• 제목/요약/키워드: Personal data

검색결과 5,555건 처리시간 0.033초

MyData Personal Data Store Model(PDS) to Enhance Information Security for Guarantee the Self-determination rights

  • Min, Seong-hyun;Son, Kyung-ho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • 제16권2호
    • /
    • pp.587-608
    • /
    • 2022
  • The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

Framework for assessing responsiveness to personal data breaches based on Capture-the-Flag

  • Oh, Sangik;Kim, Byung-Gyu;Park, Namje
    • Journal of Multimedia Information System
    • /
    • 제7권3호
    • /
    • pp.215-220
    • /
    • 2020
  • Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

개인정보 처리정지 요청을 실시간 반영하는 모델 연구 (Research on a Model that reflects requests to suspend processing personal data in real time)

  • 홍윤희;여상수
    • Journal of Platform Technology
    • /
    • 제12권1호
    • /
    • pp.141-150
    • /
    • 2024
  • 개인정보보호는 국내외를 막론하고 그 중요성이 더욱 강조되고 있으며, 국외에서는 관련정책과 동적 관리 기술을 다양하게 적용하고 있지만 우리나라에서는 법령 준수와 기술 적용 간의 일부 괴리가 존재하며, 정보주체의 개인정보 처리정지를 편리하게 제공하는 사용자 인터페이스가 거의 없는 상황이다. 본 연구에서는 먼저 개인정보 동의 동적 관리 기술의 필요성과 관련 산업의 실태 그리고 발전 가능성을 전망한다. 다음으로 국내 개인정보보호 법령을 엄격히 준수하면서도 정보주체의 개인정보 자기결정권을 최대한 보장하는 개인정보 동의 동적 관리 기본 모델을 제시하였다. 특히, 개인정보 처리정지와 관련된 국내 법령상 근거와 개인정보 동의 동적 관리 인터페이스 기본 모델을 설계하고, 그 효과성을 분석하여 제시한다. 본 연구의 결과를 통해서 제안된 개인정보 이용 동의에 대한 동적관리 모델은 앞으로 다양한 웹사이트 및 애플리케이션 등에 다각적으로 활용될 수 있을 것으로 예상한다.

  • PDF

The Personal Data Protection Mechanism in the European Union

  • Syroid, Tetiana L.;Kaganovska, Tetiana Y.;Shamraieva, Valentyna M.;Perederiі, Оlexander S.;Titov, Ievgen B.;Varunts, Larysa D.
    • International Journal of Computer Science & Network Security
    • /
    • 제21권5호
    • /
    • pp.113-120
    • /
    • 2021
  • The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

마이데이터 모델을 활용한 개인정보 이용내역 통지 방안 연구 (A Study on Notification Method of Personal Information Usage History using MyData Model)

  • 김태경;정성민
    • 디지털산업정보학회논문지
    • /
    • 제18권1호
    • /
    • pp.37-45
    • /
    • 2022
  • With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

출력물에서의 개인 정보 제어 및 보안에 관한 연구 (A Study on Personal Information Control and Security in Printed Matter)

  • 백종경;박재표
    • 한국산학기술학회논문지
    • /
    • 제14권5호
    • /
    • pp.2415-2421
    • /
    • 2013
  • 개인 정보의 이용이 사회 전반적으로 보편화되면서 이에 대한 중요성이 점차 부각되고, 개인 정보 유출사례가 증가하고 있다. 여러 가지 개인 정보 유출방지 방안이 제안되었으나 프린트 출력 시 개인 정보 유출 및 제어에 있어 기존 방안들은 검출이 되지 않거나 외부로의 유출 시 개인정보가 노출이 되는 단점들이 있다. 본 논문에서는 API-Hook 방법을 사용하여 출력물에 대해 개인정보를 검출하여 제어하고, 출력 된 문서에 대해서는 마스크하여 개인정보의 노출을 보안하는 방법을 제시한다. 또한 실제로 구현하여 개인정보가 포함 된 문서에 대해 보안을 보장 여부를 확인 하였다. 보안을 위해 기밀성만을 중요시하기 보다는 가용성과의 조화가 필요하다.

