• Smart Media Journal
• /
• v.8 no.1
• /
• pp.9-18
• /
• 2019

In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.

• Journal of Digital Convergence
• /
• v.17 no.3
• /
• pp.215-220
• /
• 2019

The block chain technology is a technique that prevents manipulation of data and ensures integrity and reliability. Ethereum is building a smart contract environment as a type of encryptionenabled system based on block chains. Smart contracts can be implemented when conditions are met, thus increasing confidence in digital data. However, smart contracts that are being tried in various ways are not covered by information security and personal information protection. The structure in which the network participant can view the open transaction ledger is exposed to data or personal information listed in the block chain. In this study, it is possible to manage the data of personal information recorded in the block chain directly. This study is protected personal information by preventing the exposure of personal information and by executing time code, it is possible to erase recorded information after a certain period of time has elapsed. Based on the proposed system in the future, it is necessary to study the additional management techniques of unknown code defects or personal information protection.

• Informatization Policy
• /
• v.23 no.4
• /
• pp.38-58
• /
• 2016

The ever-evolving Internet environment along with changes in the mass media has been creating a new way of communicating in the virtual cyber world. The Internet users have more services at their disposal to communicate with ease. Such a new way of communication styles, however, makes them vulnerable to personal information leakage, increasing the concerns of cyber security. A thorny issue is how we can control the disclosure of personal information. Lately, the Korean government implemented privacy policies to resolve and prevent personal information leakage incidents that incur social problems. Here, we seek to identify problems in the privacy policies for better solutions.

• Journal of Legislation Research
• /
• no.53
• /
• pp.177-211
• /
• 2017

In the course of the emergence and development of new ICT technologies and services such as Big Data, Internet of Things and Artificial Intelligence, the future will change by these new innovations in the Fourth Industrial Revolution. The future of this fourth industrial revolution will change and our future will be data-based society or economy. Since there is personal information at the center of it, the development of the economy through the utilization of personal information will depend on how to make the personal information protection laws. In Korea, which is trying to lead the 4th industrial revolution, it is a legal interest that can not give up the use of personal information, and also it is an important legal benefit that can not give up the personal interests of individuals who want to protect from personal information. Therefore, it is necessary to change the law on personal information protection in a rational way to harmonize the two. In this regard, this article discusses the problems of duplication and incompatibility of the personal information protection law, the scope of application of the personal information protection law and the uncertainty of the judgment standard, the lack of flexibility responding to the demand for the use of reasonable personal information, And there is a problem of reverse discrimination against domestic area compared to the regulated blind spot in foreign countries. In order to solve these problems and to improve the legislation of personal information protection in the era of the fourth industrial revolution, we proposed to consider both personal information protection and safe use by improving the purpose and regulation direction of the personal information protection law. The balance and harmony between the systematical maintenance of the personal information protection legislation and laws and regulations were also set as important directions. It is pointed out that the establishment of rational judgment criteria and the legislative review to clarify it are necessary for the constantly controversial personal information definition regulation and the method of allowing anonymization information as the intermediate domain. In addition to the legislative review for the legitimate and non-invasive use of personal information, there is a need to improve the collective consent system for collecting personal information to differentiate the subject and to improve the legislation to ensure the effectiveness of the regulation on the movement of personal information between countries. In addition to the issues discussed in this article, there may be a number of challenges, but overall, the protection and use of personal information should be harmonized while maintaining the direction indicated above.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.131-141
• /
• 2013

Matters related to the right to be forgotten started the dispute Europe to introduce it first when Data Protection Directive established in 1995 proceeded revision. Relating to this, diverse disputes proceed on responding to personal information protection and internet laws in our nation. Especially as our National Assembly submitted the law regarding the promotion of information and communication network use and protection of information and amendment of copyright, it is necessary to look into the movement on introduction of law of right to be forgotten closely in detail. EU which attempted the institutionalization for the first time, relating to review of General Data Protection Regulation, proposed opinions such as the necessity to define subjects of personal information concretely and specifically and or protection target and balanced consideration on freedom of expression which is constitutional value. In the case of our nation, there was legislation attempt to introduce the regulation but it was limited in the form of fallen effectiveness without concrete and detailed review on internet law. To solve such problems, it is necessary to look into issues and matters to be considered required to accept right to be forgotten closely and discuss possibility of introducing right to be forgotten, conflicts between fundamental rights becoming issue, effect of goal achievement of personal information protection through the system introduction, and other rational acceptance method.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.2
• /
• pp.7-17
• /
• 2017

In this paper, we propose the TPS (TPM-enhanced Privacy Protection System) which is an automated privacy protection system enhanced with a TPM (Trusted Platform Module). The TPS detects documents including personal information by periodic scanning the disk of clients at regular intervals and encrypts them. Hence, system manages the encrypted documents in the server. In particular, the security of TPS was greatly enhanced by limiting the access of documents including the personal information with regard to the client in an abnormal state through the TPM-based platform verification mechanism of the client system. In addition, we proposed and implemented a VTF (Virtual Trusted File) interface to provide users with the almost identical user interface as general document access even though documents containing personal information are encrypted and stored on the remote server. Consequently, the TPS automates the compliance of the personal information protection acts without additional users' interventions.

• Journal of Internet Computing and Services
• /
• v.25 no.4
• /
• pp.87-96
• /
• 2024

Information power has been a major criterion for wealth disparity in human history, and since the advent of the Fourth Industrial Revolution, referred to as the data economy era, personal information has also gained economic value. Additionally, companies collect and analyze customer information to use as a marketing tool, providing personalized services, making the collection of quality customer information crucial to a company's success. However, as the amount of data held by companies increases, crimes of stealing personal information for financial gain have surged, making corporate customer information a target for criminals. The leakage of personal information and its circumstances lead to a decline in corporate trust from the customer's perspective, threatening corporate sustainability with falling stock prices and decreased sales. Therefore, companies find themselves in a paradoxical situation where the utilization of personal information is increasing while the risk of personal information leakage is also growing. This study used the news big data analysis system, BIG KINDS, to analyze major keywords before and after media coverage on personal information leaks, examining domestic media coverage trends. Through this, we identified the impact of personal information leakage on corporate sustainability and analyzed the connection between personal information protection and sustainable corporate management. The results derived from this study are expected to serve as foundational data for companies seeking ways to enhance sustainable management while increasing the utilization of personal information.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.1
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.99-106
• /
• 2012

Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.