• Title/Summary/Keyword: Privacy impact assessment

Search Result 25, Processing Time 0.027 seconds

A Research on Institution's Countermeasure for Personal Information Protection Act Based on the Examples of Performing the Privacy Impact Assessment (개인정보 영향평가 수행 사례에 기반한 기관의 개인정보보호법 대응방안에 관한 연구)

  • Cho, Sung Kyu;Jun, Moon Seog
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.8 no.1
    • /
    • pp.89-98
    • /
    • 2012
  • According to the enforcement of Personal Information Protection Act as of September 2011, the laws and regulations for the protection of personal information that were applied only to the certain sectors such as information & communication network, financial institutions, public sector etc. for the time being has been expanded to apply to all public and private sectors to process personal information. In particular, because the public institutions are obliged to be mandatorily conducted of the Privacy Impact Assessment, it will be enforced in earnest for each agency's informationization business that handles personal information. In this paper, I examine the most derived vulnerability and set up the improvement measure to supplement it with the examples of 10 of all the institutions conducting the Privacy Impact Assessment in the year 2011. And, I suggest the measures to be prepared by the institutions to observe the Personal Information Protection Act.

Analyzing Assessment Factors to Develop a Privacy Impact Assessment Pre-Diagnostic Tool (개인정보 영향평가 사전진단도구 개발을 위한 평가 요소 분석)

  • Young-Ae Jung
    • Journal of Platform Technology
    • /
    • v.12 no.1
    • /
    • pp.151-163
    • /
    • 2024
  • The Privacy Impact Assessment, PIPA in Korea refers to the process of analyzing risk factors and identifying improvements that must be carried out by organizations that operate personal information files as stipulated in Article 33 of the Personal Information Protection Act, PIPA and Article 35 of the Enforcement Decree of the PIPA. There are two main limitations of the PIA in Korea. The first limitation is that the targets of the PIA are limited to public institutions and organizations that are legally equivalent to public institutions, and the second limitation is that only organizations with adequate manpower, facilities, and other necessary requirements which are regulated upon the Enforcement Decree of the PIPA can conduct a PIA. This paper proposes to develop a preliminary diagnostic tool that can be performed by private companies, small and medium-sized venture companies, and small businesses in the era of rapidly developing data in recent years and presents an analysis of specific assessment factors. The results of this study are provided in the form of a self-checklist, which is expected to serve as a pre-diagnostic tool for the PIA that can be easily accessed by the general public. It is also expected to contribute to strengthening privacy protection and achieving legal compliance at the national level.

  • PDF

Personal Information Protection by Privacy Impact Assessment in Information System Audit (정보시스템 감리에서 개인정보 영향평가를 통한 개인정보 보호)

  • Kim, Hee-Wan;Ryu, Jae-Sung;Kim, Dong-Soo
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.3
    • /
    • pp.84-99
    • /
    • 2011
  • As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

A case study of Privacy Impact Assessment -Focus on K hospital Privacy impact assessment case- (개인정보 영향평가 사례 연구 -K병원의 영향평가 사례를 중심으로-)

  • Jeon, Dong-Jin;Jeong, Jin-Hong
    • Journal of Digital Convergence
    • /
    • v.10 no.8
    • /
    • pp.149-157
    • /
    • 2012
  • Recently, many corporations and public institutions are busy preparing and providing measures in dealing with new privacy information law. This study reviews privacy impact assessments in order to perform preventing and diagnosis against potential threats focus on the K-hospital case. The quality of protection in K-hospital shows that the corporations itself is 79.0, the system is 97.0, the life cycle of the privacy is 67.4 and CCTV is 90.0. The lowest levels are saving and keeping 50.0, usage and offer 64.1 and destruction 66.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are controlling for privacy 11.0, saving and keeping 12.5 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

A Study on the Implementation of the Privacy Impact Assessment Management System for Enterprise (기업을 위한 개인정보영향평가 관리 시스템의 구현에 관한 연구)

  • Sun, Jae Hoon;Kim, Yong Ho
    • Convergence Security Journal
    • /
    • v.15 no.4
    • /
    • pp.57-63
    • /
    • 2015
  • Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

