• Journal of the Korea Society of Computer and Information
• /
• v.25 no.5
• /
• pp.209-216
• /
• 2020

As depository system for negotiation or reimbursement to the victim in criminal case is reflected to consideration for diminishing punishment and hence, it is very important in the process. According to the current law, one needs to fill out victim's personal information such as name, address, and ID number for processing depository. However, if the victim is sexual violence victim, all the personal information is covered up becoming anonymous. Therefore, it becomes difficult for the accused person to get necessary information. Such covering up action is to prevent further second damage that may be caused such as threatening for the negotiation whereas victim has no willingness to forgive the accused. However, even if the accused person regrets his/her crime and make reimbursement to the victim, as they have no personal information on the victim it becomes impossible for them to make the depository. If we apply ESCROW system here it will allow victims to avoid any direct contact with the accused person as well as preventing any privacy disclosure. Also, for the accuse person, they can show how much they regret by making depository within their capability.

• Journal of Internet Computing and Services
• /
• v.16 no.4
• /
• pp.141-148
• /
• 2015

The Personal Information Protection Act enacted in March 2011 stated that the application target of this law includes all personal information processors in the public and private sector, and established the protection standard by phase such as collection, use and provision of personal information. There was an introduction of the Privacy Impact Assessment system that enables personal information processors to perform impact assessment autonomously if there are great concerns over the fact that making and expanding personal information files will influence the protection of personal information, while also making impact assessment compulsory for public institutions in specific reasons with great concerns for violating the rights of the subjects of information. This Act still has the problem that it is generally difficult to understand. This paper deals with the Korean legal practices about the personal information protection with regard to ambiguity and promotional system.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.12
• /
• pp.4062-4080
• /
• 2022

COVID-19, a highly infectious disease, has affected the globe tremendously since its outbreak during late 2019 in Wuhan, China. In order to respond to the pandemic, governments around the world introduced a variety of public health measures including contact-tracing, a method to identify individuals who may have come into contact with a confirmed COVID-19 patient, which usually leads to quarantine of certain individuals. Like many other governments, the South Korean health authorities adopted public health measures using latest data technologies. Key data technology-based quarantine measures include:(1) Electronic Entry Log; (2) Self-check App; and (3) COVID-19 Wristband, and heavily relied on individual's personal information for contact-tracing and self-isolation. In fact, during the early stages of the pandemic, South Korea's strategy proved to be highly effective in containing the spread of coronavirus while other countries suffered significantly from the surge of COVID-19 patients. However, while the South Korean COVID-19 policy was hailed as a success, it must be noted that the government achieved this by collecting and processing a wide range of personal information. In collecting and processing personal information, the data minimum principle - one of the widely recognized common data principles between different data protection laws - should be applied. Public health measures have no exceptions, and it is even more crucial when government activities are involved. In this study, we provide an analysis of how the governments around the world reacted to the COVID-19 pandemic and evaluate whether the South Korean government's digital quarantine measures ensured the protection of its citizen's right to privacy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.97-106
• /
• 2014

CCTV(Closed Circuit television) is one of the widely used physical security technologies and video acquisition device installed at specific point with various purposes. Recently, as the CCTV capabilities improve, facial recognition from the information collected from CCTV video is under development. However, in case these technologies are exploited, concerns on major privacy infringement are high. Especially, a computer connected to a particular space images taken by the camera in real time over the Internet has emerged to show information services. In the privacy law, safety measures which is related with biometric template are notified. Accordingly, in this paper, for the protection of privacy video information in the video surveillance system, the technical and managerial requirements for video information security are suggested.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.7 no.2
• /
• pp.311-319
• /
• 2017

Recently invasion of privacy problem in medical information have been issued following the interest in secondary use of large medical information. These large medical information is very useful information that can be used in various fields such as disease research and prevention. However, due to the privacy laws such as Privacy Act and Medical Law, these informations including patients or health professionals' personal information are difficult to utilize secondary. Accordingly, various methods such as k-anonymity, l-diversity and differential-privacy that can be utilized while protecting privacy have been developed and utilized in this field. In this paper, we study differential privacy processing procedure, one of various methods, and find out about the differential privacy problem using Laplace noise. Finally, we propose a new method using the Shamir's secret sharing method and symemetric key encryption algorithm such as AES for this problem.

• Journal of Korea Society of Industrial Information Systems
• /
• v.17 no.6
• /
• pp.73-82
• /
• 2012

This paper reviews Privacy Impact Assessments in order to perform preventing and diagnosis against potential threats focused on the C-Shopping mall case. The quality of protection in C-shopping mall shows that the corporations itself is 29.2, the system is 68.8, the life cycle of the privacy is 25.5 and CCTV is 60.0. The lowest levels are the corporation's management 16.7, the life-cycle's saving and keeping 12.5, usage and offer 11.5 and destruction 16.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are saving and keeping 13.3 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

• Journal of Digital Convergence
• /
• v.13 no.2
• /
• pp.115-120
• /
• 2015

As the cloud services, the underlying technology of the digital convergence environment, have been widely adopted in the business, personal information protection has been recognized as one of the major issues to resolve. When cloud services are used to process the personal information, the personal information protection law speculates the establishment of a contract or service level agreement(SLA). This research presents 7 privacy indicators and 13 metrics which can be included in cloud SLA, based on the analysis of related regulation and standards and the SMART(Specific, Measurable, Action-oriented, Relevant and Timely) model. The proposed indicators are examined using the Focus Group Interview method in terms of materiality and feasibility. The results show that all the proposed indicators are meaningful and useful.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.31-40
• /
• 2017

UAV (Unmanned Aerial Vehicle) is increasingly used in diverse fields such as disaster, distributi on, and logistics, but it is pointed out that the inadequacy of related laws and invasion of privacy is an obstacle to industrial growth. The regulatory framework for UAV convergence services is pr oposed based on the regulatory framework. From the technical point of view, regulation on archite ctural design, from the market point of view, concurrent operation of services in a limited area, a l egal evaluation based on post-evaluation rather than a pre-regulation under the legislation of visua l information protection law and a social consensus will contribute to the early settlement of UAV -based convergence services.