• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.329-339
• /
• 2022

Recently, as personal information has been used as data, various new industries have been discovered, but cases of personal information leakage and misuse have occurred one after another due to insufficient systematic management system establishment. In addition, services that use personal information anonymously and anonymously have emerged since the enforcement of the Data 3 Act in August 2020, but personal information issues have arisen due to insufficient alias processing, safety measures for alias information processing, and insufficient hate expression. Therefore, this study proposed a new PbD principle that can be applied to the pseudonym information life cycle based on the Privacy by Design (PbD) principle proposed by Ann Cavoukian [1] of Canada to safely utilize personal information. In addition, the significance of the proposed method was confirmed through a survey of 30 experts related to personal information protection.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.13-21
• /
• 2012

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection/use of privacy data, processing of sensitive information/personal ID information, and encryption of privacy information); restrictions on installation/operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study.

• Information Systems Review
• /
• v.16 no.2
• /
• pp.1-23
• /
• 2014

With side effects such as Phishing and Spam using personal information in Social Network Service, there is a growing need for studies related to harmful behaviors such as the reason for privacy violation. As such, this study assumed privacy violation to be ethical decision, making behavior and used the Theory of Planned Behavior and Motivation Theory, which are mostly used in social science to identify the factors affecting privacy violation. The results suggested that the Perceived Enjoyment and Punishment used in motivation studies affected privacy violation behaviors, and that the factors of the Theory of Planned Behavior such as Attitude toward Privacy Violation, Subjective Norms of Privacy Violation, and Perceived Behavioral Control with regard to Privacy Violation significantly influenced the Intention to Privacy Violation. On the other hand, Perceived Curiosity and Subjective Norms of Privacy Violation did not affect the Intention to Privacy Violation. Therefore, this study confirmed that the Theory of Planned Behavior was appropriate to explain the Intention to Privacy Violation, and that the variables of the Motivation Theory generally influenced the Attitude toward Privacy Violation. This study was significant since it extended the scope of theoretical privacy study from users and victims centered to inflictor and applied the Extended Theory of Planned Behavior using the variables of the Motivation Theory in the study of Intention to Privacy Violation. From the practical aspect, it provided the ground for privacy education based on the fact that the Attitude toward Privacy Violation can be curbed when education on the Privacy Concerns, Perceived Enjoyment, and Punishment with regard to privacy is strengthened. It also cited the need for the punishment of privacy violation and the practical ground to amend the terms and conditions of user license and Personal Information Protection Act to provide policy support.

• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• Proceedings of the Korea Inteligent Information System Society Conference
• /
• 2005.11a
• /
• pp.226-233
• /
• 2005

Ubiquitous computing is a study area explained in a myriad of contexts and technological terms. So when you try to define it with simple words, it gets even more confusing. Payment. however, refers in nature to an act of money transfer from one entity to another, and it is obvious that a payment method will be valued as long as the transaction can be completed with safety no matter what technology was used. In the end, the key to U-payment is convenience and security in the transfer of financial information. The purpose of this paper is to find a desirable U-payment scheme by looking at the characteristics of seamlessness under the ubiquitous environments, Strong Personal Device, and peer-based if information transactions. We also propose U-SDT Protocol integrating critical technologies such as Radio Frequency Identification (RFID), Bluetooth, Personal Payment Device, Account Managing Application and Transaction ID as a way to make transactions between users seamless and secure better privacy protection.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Convergence Security Journal
• /
• v.11 no.5
• /
• pp.99-108
• /
• 2011

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection / use of privacy data, processing of sensitive information / personal ID information, and encryption of privacy information); restrictions on installation / operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study. Possible solutions proposed by this study can be summed up as follows: By changing minds with sufficient legal reviews, it is required for security service providers to 1) clearly and further specify any purposes of collecting and using privacy information, if possible, 2) obtain any privacy information by legitimate means as it is necessary to collect such information, 3) stop providing any personal information for the 3rd parties or for any other purposes except fundamental purposes of using privacy information, and 4) have full knowledge about duty of safety measure in accordance with safe maintenance of privacy information and protect any personal information from unwanted or intentional leakage to others.

• The Korean Journal of Archival Studies
• /
• no.29
• /
• pp.225-268
• /
• 2011

The general public are interested in the politics and form public opinion and keep in check the government for true democracy. The general public have the right to be furnished information from the government. And the government should enact the Freedom of Information Act to provide the public's right to know. At the same time, the government should enact the Data Protection Act to provide the public's right to privacy. There is a friction between the Freedom of Information Act and the Data Protection Act. It's hard to maintain the proper balance between the Freedom of information Act and the Data Protection Act, but many countries try to do so. The UK enacted the Data Protection Act 1998(DPA), which entered into force on 2000, to comply with EU Directive 1995. The Freedom of Information Act 2000(FOI), which came fully into force on 2005, was passed in 2000. The FOI imposes significant duties and responsibilities on public authorities to give access to the information they hold. The purpose of this study is to consider the provisions of the personal data in FOI and DPA. Besides this, it identifies the complaint cases on public authorities about the disclosure and exemption of the personal data in comparison with the acts. If information is the personal data of the person making the request, it will disclose under the DPA. If information is the personal data of a third party, it will disclose under the FOI. These acts interact each other to make up for the weak points in the other to make a proper application of the act on public authorities. This study may have any limitation in making a comparative study of the disclosure and exemption of the personal data in Korea. But it is expected to provide a basis for understanding the disclosure and exemption of the personal data in the UK.

• Review of KIISC
• /
• v.22 no.1
• /
• pp.47-57
• /
• 2012

미국의 개인정보보호 정책은 시장의 자율규제에 입각하여 소비자의 권리를 보호하는 것에 초점을 맞추고 있다. 관리되는 법률로는 연방정부기관이 보유하고 있는 개인정보에 관한 보호법규인 1974년의 프라이버시법(Federal Privacy Act 1974)과 각 주단위로 규정된 프라이버시권 관련 법률들이 있다. 현재 공공과 개인을 아울러서 총괄하는 법은 존재하지 않지만 다양한 영역별로 접근 방식을 택하여 세부적으로 공공, 금융, 통신, 교육, 의료, 비디오 감시, 근로자 정보 등 각 영역별로 제정하여 시행하고 있다. 본고에서는 미국의 개인정보보호 법제 현황에 대해 살펴보았으며, 최근에 국내에서도 수행기관이 지정된 개인정보영향평가에 대한 내용을 분석하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1013-1023
• /
• 2016

Transborder data flow(TBDF) of personal information in Korea has been limited by current Privacy law which request data subject to give consent. As the IT industry is growing at an incredible rate, there is a need to review the existing law to cope with growing industrial demand and increasing numbers of international data transfer. The transfer of personal data overseas not only allow businesses providing IT services including finance, internet, e-commerce to thrive, but also impact every aspect of our lives which are increasingly depended on these technology. Transmitting personal data across borders raises serious questions of privacy protection and restriction of business operation. In ordrer to promote interoperability of personal data in international environment, a considerable amount of research and debate needs to be taken before implementing a sound policy. This paper presents a need for a sound TBDF policy in Korea by examine the main policy challenges associated with TBDF. Finally, the paper identify policy suggestions based on European Union's approach as they have successfully implemented TBDF policy that balanced data privacy and economic agenda.