• Electronics and Telecommunications Trends
• /
• v.35 no.6
• /
• pp.88-96
• /
• 2020

As the usability and value of personal information increase, the importance of privacy protection has increased. In Korea, the scope of the use of pseudonymized personal information has increased because of revisions to the law. In the past, security technologies were used to safely store and manage personal information, but now, security technologies focused on usability are needed to safely use personal information. In this paper, we look at issues related to the de-identification and re-identification of personal information. Moreover, we examine the standards and techniques related to the de-identification of personal information.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.11
• /
• pp.395-402
• /
• 2022

In case of violation of the Personal Information Protection Act, administrative dispositions will be taken according to the legal standards, and the results will be announced. However, the current method has limitations in its effectiveness as repeated administrative dispositions are increasing despite the announcement by the disclosure system of the Personal Information Protection Act. In this paper, we deploy the introduction of the 'public announcement commandment' against violators by analyzing the administrative disposition results according to the violation of the Personal Information Protection Act. It is able to strengthen the existing disclosure system for self-disclose violations by providing easy recognition to the people about the fact of violation itself against the Personal Information Protection Act. Furthermore, we analyze major industries through the industry groups and violations of laws that were subject to publication, and data published on the results of administrative dispositions for violation of the Personal Information Protection Act. Finally, we propose the legal basis for the 'public announcement commandment' which allows the violator to publish by oneself for the announcement of the fact that the corrective action has been taken.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.99-106
• /
• 2013

Personal information protection has become one of the most impending business issues because leakage of personal information can cause tremendous financial losses and image degradation. Consequently, personal information protection initiatives have been recognized widely in business. To invigorate personal information protection investments, performance measurement method such as cost benefits analysis or qualitative analyses are needed, which have not been studied enough in the previous studies. This study proposes a performance measurement model which can include quantitative and qualitative analyses in the context of personal information protection investments. A comparative analysis has been performed on security investment and IT investment performance measurements, which leads to choose the WiBe method (developed by the German Interior Ministry), considering the privacy characteristics and the method's applicability. In particular, the quantitative effect measured how proactive threat assessment based on the way according to the nature of the businesses and organizations of privacy and possible investment decisions. This study proposes the 16 performance indicators, which turn out to be meaningful in terms of their materiality and feasibility by conducting focus group interviews of 25 experts on personal information protection.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.

• Journal of the Korean Home Economics Association
• /
• v.46 no.2
• /
• pp.59-71
• /
• 2008

The purpose of this study was to discuss the role of mothers in children's privacy protection on the Internet. Specifically, the study explored 1)children's privacy protection efforts on the Internet, 2)types of personal information children provided at Web sites, and 3)the effect of mothers' privacy protection efforts on their children's privacy protection levels. The Internet survey was conducted and total of 153 mothers and their children aged 12-13 were included for statistical analysis. The descriptive statistics and Ordinary Least Squares were used. The results yield that children showed relatively high levels in providing personal information on the Internet, while they have no sufficient competency at privacy protection. The effect of mothers' privacy protection efforts on children's privacy protection was partially supported. The longer hours of Internet use and frequent participation in online events increased the potential consequences of children's privacy invasion. Providing privacy standards for online service providers and marketers targeting children could help protect children's privacy. Moreover, education program targeting parents and children could contribute them reduce potential consequences of children's privacy invasion.

• Journal of the Korean Home Economics Association
• /
• v.37 no.10
• /
• pp.55-66
• /
• 1999

The purpose of this study is to propose consumer policy related to the protection of personal information on the basis of regulations and laws in the developed countries. From this study, implications for the protection consumer privacy are discussed as follows. First, Consumer education is needed to enhance consumers'knowledge on their privacy right and this should be done not only by private consumer organization but also by businesses. Second, Businesses should realize ethical responsibilities of consumers'privacy right when they use personal information by databasemarketing. Finally, Government should establish a privacy law concerning both public and private sectors.

• Journal of the Korean Institute of Oriental Medical Informatics
• /
• v.21 no.1
• /
• pp.1-13
• /
• 2015

The aim of this study was to investigate hospital employees' knowledge, recognition and practice on the protection of personal information. A total of 250 hospital employees were selected using convenient sampling in J province. The data were collected using self-reported questionnaire and were analyzed using SPSS 18.0 program and descriptive statistics, Chi-squire test, t-test, ANOVA, and Pearson correlation coefficients. Average score for knowledge, recognition and practice were significantly associated with gender, education, hospital size and there was a correlation among knowledge, recognition and practice. The results of this study will help to develop education program on the protection of personal information for hospital employees.

• Asian Journal of Innovation and Policy
• /
• v.9 no.3
• /
• pp.339-359
• /
• 2020

The policy change in the Data 3 Act is one of the issues that should be noted at a time when non-face-to-face business strategies become important after COVID-19. The Data 3 Act was implemented in South Korea on August 5, 2020, calling 'Big Data 3 Act' and 'Data Economy 3 Act,' and so personal information that was not able to identify a particular individual could be utilized without the consent of the individual. With the implementation of the Data 3 Act, it is possible to establish a fair economic ecosystem by ensuring fair access to data and various uses. In this paper, the law on the protection of personal information, which is the core of the Data 3 Act, was compared around Korea, the European Union and the United States, and the implications were derived through network analysis of keywords.