• The Korean Society of Law and Medicine
• /
• v.17 no.2
• /
• pp.315-346
• /
• 2016

With the development of big data processing technology, the potential value of healthcare big data has attracted much attention. In order to realize these potential values, various research using the healthcare big data are essential. However, the big data regulatory system centered on the Personal Information Protection Act does not take into account the aspect of big data as an economic material and causes many obstacles to utilize it as a research purpose. The regulatory system of healthcare information, centered on the primary purpose of patient treatment, should be improved in a way that is compatible with the development of technology and easy to use for public interest. To this end, it is necessary to examine the trends of overseas legal system reflecting the concerns about the balance of protection and utilization of personal information. Based on the implications of the overseas legal system, we can derive improvement points in the following directions from our legal system. First, a legal system that specializes in healthcare information and encompasses protection and utilization is needed. De-identification, which is an exception to the Privacy Act, should also clearly define its level. It is necessary to establish a legal basis for linking healthcare big data to create synergy effects in research. It is also necessary to examine the introduction of the opt-out system on the basis of the discussion on the foreign debate and social consensus. But most importantly, it is the people's trust in these systems.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• Korean journal of communication and information
• /
• v.25
• /
• pp.103-133
• /
• 2004

Korean citizens enjoy not only the freedom of communication but also the secrecy of electronic communication. Article 18 of the Constitution of the Republic of Korea prescribes that the secrecy of correspondence should not be infringed. Namely, all citizens enjoy guaranteed privacy of correspondence. But many people have been experiencing the infringement of those rights. The purpose of this paper is to evaluate whether Paragraph 2, Article 13 of the Act on Protection of the Secrecy of Correspondence infringes on the constitutional rights of privacy of electronic communication. The results of this study indicate that the law violates the Constitution. Paragraph 3, Article 12 (Personal Liberty, Personal Integrity) of the constitution stipulates that "Warrants issued by a judge through due process (upon the request of a prosecutor) have to be presented in case of arrest, detention, seizure, or search." However, prosecutors, the police, and National Intelligence Service have made numerous inquiries calling for the journalists' telephone records without warrants issued by a judge. So, this study suggests that the paragraph should be amended to be compatible with the Constitution. Meanwhile, journalists should make a more concerted effort to protect their news sources in exercising constitutionally protected freedom of the press.

• Journal of the Korean Society for information Management
• /
• v.36 no.4
• /
• pp.253-277
• /
• 2019

In the era of the 4th Industrial Revolution, the importance of data is intensifying, but there are many cases where it is not easy to use data due to personal information protection. Although criminal justice information is expected to have various useful values such as crime prediction and prevention, scientific investigation of criminal investigations, and rationalization of sentencing, the use of criminal justice information is currently limited as a matter of legal interpretation related to privacy protection and criminal justice information. This study proposed to convert criminal justice information into 'crime data' and use it as big data through the structuralization and categorization of criminal justice information. And when using "crime data," legal issues, value in use, considerations for data generation and use were verified by experts, and future strategic development plans were identified. Finally we found that 'crime data' seems to have solved the privacy problem, but it is necessary to specify in the criminal justice information related law and it is urgent to be organized in a standardized form for analysis to use big data. Future directions are to derive data elements, construct a dictionary thesaurus, define and classify personal sensitive information for data grading, and develop algorithms for shaping unstructured data.

• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.141-148
• /
• 2018

The purpose of this paper is to explore the scope of realization of multiple perspectives so that the implementation of the right to be forgotten is more realistic than the ideal information deletion concept. We examined domestic and foreign legal system and technology/service trends, and reflected the classification realization level of service realization, processing type and information characteristics of personal information processor, and legislative/technical factors for multi-level scope analysis. As a result, we have presented a matrix of the range of realization of the right to be forgotten and the scope of diversified regulation by the subject of protection. This study will be extended to the convergence of law and engineering, and will contribute to the prediction of social costs and expansion of the market by identifying the scope of 'deletion rights'.

• Korean Security Journal
• /
• no.53
• /
• pp.211-228
• /
• 2017

In May 2012, the police was empowered to electronically obtain location information of mobile devices from the telecommunication service provides for the purpose of rescue by the Act on the Protection, Use, ETC. of Location Information, after years of pressure with repeated serious violent crime outbreaks and controversy concerning the risk of breaching privacy. This study examines the environmental, legal, and technological challenges related to location tracking at the time of five years after the amendment of the law. The bottom line of police's locating power is to secure the lives of people in deadly emergent circumstance. Therefore, location tracking using given information should be swiftly proceeded after consideration and judgment of justification in timely manner to electronically request information to mobile carriers, and it is necessary to have somewhat flexibility of interpretation to be applied to diverse situation. In addition, location tracking technology should be continuously updated through cooperation with the stake-holders. Recognizing substantial problems in practice, we identified and explored the issues including obtaining prior consent for tracking the user's location in case of emergency, confirmation of emergency situation requiring police presence, qualification of legitimate requester, and limited applicability in various circumstances, which are required to reconsidered in conjunction with the personal information protection laws. Additional practical issues may include the expenses for information provision and other incentives to promote active cooperation by the telecom companies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.213-216
• /
• 2013

Big data, the use of privacy has been increasing to the development of wireless network infrastructure or technology development and wired Internet. By the way, Enforcement of private data preservation law the infringement accident which is still caused by despite with private data outflow occurs. The private data outflow avoids finance and to become the fire tube. Analyzes the pattern of private data from search of private data and detection process and the research which it extracts and the research is necessary in about perfection elimination of the private data which is unnecessary. From the research which it sees it researched a pattern extraction research and a complete elimination method in about private data protection and it did the pattern extraction and a complete elimination experiment of private data.

• Journal of Platform Technology
• /
• v.9 no.4
• /
• pp.32-41
• /
• 2021

The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.117-130
• /
• 2011

In a situation where worldwide free trade between countries has expanded recently, our country is being rapidly pushed FTA agreements with the financial developed countries such as United States, EU. According to the agreement, the user information of foreign financial companies in Korea is expected to be transfered overseas. In this paper, we need to define the scope and the definition about the transfer of information and analyze the relating domestic and foreign laws preparing for Cross Border Financial Information Transfer. Also, we review the expected issues about the transfer of information divided into institutional and technical sectors and arc presented the policy implication such as differentiation of regulatory information, enactment and amendment of Personal Information Protection Law(Draft) and related regulations, ensuring the safety of financial companies, raise the standard guidelines of the transfer of information. We refers to the needs for policy formulation to differentiate our privacy information from financial information to protect the privacy of users. The proposed countermeasures in this paper is expected to be helpful the measures to prepare for other institutions such as banks and supervisory authorities prepare for the future Cross Border Financial Information Transfer according to PTA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1607-1621
• /
• 2018

The financial industry, which guarantees a credible transaction and can not permit forgery of its transaction information, has hitherto adhered to a traditional centralized ledger management method. However, the blockchain technology has a decentralization which has been regarded as unsafe for the time being, and the more reliable transaction agreement and data integrity are guaranteed The world's financial industry and the IT world is causing the wave. Nevertheless, the inherent characteristics of the blockchain, such as the irreversibility of block information within a blockchain and the sharing of blocks between blockchain participants, can not avoid conflicts with the privacy laws. The purpose of this study is to investigate the problems related to deletion and the third party supply of personal information by focusing on these characteristics of the blockchain and to suggest the technical alternatives of the applicable blockchain and the improvement direction of the personal information protection law for using of blockchain technology.