• Asia pacific journal of information systems
• /
• v.24 no.1
• /
• pp.93-112
• /
• 2014

As personal data breach reared up as a problem domestically and globally, organizations appointing chief privacy officers (CPOs) are increasing. Related Korean laws, 'Personal Data Protection Act' and 'the Act on Promotion of Information and Communication Network Utilization and Information Protection, etc.' require personal data processing organizations to appoint CPOs. Research on the characteristics and role of CPO is called for because of the importance of CPO being emphasized. There are many researches on top management's role and their impact on organizational performance using the Upper Echelon theory. This study investigates what influence the characteristics of CPO gives on the organizational privacy performance. CPO's definition varies depending on industry, organization size, required responsibility and power. This study defines CPO as 'a person who takes responsibility for all the duties on handling the organization's privacy,' This research assumes that CPO characteristics such as role, personality and background knowledge have an influence on the organizational privacy performance. This study applies the part relevant to the upper echelon's characteristics and performance of the executives (CEOs, CIOs etc.) for CPO. First, following Mintzberg and other managerial role classification, information, strategic, and diplomacy roles are defined as the role of CPO. Second, the "Big Five" taxonomy on individual's personality was suggested in 1990. Among these five personalities, extraversion and conscientiousness are drawn as the personality characteristics of CPO. Third, advance study suggests complex knowledge of technology, law and business is necessary for CPO. Technical, legal, and business background knowledge are drawn as the background knowledge of CPO. To test this model empirically, 120 samples of data collected from CPOs of domestic organizations are used. Factor analysis is carried out and convergent validity and discriminant validity were verified using SPSS and Smart PLS, and the causal relationships between the CPO's role, personality, background knowledge and the organizational privacy performance are analyzed as well. The result of the analysis shows that CPO's diplomacy role and strategic role have significant impacts on organizational privacy performance. This reveals that CPO's active communication with other organizations is needed. Differentiated privacy policy or strategy of organizations is also important. Legal background knowledge and technical background knowledge were also found to be significant determinants to organizational privacy performance. In addition, CPOs conscientiousness has a positive impact on organizational privacy performance. The practical implication of this study is as follows: First, the research can be a yardstick for judgment when companies select CPOs and vest authority in them. Second, not only companies but also CPOs can judge what ability they should concentrate on for development of their career relevant to their job through results of this research. Cultural social value, citizen's consensus on the right to privacy, expected CPO's role will change in process of time. In future study, long-term time-series analysis based research can reveal these changes and can also offer practical implications for government and private organization's policy making on information privacy.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.151-163
• /
• 2024

The Privacy Impact Assessment, PIPA in Korea refers to the process of analyzing risk factors and identifying improvements that must be carried out by organizations that operate personal information files as stipulated in Article 33 of the Personal Information Protection Act, PIPA and Article 35 of the Enforcement Decree of the PIPA. There are two main limitations of the PIA in Korea. The first limitation is that the targets of the PIA are limited to public institutions and organizations that are legally equivalent to public institutions, and the second limitation is that only organizations with adequate manpower, facilities, and other necessary requirements which are regulated upon the Enforcement Decree of the PIPA can conduct a PIA. This paper proposes to develop a preliminary diagnostic tool that can be performed by private companies, small and medium-sized venture companies, and small businesses in the era of rapidly developing data in recent years and presents an analysis of specific assessment factors. The results of this study are provided in the form of a self-checklist, which is expected to serve as a pre-diagnostic tool for the PIA that can be easily accessed by the general public. It is also expected to contribute to strengthening privacy protection and achieving legal compliance at the national level.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.15 no.4
• /
• pp.213-225
• /
• 2019

Privacy paradox is a paradoxical behavior that provides personal information even though you are concerned about privacy. Social media users are also often concerned about their personal information exposure. It is even reluctant to describe personal information in profile. However, some users describe their personal information in detail on their profile, provide it freely when others request it, or post their own personal information. The survey was conducted using Google Docs centered on Facebook users. Structural equation model analysis was used for hypothesis testing. As an independent variable, we use personal information infringement experiences. As a mediator, we use privacy indifference, privacy concern, and the relationship with the act of providing personal information. Social media users have become increasingly aware of the fact that they can not distinguish between the real world and online world by strengthening their image and enhancing their image in the process of strengthening ties, sharing lots of information and enjoying themselves through various relationships. Therefore, despite the high degree of privacy indifference and high degree of privacy concern, the phenomenon of privacy paradox is also present in social media.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.31-36
• /
• 2013

The personal information protection act has been enacted from 2011 for the protection of public and private privacy. Since the application area of the law is so broad, there is a limit to covers everything in the financial field. In this paper, I'll discuss an impact and problem by the personal information protection act. and propose some new task to build an efficient personal information protection governance on financial sector.