Exploratory Study on the Media Coverage Trends of Personal Information Issues for Corporate Sustainable Management

  • 이다빈;최예지;변재욱;장항배
    • 인터넷정보학회논문지
    • /
    • 제25권4호
    • /
    • pp.87-96
    • /
    • 2024
  • Information power has been a major criterion for wealth disparity in human history, and since the advent of the Fourth Industrial Revolution, referred to as the data economy era, personal information has also gained economic value. Additionally, companies collect and analyze customer information to use as a marketing tool, providing personalized services, making the collection of quality customer information crucial to a company's success. However, as the amount of data held by companies increases, crimes of stealing personal information for financial gain have surged, making corporate customer information a target for criminals. The leakage of personal information and its circumstances lead to a decline in corporate trust from the customer's perspective, threatening corporate sustainability with falling stock prices and decreased sales. Therefore, companies find themselves in a paradoxical situation where the utilization of personal information is increasing while the risk of personal information leakage is also growing. This study used the news big data analysis system, BIG KINDS, to analyze major keywords before and after media coverage on personal information leaks, examining domestic media coverage trends. Through this, we identified the impact of personal information leakage on corporate sustainability and analyzed the connection between personal information protection and sustainable corporate management. The results derived from this study are expected to serve as foundational data for companies seeking ways to enhance sustainable management while increasing the utilization of personal information.

A Strategy Study on Sensitive Information Filtering for Personal Information Protect in Big Data Analyze

  • Koo, Gun-Seo
    • 한국컴퓨터정보학회논문지
    • /
    • 제22권12호
    • /
    • pp.101-108
    • /
    • 2017
  • The study proposed a system that filters the data that is entered when analyzing big data such as SNS and BLOG. Personal information includes impersonal personal information, but there is also personal information that distinguishes it from personal information, such as religious institution, personal feelings, thoughts, or beliefs. Define these personally identifiable information as sensitive information. In order to prevent this, Article 23 of the Privacy Act has clauses on the collection and utilization of the information. The proposed system structure is divided into two stages, including Big Data Processing Processes and Sensitive Information Filtering Processes, and Big Data processing is analyzed and applied in Big Data collection in four stages. Big Data Processing Processes include data collection and storage, vocabulary analysis and parsing and semantics. Sensitive Information Filtering Processes includes sensitive information questionnaires, establishing sensitive information DB, qualifying information, filtering sensitive information, and reliability analysis. As a result, the number of Big Data performed in the experiment was carried out at 84.13%, until 7553 of 8978 was produced to create the Ontology Generation. There is considerable significan ce to the point that Performing a sensitive information cut phase was carried out by 98%.

보건의료정보의 법적 보호와 열람.교부 (A Study on Legal Protection, Inspection and Delivery of the Copies of Health & Medical Data)

  • 정용엽
    • 의료법학
    • /
    • 제13권1호
    • /
    • pp.359-395
    • /
    • 2012
  • In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

  • PDF

데이터 경제를 위한 개인 데이터 저장 기술 동향 (Trends in Personal Data Storage Technologies for the Data Economy)

  • 정희영;이승윤
    • 전자통신동향분석
    • /
    • 제37권5호
    • /
    • pp.54-61
    • /
    • 2022
  • Data are an essential resource for artificial intelligence-based services. It is considered a vital resource in the 4th industrial revolution era based on artificial intelligence. However, it is well-known that only a few giant platforms that provide most of the current online services tend to monopolize personal data. Therefore, some governments have started enforcing personal data protection and mobility regulations to address this problem. Additionally, there are some notable activities from a technical perspective, and Web 3.0 is one of these. Web 3.0 focuses on distributed architecture to protect people's data sovereignty. An important technical challenge of Web 3.0 is how to facilitate the personal data storage technology to provide valuable data for new data-based services while providing data for producers' sovereignty. This study reviews some currently proposed personal data storage technologies. Furthermore, we discuss the domestic countermeasures from MyData perspective, which is a typical project for data-based businesses in Korea.