• Journal of Korea Society of Digital Industry and Information Management
• /
• v.8 no.1
• /
• pp.89-98
• /
• 2012

According to the enforcement of Personal Information Protection Act as of September 2011, the laws and regulations for the protection of personal information that were applied only to the certain sectors such as information & communication network, financial institutions, public sector etc. for the time being has been expanded to apply to all public and private sectors to process personal information. In particular, because the public institutions are obliged to be mandatorily conducted of the Privacy Impact Assessment, it will be enforced in earnest for each agency's informationization business that handles personal information. In this paper, I examine the most derived vulnerability and set up the improvement measure to supplement it with the examples of 10 of all the institutions conducting the Privacy Impact Assessment in the year 2011. And, I suggest the measures to be prepared by the institutions to observe the Personal Information Protection Act.

• The Journal of the Korea Contents Association
• /
• v.11 no.3
• /
• pp.84-99
• /
• 2011

As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

• Journal of Digital Convergence
• /
• v.10 no.8
• /
• pp.149-157
• /
• 2012

Recently, many corporations and public institutions are busy preparing and providing measures in dealing with new privacy information law. This study reviews privacy impact assessments in order to perform preventing and diagnosis against potential threats focus on the K-hospital case. The quality of protection in K-hospital shows that the corporations itself is 79.0, the system is 97.0, the life cycle of the privacy is 67.4 and CCTV is 90.0. The lowest levels are saving and keeping 50.0, usage and offer 64.1 and destruction 66.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are controlling for privacy 11.0, saving and keeping 12.5 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.57-63
• /
• 2015

Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.127-142
• /
• 2013

Since Personal Information Protection Act came into effect on September 2011, PIA(Privacy Impact Assessment) of public institutions has become obliged. Therefore, an increasing demand for PIA professionals is being expected. In domestic, however, no specialized certificates exist and therefore similar certificates have become a requirement for PIA professionals. Henceforth, however, the system based on these similar certificates is to be an obstacle to advancing PIA. Therefore, this study analyzes the sufficiency of current similar certificates compared with the PIA qualification requirements. And then, analyzes the validity of allowance as similar certificates by using this outcome of the validity. As this comparison draws a clear gap between PIA qualification and similar certificates, this paper suggest three suggestions to improve current qualification. Three suggestions are expected to contribute a qualitative improvement of the PIA industry.

• Journal of Information Management
• /
• v.40 no.1
• /
• pp.69-86
• /
• 2009

The biggest paradigm of the latest telecommunications is ubiquitous computing. It is a technology basis to realize ubiquitous society that would affect social, economical and cultural industries with positive influence. However, there is a simultaneous concern that the approach to ubiquitous society may violate one's privacy. Therefore, the existence of legal and technological regulation would be the biggest obstacle in further RFID technology and industry dissemination. Also, in business side, they must invest with enormous expense and technology if technological method is only approached for the solution. As in the research, 8 RFID applications, application process and inspection items and 85 appraisal list of "An impact assessment for the privacy protection in RFID applications" developed by P. K. Han(2006), will be used as an indicator to measure RFID privacy impact assessment. In addition, it is to develop RFID privacy impact assessment index by applying objective data with survey of applied specialists. This would provide a data with feasibility and reliability to RFID related companies and able to utilize policy making on RFID private data. In addition, it is expected to contribute as an efficiency tool for individual data to build basis of ubiquitous society.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.6
• /
• pp.73-82
• /
• 2012

This paper reviews Privacy Impact Assessments in order to perform preventing and diagnosis against potential threats focused on the C-Shopping mall case. The quality of protection in C-shopping mall shows that the corporations itself is 29.2, the system is 68.8, the life cycle of the privacy is 25.5 and CCTV is 60.0. The lowest levels are the corporation's management 16.7, the life-cycle's saving and keeping 12.5, usage and offer 11.5 and destruction 16.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are saving and keeping 13.3 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.973-983
• /
• 2016

It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.

• The Journal of Korean Association of Computer Education
• /
• v.15 no.2
• /
• pp.75-81
• /
• 2012

As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

• Informatization Policy
• /
• v.22 no.1
• /
• pp.47-72
• /
• 2015

According to the progress of national informatization throughout the world, infringement and threaten of privacy are happening in a variety of fields, so government is providing information security policy. In particular, South Korea has enhanced personal impact assessment based on the law of personal information protection law(2011). But it is not enough to effect the necessary cost calculation standards and changeable factors to effect PIA. That is, the budgets for PIA was calculated lower than the basic budget suggested by Ministry of Government Administration Home affairs(2011). Therefore, this study reviewed the cost calculation basis based on the literature review, cost basis of similar systems, and reports of PIA and obtained to the standard with Delphi analysis. As a result, the standards of PIA is consisted to the primary labors and is utilized to how the weights by division of target system, construction and operating costs of target system, type of target systems, etc. Thus, the results of this study tried to contribute to ensure the reliability of PIA as well as the transparency of the budget for privacy in public sector.