• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.767-779
• /
• 2013

A field of privacy protection lacks statistical information about the current status, compared to other fields. On top of that, since it has not been classified as a concrete separate field, the related survey is only conducted as a part of such concrete areas. Furthermore, this trend of being regarded as a part of fields such as informatization, information protection and law will continue in the near future. In this paper, a novel and practical way for collecting and storing a big amout of data from 110,000 privacy policies by data controller is proposed and the real analysis results is also shown. The proposed method can save time and cost compared with the traditional survey-based method while maintaining or even advancing the accuracy of results and speediness of process. The collected big personal data can be used to set up various kinds of statistical models and they will play an important role as a breakthrough of observing the present status of privacy information protection policy. The big data concept is incorporated into the privacy protection and we can observe the method and some results throughout the paper.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• Korean Journal of Biological Psychiatry
• /
• v.30 no.1
• /
• pp.7-16
• /
• 2023

Objectives This study aimed to review the Korean Constitution articles 14 and 20 of the "Law on suicide prevention" and investigate public perceptions of specific improvements to suicide prevention policies using results from the Korean 2018 National Survey on Suicide. Methods The questionnaire was designed to analyzing the act restricts sharing of patient information between hospitals, making it difficult to track suicide attempts. The questionnaire was also designed to suggest further medical and normative criteria for objective judgment of continuous follow-up utilizing suicide risk evaluations and proportional principle review that consider patients' and medical staff's basic rights. Results This study identified the result of the 1500 respondents, 79.1% believed that Korea should allow suicide prevention management to be implemented without requiring individual consent to protect suicide attempters. Conclusions According the results, I propose the following criteria for policy improvement: use of anonymized information and non-profit research for technical and ethical considerations, access to medical information only for therapeutic purposes, and use of surgical severity assessment criteria appropriate for Korea.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.8 no.5
• /
• pp.235-241
• /
• 2008

Please Interests in the medical service are increasing in internet environment as life quality of the people improves because of development in information and medical technology. The medical information in today's modern internet environment can violate privacy of the patients. Many medical institutions in Korea are very passive in the privacy protection of patients in the internet environment. The law, standard scheme and systematic guidance to prevent drain of medical information are not developed. This study examines cases of infringement pattern on information of each patient in the internet environment. This study will also try to find a solution to protect the personal information of patients in the internet environment in the measures of law system, technique and management.

• Journal of Korean Clinical Nursing Research
• /
• v.29 no.3
• /
• pp.261-270
• /
• 2023

Purpose: This study aimed to identify the influence of knowledge of personal information protection law and nursing patient advocacy on practice of personal information protection among nurses. Methods: The subjects were 130 nurses who have worked for six months or more in the ward of the tertiary or general hospitals. Data were collected from February 20 to March 3, 2023. Results: Factors influencing practice of personal information protection were acting as an advocate (β=.32, p=.004), environmental and educational influences (β=.21, p=.040), knowledge of personal information protection law (β=.19, p=.013) and clinical experience for five years or more but less than ten years (β=.17, p=.036). The regression model showed an explanatory power of 34.0%. Conclusion: Acting as an advocate has the most effect on practice of personal information protection. To promote practice of personal information protection for nurses, it is necessary to provide education related to privacy protection and encourage nursing patient advocacy.

• Journal of Digital Convergence
• /
• v.10 no.8
• /
• pp.149-157
• /
• 2012

Recently, many corporations and public institutions are busy preparing and providing measures in dealing with new privacy information law. This study reviews privacy impact assessments in order to perform preventing and diagnosis against potential threats focus on the K-hospital case. The quality of protection in K-hospital shows that the corporations itself is 79.0, the system is 97.0, the life cycle of the privacy is 67.4 and CCTV is 90.0. The lowest levels are saving and keeping 50.0, usage and offer 64.1 and destruction 66.7 among the life cycle of the privacy. The result of risk analysis shows that the highest levels are controlling for privacy 11.0, saving and keeping 12.5 and destruction 13.0. From the result, dangerous duplications are saving and keeping and destructions.

• The Journal of the Korea Contents Association
• /
• v.14 no.11
• /
• pp.164-174
• /
• 2014

The purpose of this study is to explore ways to resolve the conflicting issues that are currently applied in medical Act and medical privacy Act through the comparative Analysis of the Privacy Act and the Medical Information Protection Act foreign. the results run to establish the Public Health Act coming for the protection of health information is a characteristic of many countries, France in Europe, the United States and Canada had been running an independent medical information laws are enacted. Prescribes penalties of up to a fairly systematic method from the case records of patients would not have occurred in the management and implementation of the law and the protection of the author of the book focuses on the subject of medical records and physician records between patient confidentiality and privacy it can be seen that the method defined in. This indicates the need for the establishment of an independent medical information laws to protect all records relating to the patient systematically Korea also.

• Review of Korean Society for Internet Information
• /
• v.14 no.3
• /
• pp.78-85
• /
• 2013

The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.151-157
• /
• 2017

In the case of uploading privacy information of an information owner in the Internet, the information owner may want to deliver the privacy information itself or remove such information from the search list in order to prevent third parties from accessing the privacy information of the information owner. Such a right to be forgotten may collide with the freedom of expression of a third party. The right to be forgotten, which originates from the self-determination right on privacy information based on Article 10 and 17 of the Constitution and the freedom of expression, which is based on Article 21 thereof are all relative basic rights and are both limited by Item 2 under Article 37 of the same law, which is the general limitation provision for the basic rights. Therefore, when the right to be forgotten and the freedom of expression collides, it is not possible to give priority to one of the those unilaterally. It depends on the nature of the case at hand to find a natural balance for the harmonious solution for both parties. The criteria can be the sensitivity to the privacy of the information owner caused by the disclose of the privacy information, the public benefits such information may serve, the social common good that could be expected by the disclosure of the privacy information and the damages suffered in terms of the personal interest caused by the disclosure of the information, in a comprehensive manner.

• Journal of Digital Convergence
• /
• v.9 no.6
• /
• pp.81-90
• /
• 2011

Companies using internet as a kind of marketing means are increasing rapidly according to the expansion trend of e-commerce through internet and consumers also use internet as the common means of purchasing necessary articles. E-commerce using internet has advantages without limitation to temporal and spatial accessibility and general consumers and unspecified individuals also use internet to purchase their goods as well as general transactions such as advertisement, contract, payment and claim settlement. 'In the age of information, invasion of personal information resulted from the development of information and communication technology is one of the greatest problems all the countries in the world face. Therefore, Personal information protection Act is one of basic laws to protect personal information and rights and it is also an essential law in the age of information. In that sense, new Personal information protection Act is the advanced act containing various items to minimize the national damages from the leaking of private information and protect right to informational self-determination in the information society. It is expected that this legislation contributes to reduce the leaking of private information, enhance the level of privacy protection and develop privacy related industries. However, active participation of all members of our society and improvement of their recognition should be preceded for the rational and legal use of private information and the settlement of its protection culture. While the purpose of Personal information protection Act can protect privacy from collection, leaking, misuse and abuse of private information and enhance national interests and protect personal dignity and value, it also must perform the roles of balancing privacy protection with liberal information flow.