 최근 언론 기사 등 문헌연구 중심으로 진행하였다. 특히 본 연구 주제 관련 국내외 현황과 제도 자료를 심층적으로 분석하였다. 본 연구 결과 디지털 맞춤형 광고에서의 비식별개인정보 보호 관련 주요 쟁점으로 '광고표현의 자유와 개인 인격권과의 상충', '식별 불가능한 정보의 개인정보화; '정보의 불균형'에 대해 분석하였으며, 이와 관련 디지털 맞춤형 광고에서의 비식별개인정보 보호 방안으로 '광고표현의 자유와 개인 인격권과의 조화' '고지와 동의 절차의 개선', '개인정보통제권의 강화'를 제안하였다. 본 연구는 현재 디지털 맞춤형 광고에서 비식별개인정보가 활발히 활용되고 있는 상황에서 비식별개인정보의 활용과 개인정보 보호에 대해 살펴보았다는 점에서 연구의 의의를 찾을 수 있다. 향후에는 본 연구 주제 관련 사례와 판례 중심으로 분석할 필요가 있다.

• International Journal of Computer Science & Network Security
• /
• 제23권10호
• /
• pp.57-66
• /
• 2023

Since 2009, Morocco has had a law governing the processing of personal data, the law 09-08, and a supervisory authority, the CNDP (National Commission for the Protection of Personal Data). Since May 2018, the European General Regulation on the Protection of Personal Data (GDPR) entered into force, which applies outside the EU in certain cases and therefore to certain Moroccan companies. The question of the protection of personal data is primarily addressed to the customer. The latter may not only be a victim of crime linked to ICT, but also have to face risks linked to the collection and abusive processing of his personal data by the private and public sectors. Often the customer does not really know how their data is stored, nor for how long and for what purpose. This fact raises the question of satisfying customer requirements, in particular for organizations that have adopted a quality approach based on ISO 9001 standard.In order to master these constraints, Moroccan companies have to adopt strategies based on modern quality management techniques, especially the adoption of principles issued from the international standard ISO 9001 while being confirmed by the law 09-08. It is through ISO 9001 and the law 09-08 that these companies can refer to recognized approaches in terms of quality and compliance. The major challenge for these companies is to have a Quality approach that allows the coexistence between the law 09-08 and ISO 9001 standard and this article deals within this specific context.

• 디지털산업정보학회논문지
• /
• 제18권1호
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• 대한가정학회지
• /
• 제37권10호
• /
• pp.55-66
• /
• 1999

The purpose of this study is to propose consumer policy related to the protection of personal information on the basis of regulations and laws in the developed countries. From this study, implications for the protection consumer privacy are discussed as follows. First, Consumer education is needed to enhance consumers'knowledge on their privacy right and this should be done not only by private consumer organization but also by businesses. Second, Businesses should realize ethical responsibilities of consumers'privacy right when they use personal information by databasemarketing. Finally, Government should establish a privacy law concerning both public and private sectors.