• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2010.05a
• /
• pp.269-273
• /
• 2010

7.7 DDoS incident due to recent events and the emerging importance of privacy and Privacy laws are being discussed in the National Assembly. In this study, Legislative Assembly Secretariat support organization focused on using the system, such as the Internet network and the administrative, technical and physical security elements on the status of confidentiality, availability, integrity and security criteria to identify and follow and We are analyzing. In addition, the Internet, including network and use the system primarily for use, Legislative support agency, The National Assembly Secretariat staff awareness about information security and privacy on the survey for compliance with codes of conduct and We are analyzing. Through this analysis of legislative support agencies' security status, and social responsibility as an institution will wish to encourage the role.

• Journal of the Korean Society of Radiology
• /
• v.83 no.4
• /
• pp.759-770
• /
• 2022

The importance of ethics in research and the use of artificial intelligence (AI) is increasingly recognized not only in the field of healthcare but throughout society. This article intends to provide domestic readers with practical points regarding the ethical issues of using radiological images for AI research, focusing on data security and privacy protection and the right to data. Therefore, this article refers to related domestic laws and government policies. Data security and privacy protection is a key ethical principle for AI, in which proper de-identification of data is crucial. Sharing healthcare data to develop AI in a way that minimizes business interests is another ethical point to be highlighted. The need for data sharing makes the data security and privacy protection even more important as data sharing increases the risk of data breach.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• Journal of Digital Convergence
• /
• v.9 no.6
• /
• pp.81-90
• /
• 2011

Companies using internet as a kind of marketing means are increasing rapidly according to the expansion trend of e-commerce through internet and consumers also use internet as the common means of purchasing necessary articles. E-commerce using internet has advantages without limitation to temporal and spatial accessibility and general consumers and unspecified individuals also use internet to purchase their goods as well as general transactions such as advertisement, contract, payment and claim settlement. 'In the age of information, invasion of personal information resulted from the development of information and communication technology is one of the greatest problems all the countries in the world face. Therefore, Personal information protection Act is one of basic laws to protect personal information and rights and it is also an essential law in the age of information. In that sense, new Personal information protection Act is the advanced act containing various items to minimize the national damages from the leaking of private information and protect right to informational self-determination in the information society. It is expected that this legislation contributes to reduce the leaking of private information, enhance the level of privacy protection and develop privacy related industries. However, active participation of all members of our society and improvement of their recognition should be preceded for the rational and legal use of private information and the settlement of its protection culture. While the purpose of Personal information protection Act can protect privacy from collection, leaking, misuse and abuse of private information and enhance national interests and protect personal dignity and value, it also must perform the roles of balancing privacy protection with liberal information flow.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.6 no.7
• /
• pp.9-16
• /
• 2016

As life in a rapidly changing Internet age at home and abroad, large amounts of information are being used medical, financial, services, etc. Accordingly, especially hospitals, is an invasion of privacy caused by leakage and intrusion of personal information in the system in medical institutions, including clinics institutions. To protect the privacy & information protection of personal health medical information in medical institutions at home and abroad presented by national policies and de-identification processing technology standards in accordance with the legislation. By comparative analysis in existing domestic and foreign institutional privacy and de-identification technique, derive a advanced one of pseudonymization and anonymization techniques for destination data items that fell short in comparison to the domestic laws and regulations, etc. De-identification processing technology for personal health information is compared to a foreign country pharmaceutical situations. We propose a new de-identification techniques by reducing the risk of re-identification processing to enable the secondary use of domestic medical privacy.

• International Journal of Advanced Culture Technology
• /
• v.5 no.3
• /
• pp.46-55
• /
• 2017

In recent years, public area CCTV has also begun to become more popular in the Korea. 2011, Korea's Ministry of Public Administration and Security has recommended that other local governments set up an integrated CCTV control center in each of their districts. The ministry was planning to make it compulsory for local governments to install an integrated CCTV control center by 2015. More than 570,000 public cameras are managed by public agencies and local government offices. Currently, the integrated CCTV control center is playing a very positive role in fighting crimes in the district particularly through its liaison with the district police. The CCTVs were operated by a several different agencies and departments in the district, resulting in considerable redundancy in public service, inefficiency and delays in response to crimes, and other emergency situations. Therefore, Control Center should be operated lawfully and efficiently. CCTV Control Center will be managed by three ways: (1) IT Governance through cooperation with civil areas (2) by regulated with proper laws and (3) managed by proper guideline and personal training.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.9-17
• /
• 2014

With the rapid development of the Internet and information technology, a company that deals with personal information does not have proper action to protect personal privacy and not take measures for the safe handling and management of personal information. It generates the case to abuse of personal information occurring frequently. In order to focus the effort to reduce damage and protect the privacy of personal information entity and enhance privacy laws based on the connection method and the processing of personal information, Korea encourages a company to follow regulation by providing certain criteria. However, in the case of items of measures standard of safety of personal information such as priority applicable criteria in accordance with the importance of itemized characteristics and the company of each individual information processing is not taken into account, and there are some difficulties to execute. Therefore, we derive criteria by law and reviewing existing literature related, the details of the measures standard of safety of personal information in this study and generate a hierarchical structure by using the KJ method for layering and quantification of the evaluation in integration of the reference item similar and the grouping. Accordingly, the weights calculated experts subject using the AHP method hierarchical structures generated in this manner, it is an object of the proposed priority for privacy and efficient more rational enterprise.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.1-14
• /
• 2020

IT businesses in Korea have relatively strong regulations. While providing the same service, domestic businesses are in a situation of 'reverse discrimination of regulations' as they are less competitive than global IT companies in accordance with the application of the personal information protection legislation in Korea. In this paper, Personal Information Protection legislation was classified and laws of major countries were analyzed in comparative ways. It also compared and analyzed the "private policy" presented by representative Internet sites (Naver, Daum, Google, Facebook) that provide services to users in Korea. We also proposed three aspects of legislation improvement to address reverse discrimination.

• Informatization Policy
• /
• v.21 no.1
• /
• pp.17-34
• /
• 2014

The study on the structure of personal information flows is very important because government can measure and respond the risks caused by companies which collect personal information from other personal data users to operate their business. Recently, as the value of personal information is increasing, number of companies which intend to process a large scale of personal information is increasing too. Accordingly, the issue on the structure of personal data flow has become important for the leading personal information processors which receive far more personal information from others to comply the personal information protection laws. However, research on this issue has rarely performed so far. Therefore, this study proposes a framework for personal information data flow structure based on network theory. Theoretically, the results of the study may contribute to extending the application areas of the network theory to personal information area. Practically, the study may contribute to assisting regulatory authorities to find and monitor personal information processors.