• Title/Summary/Keyword: Privacy Impact Assessment

Search Result 22, Processing Time 0.029 seconds

A Research on Institution's Countermeasure for Personal Information Protection Act Based on the Examples of Performing the Privacy Impact Assessment (개인정보 영향평가 수행 사례에 기반한 기관의 개인정보보호법 대응방안에 관한 연구)

  • Cho, Sung Kyu;Jun, Moon Seog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.1
    • /
    • pp.89-98
    • /
    • 2012
  • According to the enforcement of Personal Information Protection Act as of September 2011, the laws and regulations for the protection of personal information that were applied only to the certain sectors such as information & communication network, financial institutions, public sector etc. for the time being has been expanded to apply to all public and private sectors to process personal information. In particular, because the public institutions are obliged to be mandatorily conducted of the Privacy Impact Assessment, it will be enforced in earnest for each agency's informationization business that handles personal information. In this paper, I examine the most derived vulnerability and set up the improvement measure to supplement it with the examples of 10 of all the institutions conducting the Privacy Impact Assessment in the year 2011. And, I suggest the measures to be prepared by the institutions to observe the Personal Information Protection Act.

Personal Information Protection by Privacy Impact Assessment in Information System Audit (정보시스템 감리에서 개인정보 영향평가를 통한 개인정보 보호)

  • Kim, Hee-Wan;Ryu, Jae-Sung;Kim, Dong-Soo
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.3
    • /
    • pp.84-99
    • /
    • 2011
  • As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

A case study of Privacy Impact Assessment -Focus on K hospital Privacy impact assessment case- (개인정보 영향평가 사례 연구 -K병원의 영향평가 사례를 중심으로-)

  • Jeon, Dong-Jin;Jeong, Jin-Hong
    • Journal of Digital Convergence
    • /
    • v.10 no.8
    • /
    • pp.149-157
    • /
    • 2012
  • Recently, many corporations and public institutions are busy preparing and providing measures in dealing with new privacy information law. This study reviews privacy impact assessments in order to perform preventing and diagnosis against potential threats focus on the K-hospital case. The quality of protection in K-hospital shows that the corporations itself is 79.0, the system is 97.0, the life cycle of the privacy is 67.4 and CCTV is 90.0. The lowest levels are saving and keeping 50.0, usage and offer 64.1 and destruction 66.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are controlling for privacy 11.0, saving and keeping 12.5 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

A Study on the Implementation of the Privacy Impact Assessment Management System for Enterprise (기업을 위한 개인정보영향평가 관리 시스템의 구현에 관한 연구)

  • Sun, Jae Hoon;Kim, Yong Ho
    • Convergence Security Journal
    • /
    • v.15 no.4
    • /
    • pp.57-63
    • /
    • 2015
  • Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

A Study in the Improvement and Analysis Problem of Privacy Impact Assessment Qualification Criteria: focus on Similarity Analysis between Similar Certificates and Certification System of Privacy Impact Assessment (개인정보영향평가 자격기준의 문제분석과 개선방안 연구 - 유사자격과 개인정보영향평가 자격체계와의 유사성 분석을 중심으로)

  • Kim, Erang;Shim, Mina;Lim, Jong In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.1
    • /
    • pp.127-142
    • /
    • 2013
  • Since Personal Information Protection Act came into effect on September 2011, PIA(Privacy Impact Assessment) of public institutions has become obliged. Therefore, an increasing demand for PIA professionals is being expected. In domestic, however, no specialized certificates exist and therefore similar certificates have become a requirement for PIA professionals. Henceforth, however, the system based on these similar certificates is to be an obstacle to advancing PIA. Therefore, this study analyzes the sufficiency of current similar certificates compared with the PIA qualification requirements. And then, analyzes the validity of allowance as similar certificates by using this outcome of the validity. As this comparison draws a clear gap between PIA qualification and similar certificates, this paper suggest three suggestions to improve current qualification. Three suggestions are expected to contribute a qualitative improvement of the PIA industry.

