• The KIPS Transactions:PartC
• /
• v.17C no.2
• /
• pp.159-164
• /
• 2010

The data wiping is a technique which perfectly deletes data in a storage to prevent data recovery. Currently, management of stored data is important because of increasing an accident of personal information leakage. Especially, if you need to discard data contained personal information, using a wiping tool which permanently deletes data to prevent unnecessary personal information leakage. The data wiping is also used for data security and privacy protection. However the data wiping can be used intentionally destruction of evidence. This intentionally destruction of evidence is important clues of forensic investigation. This paper demonstrates the methods for detecting the usage of wiping tools in digital forensic investigation.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.6
• /
• pp.84-90
• /
• 2020

As the uploading and downloading of data through the Internet is becoming more common, data including personal information are easily exposed to unauthorized users. In this study, we detect a target area in images that contain personal information, except for the background, and we protect the detected target area by using a blocking method suitable for the surrounding situation. In this method, only the target area from color image input containing personal information is segmented based on skin color. Subsequently, blurring of the corresponding area is performed in multiple stages based on the surrounding situation to effectively block the detected area, thereby protecting the personal information from being exposed. Experimental results show that the proposed method blocks the object region containing personal information 2.3% more accurately than an existing method. The proposed method is expected to be utilized in fields related to image processing, such as video security, target surveillance, and object covering.

• Industry Promotion Research
• /
• v.9 no.1
• /
• pp.47-55
• /
• 2024

In the transportation sector, reducing total vehicle mileage and passenger vehicle traffic are proposed as strategies to achieve carbon neutrality. To achieve this, MaaS services must be actively promoted with the goal of revitalizing public transportation. In order to promote MaaS, individual movement data is required, such as the individual's means of movement, route, and conversion of the individual's means of use. However, in Korea, there are legal limitations in collecting and utilizing data on individual movements. As the right to request transmission of personal information was newly established in the revised Personal Information Protection Act in 2023, a law was established to collect and utilize data on individual movements. However, enforcement ordinance, detailed rules, instructions, guidelines must be prepared, and the standardization of data format and transmission system for collecting my data needs to take precedence.

• The Korean Society of Law and Medicine
• /
• v.17 no.2
• /
• pp.315-346
• /
• 2016

With the development of big data processing technology, the potential value of healthcare big data has attracted much attention. In order to realize these potential values, various research using the healthcare big data are essential. However, the big data regulatory system centered on the Personal Information Protection Act does not take into account the aspect of big data as an economic material and causes many obstacles to utilize it as a research purpose. The regulatory system of healthcare information, centered on the primary purpose of patient treatment, should be improved in a way that is compatible with the development of technology and easy to use for public interest. To this end, it is necessary to examine the trends of overseas legal system reflecting the concerns about the balance of protection and utilization of personal information. Based on the implications of the overseas legal system, we can derive improvement points in the following directions from our legal system. First, a legal system that specializes in healthcare information and encompasses protection and utilization is needed. De-identification, which is an exception to the Privacy Act, should also clearly define its level. It is necessary to establish a legal basis for linking healthcare big data to create synergy effects in research. It is also necessary to examine the introduction of the opt-out system on the basis of the discussion on the foreign debate and social consensus. But most importantly, it is the people's trust in these systems.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.87-92
• /
• 2012

In the early 2012, European Union proposed new legal framework, including the right to be forgotten, for the protection of personal data. The new Proposal articulates kind of sweeping new privacy right and there has been debates on its potential threat to free speech in the digital age. While the situation is similar in Korea, I want to introduce the right to be forgotten in the Proposal. Then, I will analyze current legal system in Korea regarding the new privacy right and suggest some guidelines in searching direction for the coming legislation with respect to the right to be forgotten. The right to be forgotten should not have been promulgated without considering fully its effect on the free speech, especially in the society where the voice toward direct democracy or movement toward participation of the citizen, mainly through cyber space or Social Network Services, has risen much higher in Korea. Especially, the new right seems not to cover the control of data subject on a third party where the third party expressing his opinion by posting himself other's personal data on his blog or others.

• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1013-1023
• /
• 2016

Transborder data flow(TBDF) of personal information in Korea has been limited by current Privacy law which request data subject to give consent. As the IT industry is growing at an incredible rate, there is a need to review the existing law to cope with growing industrial demand and increasing numbers of international data transfer. The transfer of personal data overseas not only allow businesses providing IT services including finance, internet, e-commerce to thrive, but also impact every aspect of our lives which are increasingly depended on these technology. Transmitting personal data across borders raises serious questions of privacy protection and restriction of business operation. In ordrer to promote interoperability of personal data in international environment, a considerable amount of research and debate needs to be taken before implementing a sound policy. This paper presents a need for a sound TBDF policy in Korea by examine the main policy challenges associated with TBDF. Finally, the paper identify policy suggestions based on European Union's approach as they have successfully implemented TBDF policy that balanced data privacy and economic agenda.

• The Journal of Society for e-Business Studies
• /
• v.24 no.1
• /
• pp.121-137
• /
• 2019

De-identification is a method by which the remaining information can not be referred to a specific individual by removing the personal information from the data set. As a result, de-identification can lower the exposure risk of personal information that may occur in the process of collecting, processing, storing and distributing information. Although there have been many studies in de-identification algorithms, protection models, and etc., most of them are limited to structured data, and there are relatively few considerations on de-identification of unstructured data. Especially, in the medical field where the unstructured text is frequently used, many people simply remove all personally identifiable information in order to lower the exposure risk of personal information, while admitting the fact that the data utility is lowered accordingly. This study proposes a new method to perform de-identification by applying the k-anonymity protection model targeting unstructured text in the medical field in which de-identification is mandatory because privacy protection issues are more critical in comparison to other fields. Also, the goal of this study is to propose a new utility metric so that people can comprehend de-identified data set utility intuitively. Therefore, if the result of this research is applied to various industrial fields where unstructured text is used, we expect that we can increase the utility of the unstructured text which contains personal information.

• The Journal of Society for e-Business Studies
• /
• v.20 no.2
• /
• pp.93-106
• /
• 2015

Providing trading partners with personal information to establish an e-commerce financial transaction is inevitable. Most e-commerce companies keep personal information and transaction data for user's convenience and develop additional services as their applications. However, keeping personal information increases the likelihood of identity theft causing direct or indirect damage while it may simplify repetitive financial transactions. This study introduces risk management methods based on quantitative and qualitative analysis including demand-supply curve model and Gordon & Loeb model to analyze the risks for security management. The empirical analysis with survey results from KISA (Korea Information Security Agency) shows that the root cause of different statistics of personal information leakage incidents according to core business of internet companies is the difference in their Loss Expectancy caused by them. Also we suggest disciplinary compensation and higher standard for personal information protection as a solution to prevent the variation of investment on it between individual companies.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.67-75
• /
• 2021

As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.