• Journal of Digital Convergence
• /
• v.13 no.6
• /
• pp.1-12
• /
• 2015

In recent years, the privacy concern for mobile consumers is emerging as the use of mobile application(apps) is growing according to the rapid spread of mobile devices such as smart phones and tablet PCs. To improve privacy protections in the mobile communications and apps, overseas organizations are announcing guidelines and/or checklists for stake holders. Although personal information protection guidelines for application developers have been prepared in the country, efforts to improve consumer privacy capability is insufficient. Thus, in this paper we first scope the app privacy related guidelines in both domestic and foreign affairs, then present the risk factors of privacy invasion by the stage of mobile application use based on the "Privacy Protection Act", offering privacy checklists for consumers. This checklist will enhance the self-management capability of consumer privacy and create virtuous cycle in the mobile ecosystem.

• Korean Journal of Biological Psychiatry
• /
• v.30 no.1
• /
• pp.7-16
• /
• 2023

Objectives This study aimed to review the Korean Constitution articles 14 and 20 of the "Law on suicide prevention" and investigate public perceptions of specific improvements to suicide prevention policies using results from the Korean 2018 National Survey on Suicide. Methods The questionnaire was designed to analyzing the act restricts sharing of patient information between hospitals, making it difficult to track suicide attempts. The questionnaire was also designed to suggest further medical and normative criteria for objective judgment of continuous follow-up utilizing suicide risk evaluations and proportional principle review that consider patients' and medical staff's basic rights. Results This study identified the result of the 1500 respondents, 79.1% believed that Korea should allow suicide prevention management to be implemented without requiring individual consent to protect suicide attempters. Conclusions According the results, I propose the following criteria for policy improvement: use of anonymized information and non-profit research for technical and ethical considerations, access to medical information only for therapeutic purposes, and use of surgical severity assessment criteria appropriate for Korea.

• Journal of Convergence Society for SMB
• /
• v.6 no.2
• /
• pp.25-30
• /
• 2016

Personal Information Protection Act does not apply to certain personal information processings and personal information management as well as the data subject's right to access to their personal information collected by public authorities pursuant to Statistics Act. Such exclusion may lead to problems such as misuse and mishandling of personal information by data controllers as well as infringement upon the data subejct's right to control over their personal information. This study is to find solutions to the above problems, considering the public interests of statistics and the facilitation of the collection and the use of statistics. Ultimately, the study is to suggest recommendations for the Personal Information Protection Act to ensure the data subject's rights to request access and rectification as well as safe management of the collected personal information.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.10
• /
• pp.151-157
• /
• 2017

In the case of uploading privacy information of an information owner in the Internet, the information owner may want to deliver the privacy information itself or remove such information from the search list in order to prevent third parties from accessing the privacy information of the information owner. Such a right to be forgotten may collide with the freedom of expression of a third party. The right to be forgotten, which originates from the self-determination right on privacy information based on Article 10 and 17 of the Constitution and the freedom of expression, which is based on Article 21 thereof are all relative basic rights and are both limited by Item 2 under Article 37 of the same law, which is the general limitation provision for the basic rights. Therefore, when the right to be forgotten and the freedom of expression collides, it is not possible to give priority to one of the those unilaterally. It depends on the nature of the case at hand to find a natural balance for the harmonious solution for both parties. The criteria can be the sensitivity to the privacy of the information owner caused by the disclose of the privacy information, the public benefits such information may serve, the social common good that could be expected by the disclosure of the privacy information and the damages suffered in terms of the personal interest caused by the disclosure of the information, in a comprehensive manner.