An Impact Assessment Index for the RFID Privacy (RFID 개인정보 영향평가지수 개발)

  • Han, Pil-Koo;Kang, Byung-Goo
    • Journal of Information Management
    • /
    • v.40 no.1
    • /
    • pp.69-86
    • /
    • 2009
  • The biggest paradigm of the latest telecommunications is ubiquitous computing. It is a technology basis to realize ubiquitous society that would affect social, economical and cultural industries with positive influence. However, there is a simultaneous concern that the approach to ubiquitous society may violate one's privacy. Therefore, the existence of legal and technological regulation would be the biggest obstacle in further RFID technology and industry dissemination. Also, in business side, they must invest with enormous expense and technology if technological method is only approached for the solution. As in the research, 8 RFID applications, application process and inspection items and 85 appraisal list of "An impact assessment for the privacy protection in RFID applications" developed by P. K. Han(2006), will be used as an indicator to measure RFID privacy impact assessment. In addition, it is to develop RFID privacy impact assessment index by applying objective data with survey of applied specialists. This would provide a data with feasibility and reliability to RFID related companies and able to utilize policy making on RFID private data. In addition, it is expected to contribute as an efficiency tool for individual data to build basis of ubiquitous society.

A case study of Privacy Impact Assessment for C-Shopping Mall (C쇼핑몰 개인정보 영향평가 사례연구)

  • Jeon, Dong-Jin;Jeong, Jin-Hong
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.17 no.6
    • /
    • pp.73-82
    • /
    • 2012
  • This paper reviews Privacy Impact Assessments in order to perform preventing and diagnosis against potential threats focused on the C-Shopping mall case. The quality of protection in C-shopping mall shows that the corporations itself is 29.2, the system is 68.8, the life cycle of the privacy is 25.5 and CCTV is 60.0. The lowest levels are the corporation's management 16.7, the life-cycle's saving and keeping 12.5, usage and offer 11.5 and destruction 16.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are saving and keeping 13.3 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

Problems and Improvement of Privacy Impact Assessment (개인정보영향평가의 문제점과 개선방안)

  • Choi, Young-hee;Han, Keun-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.973-983
    • /
    • 2016
  • It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.

Development of Privacy Impact Assessment Tool (개인정보 영향평가 툴 개발)

  • Heo, Jin-Man;Woo, Chang-Woo;Park, Jung-Ho
    • The Journal of Korean Association of Computer Education
    • /
    • v.15 no.2
    • /
    • pp.75-81
    • /
    • 2012
  • As the number of web users is increasing, the leakage of personal information is increasing. If some personal information is leaked, the victim can suffer from material damage or mental damage at the same time. Most of the leakages are result from the people who works for the personal information by accident or design. Hence, the Ministry of Public Administration and Security proposeed the measuring index and enumerates the details. The index is used in a system to check protection of a personal information. However, because this system is used to evaluate after the leakage, it cannot be used to construct some security system or programming a security system. To solve this problem, it needs to express the diversity of items and be able to count what assessors want to count. Thus, a summary sheet which displays the result of the tool will be presented in a radial form graph. Details will be presented as a bar graph. Therefore, it will be proposed that the tool can grasp the weak point and propose the direction of security.

  • PDF

A Study on Developing the Model of Reasonable Cost Calculation for Privacy Impact Assessment of Personal Information Processing System in Public Sector (공공기관 개인정보 처리시스템의 개인정보 영향평가를 수행하기 위한 합리적인 대가 산정 모델 개발에 관한 연구)

  • Shin, Young-Jin
    • Informatization Policy
    • /
    • v.22 no.1
    • /
    • pp.47-72
    • /
    • 2015
  • According to the progress of national informatization throughout the world, infringement and threaten of privacy are happening in a variety of fields, so government is providing information security policy. In particular, South Korea has enhanced personal impact assessment based on the law of personal information protection law(2011). But it is not enough to effect the necessary cost calculation standards and changeable factors to effect PIA. That is, the budgets for PIA was calculated lower than the basic budget suggested by Ministry of Government Administration Home affairs(2011). Therefore, this study reviewed the cost calculation basis based on the literature review, cost basis of similar systems, and reports of PIA and obtained to the standard with Delphi analysis. As a result, the standards of PIA is consisted to the primary labors and is utilized to how the weights by division of target system, construction and operating costs of target system, type of target systems, etc. Thus, the results of this study tried to contribute to ensure the reliability of PIA as well as the transparency of the budget for privacy in public sector.