• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.263-277
• /
• 2020

Children's use of the Internet is growing. Each company collects children's personal information. However, it is also difficult for children to recognize the concept of personal information. In this study, based on the analysis of newspaper children's personal information leakage, we investigated the occurrence of personal information leakage in children through ground theory, one of qualitative research methods used in the social science field. The ground theory is thought to be able to derive a causal relationship by identifying the leakage of children's personal information. As a result of the study, it was collected through the consent of the legal representative, but depending on the situation, the consent process was not performed. Even with the consent, it was found that due to insufficient measure to protect personal information, various situation(criminal damage, anxiety, embarrassment, anger, etc.) occurred the legal representative. As a result, children's personal information collection providers paid fines according to the situation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.4
• /
• pp.839-845
• /
• 2018

Sensitive data is encrypted and stored as privacy policy is strengthened through frequent leakage of personal information. For this reason, the cryptographically owned encrypted data is a very important analysis from the viewpoint of digital forensics. Until now, the digital evidence collection procedure only considers imaging, so hardware specific information is not collected. If the encryption key is generated by information that is not left in the disk image, the encrypted data can not be decrypted. Recently, an application for performing encryption using hardware specific information has appeared. Therefore, in this paper, hardware specific information which does not remain in file form in auxiliary storage device is studied, and hardware specific information collection method is introduced.

• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.1-10
• /
• 2014

In February 2014 Korean Bar Association has amended Professional Ethics Code as to stipulate attorney's duty to protect personal information. While existing Korean law and Professional Ethics Code has made attorney to keep client's confidential information, attorney's newly promulgated obligation has its meaning in that personal information of subject other than client is not protected through confidentiality rules, given that confidentiality obligation is interpreted to protect only client's information relating to representation. Moreover, duty to protect personal information deals with not only disclosure and use of information, which confidentiality rules is about, but also collection and retention process, access to and correction and care of information and even destruction of information. Amid unprecedented theft of personal data in several national banks and other serious leakage reported recently, this paper is going to contemplate the scope and application of the duty to protect personal information with hope to contribute to starting discussion on it.

• Journal of the Korean Society for information Management
• /
• v.32 no.1
• /
• pp.85-108
• /
• 2015

Personal Information Protection Act was first enacted in March, 2011, amended in September, 2011 and became effective. Nevertheless, the risk of interfering with personal information protection still remains, associated with collection, plagiarism, leakage, and even sales of personal information. The public libraries are not an exception. Accordingly, this study investigates the status of personal information protection in public libraries of Seoul and Gyeonggi province. Also, it tries to discover problems associated with the act and presents a model scheme to improve this situation. The scheme relates to (1) securing of a sufficient budget; (2) reinforcing professional education related to personal information; (3) developing detailed guidelines for public libraries.

• Convergence Security Journal
• /
• v.19 no.5
• /
• pp.63-73
• /
• 2019

In the 4th Industrial Revolution, information is collected and analyzed from people and objects through the rapid development of ICT. It is possible to create value. However, there are many legal and institutional restrictions on the collection of information aimed at people.Therefore, in-depth research on the protection and use of personal information in the rapidly changing cyber security environment is needed. The purpose of this study is to protect and utilize personal information for the operation of AI (Artificial Intelligence) and big data during the 4th Industrial Revolution. It is to seek a paradigm shift. The organization of the research for this is: Chapter 1 examines the meaning of personal information during the 4th Industrial Revolution, Chapter 2 presents the framework for the review and analysis of prior research. In Chapter 3, after analyzing policies for the protection and utilization of personal information in major countries, Chapter 4 looks at the paradigm shift in personal information protection during the 4th Industrial Revolution and how to respond. Chapter 5 made some policy suggestions for the protection and utilization of personal information.

• The Korean Society of Law and Medicine
• /
• v.11 no.1
• /
• pp.117-143
• /
• 2010

Along with the development of digital technologies, the information obtained during the medical procedures was working as a source of valuable assets. Especially, the secondary use of personal health information gives the ordeal to privacy protection problems. In korea, the usage of personal medical information is basically regulated by the several laws in view of general and administrative Act like Medicine Act, Public institutions' personal information protection Act, Information-Network Act etc. There is no specific health information protection Act. Health information exchange program for the blood donor referral related with teratogenic drugs and contagious disease and medical treatment reporting system for income tax convenience are the two examples of recently occurred secondary use of health information in Korea. Basically the secondary use of protected health information is depend on the risk-benefit analysis. But to accomplish the minimal invasion to privacy, we need to consider collection limitation principle first. If the expected results were attained with alternative method which is less privacy invasive, we could consider the present method is unconstitutional due to the violation of proportionality rule.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.17 no.2
• /
• pp.317-322
• /
• 2013

Personal information is defined information related to users' privacy data. It can be verified information through social security number, image, and means relating to individual can verify. Such personal information is in accordance with the privacy act in law for the collection and usage in enterprises and institutions. However, it can be induced privacy problem when it is exposed information without attention. This user's inadvertent disclosure of personal information has occurred due to social engineering and intelligent cyber-crime occurred in order to solve these problems. A variety of protection solutions for personal information have been developed. Web privacy filtering firewall and solutions related with server have been developed among developed many solutions, web privacy filtering and firewall solutions is proposed in this paper.

• Journal of Software Engineering Society
• /
• v.25 no.1
• /
• pp.19-28
• /
• 2012

Personal registration number has been used as a means of personal identification on existing internet. However, its use on internet sites has become a major factor increasing danger of leaking of personal information. Presently, the government recommends i-PIN to minimize the collection of personal registration numbers and leaking of personal information on internet. Original purpose of i-PIN is to recognize persons by its virtual number of 13 digits instead of using personal registration number on internet websites. These days, i-PIN continues to be used increasingly as a form of certification. This study seeks to explore software service methodology of using i-PIN as a form of certification on internet websites and examples in which its other forms of self certification are used than existing i-PIN services.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.06a
• /
• pp.309-310
• /
• 2010

• Journal of Convergence for Information Technology
• /
• v.12 no.5
• /
• pp.1-14
• /
• 2022

This study tried to suggest crisis management compliance to prevent personal information infringement accidents that may occur in the process because the data including personal information is being processed in the artificial intelligence (AI) service process. To this end, first, the AI service provision process is divided into 3 processes such as service planning/data design and collection process, data pre-processing and purification process, and algorithm development and utilization process. And 3 processes are subdivided into 9 stages following to personal information processing stages to infringe personal information. All processes were investigated with literature and experts' Delphi. Second, the investigated personal information infringement factors were selected through FGI, Delphi, etc. for experts. Third, a survey was conducted with experts on the severity and possibility of each personal information infringement factor, and the validity and adequacy of the 94 responses were verified. Fourth, to present appropriate risk management compliance for personal information infringement factors in AI services, a method for calculating the risk level of personal information infringement is prepared by utilizing the asset value of personal information, personal information infringement factors, and the possibility of infringement accidents. Through this, the countermeasures for personal information infringement incidents were suggested according to the scored risk level.