• Informatization Policy
• /
• v.17 no.1
• /
• pp.43-62
• /
• 2010

Mandatory use of resident registration number in Korean websites is likely to result in an violation of privacy. The Korea government introduced i-PIN (Internet Personal Identification Number) to solve this problem in Oct of 2006. But the implementation of i-PIN has failed to decrease violation of privacy. Therefore, we must open our eyes to problems of i-PIN and the importance of privacy protection. This study analyzes the policy failures of i-PIN and considers countermeasures for protecting privacy on the Internet, and explores policy alternatives to secure privacy on the Internet by analyzing the implementation process of I-PIN. In conclusion, this study stresses the urgent need for a well-thought-out policy in order to solve the problems of i-PIN on the Internet. It expects that the i-PIN will make a big stride for the realization of secure electronic government.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.149-160
• /
• 2008

As individual users have to provide more information than the minimum for using information communication service, the invasion of privacy of Individual users is increasing. That is why client/server based personal information security platform technologies are being developed such as P3P, EPAL and XACML. By the way enterprises and organizations using primarily role based access control can not use these technologies. because those technologies apply access control policies to individual subjects. In this paper, we suggest an expression language for privacy enhancing role-based access control policy. Suggested privacy enhancing role-based access control policy language model is a variation of XACML which uses matching method and condition, and separately contains elements of role, purpose, and obligation. We suggest policy language model for permission assignment in this paper, shows not only privacy policy scenario with policy document instance, but also request context and response context for helping understanding.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.53-63
• /
• 2011

An SNS(Social Network Service) enables people to form a social network on online as in the real world. With the rising popularity of the service, side effects of SNSs were issued. Therefore we propose and implement a policy-based privacy protection module and access control policy language for ensuring the right of control of personal information and sharing data among SNSs. The policy language for protecting privacy is based on an attribute-based access control model which grants an access to personal information based on a user's attributes. The policy language and the privacy protection module proposed to give the right of control of personal information to the owner, they can be adopted to other application domains in which privacy protection is needed as well as secure sharing data among SNSs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.183-193
• /
• 2014

Korean personal data(information) protection law requires privacy policies post on every website. According to recent survey results, users' interests on these policies are low due to these policies' low readability and accessibility. This study proposes a layout that effectively conveys online privacy policy contents, and assesses its impact on information understandability, vividness, and recognition of users. Studies on privacy policies and layouts, media richness theory, social presence theory, and usability are used to develop the new layered approach. Using experiments, three major layouts are evaluated by randomly selected online users. Research results shows that information understandability, vividness, and recognition of privacy policies in the revised-layered approach are higher than those of in the text-only or table-based layouts. This study implies that employing visual guides like icons on privacy policy layouts may increase users' interest in those policies.

• The Journal of the Korea Contents Association
• /
• v.17 no.4
• /
• pp.461-467
• /
• 2017

Privacy laws are widely enforced throughout the general public and private sector, and the Ministry of Government Administration and Home Affairs is stepping up its annual level of protection and management levels annually. However, in actual field, it has limits to follow the laws that are amended to comply with the privacy laws of the public sector. Therefore, this study should examine the trends of privacy protection and examine items that require adherence to privacy practices in public institutions. In addition, it is hoped to draw implications for the problems arising from the task itself, as well as providing implications for the issues that are closely related to the public in the privacy of the privacy policies.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.305-312
• /
• 2020

The Privacy Act stipulates that the privacy policy document, which is a privacy statement, should be disclosed in order to guarantee the rights of the information subjects, and the Fair Trade Commission considers the privacy policy as a condition and conducts an unfair review of the terms and conditions under the Terms and Conditions Control Act. However, the information subjects tend not to read personal information because it is complicated and difficult to understand. Simple and legible information processing policies will increase the probability of participating in online transactions, contributing to the increase in corporate sales and resolving the problem of information asymmetry between operators and information entities. In this study, complex personal information processing policies are analyzed using deep learning, and models are presented for acquiring simplified personal information processing policies that are highly readable by the information subjects. To present the model, the personal information processing policies of 258 domestic companies were established as data sets and analyzed using deep learning technology.

• 한국경영정보학회:학술대회논문집
• /
• 2007.11a
• /
• pp.411-416
• /
• 2007

Only a few P3P-based privacy aware systems address the discrepancy between a service provider's privacy policy and the user's typical concerns-hence, putting service usage at risk. Moreover, since users are typically nomadic in pervasive computing services, their specific privacy concerns would dynamically change according to the surrounding context. This leads us to develop a dynamically adjusting P3P-based policy for a personalized, privacy-aware service as a core element of secure pervasive computing. Hence, the purpose of this paper is to propose a pervasive P3P-based negotiation mechanism for privacy control which functions in a dynamic and flexible way.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.5 no.9
• /
• pp.1653-1667
• /
• 2011

Privacy is one of the most important and difficult research issues in ubiquitous computing. It is qualitative rather than quantitative. Privacy preserving mainly relies on policy based rules of the system, and users cannot adjust their privacy disclosure rules dynamically based on their wishes. To make users understand and control their privacy measurement, we present a scheme to quantize the personal privacy. We aim to configure the person's privacy based on the numerical privacy level which can be dynamically adjusted. Instead of using the traditional simple rule engine, we implement this scheme in a complex way. In addition, we design the scenario to explain the implementation of our scheme. To the best of our knowledge, we are the first to assess personal privacy numerically to achieve precision privacy computing. The privacy measurement and disclosure model will be refined in the future work.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.107-119
• /
• 2013

The purpose of this study is to find an answer why internet users are unconcern about their privacy information. We found that perceived privacy risk and website usability have a significant effect on privacy unconcern. That is, individuals who have experiences privacy incidents are more likely to be unconcern about their privacy information. Accordingly, organizations who supply services on the web have to pay more attention to these individuals to increase a privacy concern. Implications and Conclusions are discussed.

• Journal of Digital Convergence
• /
• v.18 no.4
• /
• pp.81-89
• /
• 2020

Since the Korean privacy policy was legalized in 2011, the related academical researches have been lasted in various fields. Upcoming so-called 3 data laws would be implemented, it is meaningful to review privacy policy studies for exploring future research direction. For this purpose, the total of 146 journals from 2011 to 2019 were reviewed by the content analysis following as research subjects, methodologies and constructions of studies. As results, the numbers of the researches have been conducted on protection policies themselves for improvement, comparing with other countries' policies and also digital finance information protection were deeply discussed. Some of technology based protection applications were experimented and suggested. The major research characteristics was mainly focused on case analysis and criminal laws and policies were developed as protection contingencies. However, most research objects were focused on the protection regulations, not deregulation, therefore, researchers in future study need to explore more digital industry-centric tasks which are practically applied in safer ways. Further, social agreement in using private information will be an essential to prevent indiscriminate use.