• The Journal of Bigdata
• /
• v.3 no.2
• /
• pp.1-10
• /
• 2018

In the field of smart water management, there is an increasing demand for strengthening competitiveness through big data analysis. As a result, systematic management (Governance) of big data is becoming an important issue. Big data governance is a systematic approach to evaluating, directing and monitoring data management, such as data quality assurance, privacy protection, data lifetime management, data ownership and clarification of management rights. Failure to establish big data governance can lead to serious problems by using low quality data for critical decisions. In addition, personal privacy data can make Big Brother worry come true, and IT costs can skyrocket due to the neglect of data age management. Even if these technical problems are fixed, the big data effects will not be sustained unless there are organizations and personnel who are dedicated and responsible for data-related issues. In this paper, we propose a method of building data governance for smart water data management based on big data.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.169-179
• /
• 2011

Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.981-997
• /
• 2020

Blockchain technology can provide a high level security based on a decentralized distributed ledger and consensus-based structure. In order to increase the utilization of blockchain technology, it is necessary to find a way to use it in fields that require personal data processing such as health care and e-commerce. To achieve this goal, the blockchain based system should be able to comply with data privacy regulations represented by European Union(EU)'s GDPR(General Data Protection Regulation). However, because of the properties of the blockchain like the immutability and decentralized recorded data, it is difficult to technically implement the requirements of the existing privacy regulations on the blockchain. In this paper, we propose a multi-chain based access control system that can guarantee the rights of the personal data subject required by GDPR by utilizing Chameleon Hash and Attribute Based Encryption (ABE). Finally, we will show through security analysis that our system can handle personal data while maintaining confidentiality and integrity.

• Journal of Platform Technology
• /
• v.11 no.3
• /
• pp.56-67
• /
• 2023

Recently, de-identification of personal information, which has been a long-cherished desire of the data-based industry, was revised and specified in August 2020. It became the foundation for activating data called crude oil[2] in the fourth industrial era in the industrial field. However, some people are concerned about the infringement of the basic rights of the data subject[3]. Accordingly, a development study was conducted on the Batch De-Identification Tool, a personal information de-identification automation tool. In this study, first, we developed an image labeling tool to label human faces (eyes, nose, mouth) and car license plates of various resolutions to build data for training. Second, an object recognition model was trained to run the object recognition module to perform de-identification of personal information. The automated personal information de-identification tool developed as a result of this research shows the possibility of proactively eliminating privacy violations through online services. These results suggest possibilities for data-based industries to maximize the value of data while balancing privacy and utilization.

• Korean Security Journal
• /
• no.10
• /
• pp.215-242
• /
• 2005

As CCTV can be an effective tool to prevent or suppress crime at low cost, they have been widesoread in developed countries. In spite of their effectiveness, they infringe some constitutional rights such as the right to privacy, the right of likeness and the right to control over personal information. The police and ward offices install CCTV in public areas to prevent crimes without a legal basis or standard. When information obtained in such a way is used as investigation data for the police or as an evidence in a court, it can cause serious trouble. To solve this problem, legal restriction on the installation of CCTV as should be clearer. Since current laws on public agencies' protection of personal information are too general, they are not effective enough to protect personal information. Therefore, Personal Information Protection Organic Act should be enacted to make a legal basis for protecting comprehensive personal information. It should be obvious who installs CCTVs, who pay for the cost and how they are managed. Before installation, the police and ward offices should obtain residents' consent through a public hearing or voting (on the range and purpose of installation), or conduct an impact assessment. During installation, CCTVs should be limited to prevent or suppress crimes, keep public order and void dangers. In case of making a sign of installation, it must specify its rights. After installation(operation/management phase), they should abide by principles of information protection and try not to infringe constitutional right. In the cognitive aspect, the police should constitutional rights must be secured although it is important to carry out their missions. The police should serve citizens and change to the police of communities. Citizens should understand that constitutional right can be infringed if public order is not maintained. When citizens cooperate with the police, they fear of crimes will decrease.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.2
• /
• pp.311-317
• /
• 2018

The purpose of this study is to identify the needs of the nursery director, teachers, parents, and the general public regarding the use of mandatory CCTV. In other words, we will examine the benefits, problems, and solutions of mandatory CCTV. The subjects of this study included families, private day care centers, private presbytery, kindergartens, teachers, parents and the general public in D metropolitan city. The research tools were modified and supplemented questionnaires appropriately for the study purpose with reference to the previous research. Collected data was analyzed by frequency and F-test using SPSS 21.0 program. The main results of this study are as follows: First, the benefits of mandatory CCTV for daycare centers is that CCTV becomes objective evidence of human rights incidents, identifies violence among children, and can take measures. In addition, mandatory CCTV can also reduce or prevent abuse. Second, major problems concerning the mandatory use of nursery school CCTV include privacy, violation of basic rights, and education. CCTV is a stressful factor that causes teachers to feel embarrassed, uncomfortable, and tense. Third, the main improvement measures for the nursery school CCTV mandate are to prevent unfair staff and complement existing guidelines for CCTV use. Based on the results of the study, we detail the benefits, problems, and solutions for the nursing home CCTV mandatory poli.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Journal of Digital Convergence
• /
• v.16 no.8
• /
• pp.71-79
• /
• 2018

This study discussed the meaning of a drone, and especially drone journalism and legal and ethical issues around that, at an introductory dimension, which is used in various social bases, but is still just an academic discussion at the beginning stage. As a methodology, content analysis was used. It seems that drone journalism has high diffusibility as a technology with high 'relative advantage', 'compatibility', 'trial ability' and 'observability' and low 'complexity' in terms of the diffusion of innovation theory. However, it will be very likely that controversies will be raised, such as safety issue due to collision and crash, a dispute over violation of privacy that may seriously infringe privacy like individual portrait rights and a controversy about the accuracy and source of information as drone filming low price and ease of use. Suggest solutions to legal and ethical issues based on existing research. Technical stability is required. Also, it is necessary to change the awareness of journalists about the drones coverage and to educate ethics, and it is necessary to establish social public opinion on issues such as privacy violation and establish system and legal measures through it. Future research is expected to carry out empirical research including journalists and public awareness surveys.

• Journal of Digital Convergence
• /
• v.10 no.11
• /
• pp.87-92
• /
• 2012

In the early 2012, European Union proposed new legal framework, including the right to be forgotten, for the protection of personal data. The new Proposal articulates kind of sweeping new privacy right and there has been debates on its potential threat to free speech in the digital age. While the situation is similar in Korea, I want to introduce the right to be forgotten in the Proposal. Then, I will analyze current legal system in Korea regarding the new privacy right and suggest some guidelines in searching direction for the coming legislation with respect to the right to be forgotten. The right to be forgotten should not have been promulgated without considering fully its effect on the free speech, especially in the society where the voice toward direct democracy or movement toward participation of the citizen, mainly through cyber space or Social Network Services, has risen much higher in Korea. Especially, the new right seems not to cover the control of data subject on a third party where the third party expressing his opinion by posting himself other's personal data on his blog or others.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.3 no.4
• /
• pp.295-303
• /
• 2008

Under the obligations which is a protection of privacy and a respect for human rights of each person critical is caused by time about surveillance system and CCTV markets which stagnate during that about 911 terror after that securities about importance raising and direction of a ceremony crime prevention are caused by with world grafting of up-to-date IT technique of domestic and changes with the intelligent style surveillance system which leads and quite from the remote place the dead zone this the image which is photographed the Internet leads and with the intelligent style CCTV surveillance systems will be able to control which area at real-time watch and is embodied.