A Study in the Improvement and Analysis Problem of Privacy Impact Assessment Qualification Criteria: focus on Similarity Analysis between Similar Certificates and Certification System of Privacy Impact Assessment (개인정보영향평가 자격기준의 문제분석과 개선방안 연구 - 유사자격과 개인정보영향평가 자격체계와의 유사성 분석을 중심으로)

  • Kim, Erang;Shim, Mina;Lim, Jong In
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.1
    • /
    • pp.127-142
    • /
    • 2013
  • Since Personal Information Protection Act came into effect on September 2011, PIA(Privacy Impact Assessment) of public institutions has become obliged. Therefore, an increasing demand for PIA professionals is being expected. In domestic, however, no specialized certificates exist and therefore similar certificates have become a requirement for PIA professionals. Henceforth, however, the system based on these similar certificates is to be an obstacle to advancing PIA. Therefore, this study analyzes the sufficiency of current similar certificates compared with the PIA qualification requirements. And then, analyzes the validity of allowance as similar certificates by using this outcome of the validity. As this comparison draws a clear gap between PIA qualification and similar certificates, this paper suggest three suggestions to improve current qualification. Three suggestions are expected to contribute a qualitative improvement of the PIA industry.

An Impact Assessment Index for the RFID Privacy (RFID 개인정보 영향평가지수 개발)

  • Han, Pil-Koo;Kang, Byung-Goo
    • Journal of Information Management
    • /
    • v.40 no.1
    • /
    • pp.69-86
    • /
    • 2009
  • The biggest paradigm of the latest telecommunications is ubiquitous computing. It is a technology basis to realize ubiquitous society that would affect social, economical and cultural industries with positive influence. However, there is a simultaneous concern that the approach to ubiquitous society may violate one's privacy. Therefore, the existence of legal and technological regulation would be the biggest obstacle in further RFID technology and industry dissemination. Also, in business side, they must invest with enormous expense and technology if technological method is only approached for the solution. As in the research, 8 RFID applications, application process and inspection items and 85 appraisal list of "An impact assessment for the privacy protection in RFID applications" developed by P. K. Han(2006), will be used as an indicator to measure RFID privacy impact assessment. In addition, it is to develop RFID privacy impact assessment index by applying objective data with survey of applied specialists. This would provide a data with feasibility and reliability to RFID related companies and able to utilize policy making on RFID private data. In addition, it is expected to contribute as an efficiency tool for individual data to build basis of ubiquitous society.

A Study on Strengthening Domestic Personal Information Impact Assessment(PIA)

  • Young-Bok Cho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.29 no.6
    • /
    • pp.61-67
    • /
    • 2024
  • In this paper, we presented a strengthening plan to prevent personal information leakage incidents by securing legal compliance for personal information impact assessment and suggesting measures to strengthen privacy during personal information impact assessment. Recently, as various services based on big data have been created, efforts are being made to protect personal information, focusing on the EU's GDPR and Korea's Personal Information Protection Act. In this society, companies entrust processing of personal information to provide customized services based on the latest technology, but at this time, the problem of personal information leakage through consignees is seriously occurring. Therefore, the use of personal information by trustees.

A case study of Privacy Impact Assessment for C-Shopping Mall (C쇼핑몰 개인정보 영향평가 사례연구)

  • Jeon, Dong-Jin;Jeong, Jin-Hong
    • Journal of Korea Society of Industrial Information Systems
    • /
    • v.17 no.6
    • /
    • pp.73-82
    • /
    • 2012
  • This paper reviews Privacy Impact Assessments in order to perform preventing and diagnosis against potential threats focused on the C-Shopping mall case. The quality of protection in C-shopping mall shows that the corporations itself is 29.2, the system is 68.8, the life cycle of the privacy is 25.5 and CCTV is 60.0. The lowest levels are the corporation's management 16.7, the life-cycle's saving and keeping 12.5, usage and offer 11.5 and destruction 16.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are saving and keeping 13.3 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

Problems and Improvement of Privacy Impact Assessment (개인정보영향평가의 문제점과 개선방안)

  • Choi, Young-hee;Han, Keun-hee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.4
    • /
    • pp.973-983
    • /
    • 2016
  • It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.