• Informatization Policy
• /
• v.27 no.3
• /
• pp.82-111
• /
• 2020

Recently, increasing use of big data have caused regulation factors of personal information and combination of pseudonymized information to emerge as key policy measures. Therefore, this study empirically analyzed the mediating effect and moderating effect of pseudonymized information combination as the third variable in the relationship between regulation factors of personal information and big data utilization. The analysis showed the following results: First, among personal information regulation factors, definition regulation, consent regulation, supervisory authority regulation, and punishment intensity regulation showed a positive(+) relationship with the big data utilization, while among pseudonymized information combination factors, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination were also found to be in a positive relationship with the use of big data. Second, among the factors of pseudonymized information combination, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination showed a positive(+) mediating effect in relation to regulation factors of personal information and big data utilization. Third, in the relationship between personal information regulation factors and big data utilization, the moderating effect hypothesis that each combination institution type of pseudonymized information (free-type, intermediary-type, and designated-type) would play a different role as a moderator was rejected. Based on the results of the empirical research, policy alternatives of 'Good Regulation' were proposed, which would maintain balance between protection of personal information and big data utilization.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.6
• /
• pp.53-63
• /
• 2022

Recently, as digital transformation due to the COVID-19 pandemic accelerates, data to improve individual quality of life is being used in large quantities, and more reinforced non-identification processing procedures are required to utilize the most valuable personal information among data. In Korea, procedures for de-identification measures are presented through amendments to laws and guidelines, but there is no methodology to measure the level of de-identification in the field due to ambiguous processing standards and subjective risk measurement methods. This paper compares and analyzes the current status of policy and guidelines related to de-identification measures proposed at home and abroad to derive complementary points, suggests a data context-based risk measurement method centered on pseudonymized information processing, and verifies its validity. As a result of verification through Delphi survey and focus group interview (FGI), it was confirmed that the need for the proposed methodology and the validity of the indicators were high.

• Journal of Information Technology Services
• /
• v.22 no.3
• /
• pp.29-47
• /
• 2023

With the recent advancement of information and communication technologies such as artificial intelligence, big data, cloud computing, and 5G, data is being produced and digitized in unprecedented amounts. As a result, data has emerged as a critical resource for the future economy, and overseas countries have been revising laws for data protection and utilization. In Korea, the 'Data 3 Act' was revised in 2020 to introduce institutional measures that classify personal information, pseudonymized information, and anonymous information for research, statistics, and preservation of public records. Among them, it is expected to increase the added value of data by combining pseudonymized personal information, and to this end, "the Expert Data Combination Agency" and "the Expert Data Agency" (hereinafter referred to as the Expert Data Processing Agency) system were introduced. In comparison to these domestic systems, we would like to analyze similar overseas systems, and it was recently confirmed that the Vermont government in the United States enacted the first "Data Broker Act" in the United States as a measure to protect personal information held by data brokers. In this study, we aim to compare and analyze the roles and functions of the "Expert Data Processing Agency" and "Data Broker," and to identify differences in designated standards, security measures, etc., in order to present ways to contribute to the activation of the data economy and enhance information protection.

• Electronics and Telecommunications Trends
• /
• v.35 no.6
• /
• pp.88-96
• /
• 2020

As the usability and value of personal information increase, the importance of privacy protection has increased. In Korea, the scope of the use of pseudonymized personal information has increased because of revisions to the law. In the past, security technologies were used to safely store and manage personal information, but now, security technologies focused on usability are needed to safely use personal information. In this paper, we look at issues related to the de-identification and re-identification of personal information. Moreover, we examine the standards and techniques related to the de-identification of personal information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.427-430
• /
• 2024

교통체계서비스는 안전한 교통 환경을 구축하는 것을 목표로 하여 차량, 도로, 기반 시설의 정보를 수집 및 처리하여 안전 교통정보를 제공한다. 교통체계서비스가 수집하는 차량 운행정보는 교통 안전 정보 외에도 다른 분야에서도 활용될 수 있으며 특히 다른 데이터와 결합하는 것으로 다양한 결과를 도출할 수 있어 연구, 통계 작성 등에 필요한 자료이다. 그러나 차량의 운행정보는 운전자의 개인정보를 포함하고 있어 운행정보 활용 시 가명화 및 가명결합이 필수적이다. 본 논문에서는 가명화된 운행정보를 가명결합하는데 발생하는 문제점을 설명하고 이러한 문제를 해결한 가명결합 방안을 연구하였다. 그 결과 교통체계서비스가 수집한 운행정보를 다른 기관의 데이터와 결합하여 활용할 수 있게 하여 개인정보를 보호하면서 데이터의 유용성을 활용하는데 기여할 것으로 예상한다.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.3
• /
• pp.88-103
• /
• 2023

With the recent advancement of 4th Industrial Revolution technology, transportation systems are generating large amounts of mobility data related to the individual movement trajectories of vehicles and people. There are many constraints on utilizing mobility data containing personal information. Thus, in South Korea, the processing and generation of pseudonymized information and the analysis and utilization of this information have been managed in a dual manner by applying separate agencies and technologies through the revision of the Data 3 Act and the enactment of the Data Basic Act. However, this dual approach fails to securely support the entire data lifecycle and suffers from inefficiencies in terms of processing time and cost. Therefore, to compensate for the problems of the existing Expert Data Combination System and Data Safety Zone, this study proposes an Integrated Data Safety Zone Framework that integrates and unifies the process of generating, processing, analyzing, and utilizing mobility data. The integrated process for data processing was redesigned, and common requirements and core technologies were derived. The result is an architecture for a next-generation Integrated Data Safety Zone system that can manage and utilize the entire life cycle of mobility data at one stop.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.253-261
• /
• 2020

This study examines the technologies and application processes related to the use of pseudonym data of companies after the passage of the Data 3 Act to activate the data economy in earnest, and what companies should prepare to use pseudonym data and what will happen in the process It was intended to contribute to the elimination of uncertainty. In the future, companies will need to extend the information security management system from the perspective of the existing IT system to manage and control data privacy protection and management from a third party provisioning perspective. In addition, proper pseudonym data use control should be implemented even in the data use environment utilized by internal users. The economic effect of market change and heterogeneous data combination due to the use of pseudonymized data will be very large, and standards for appropriate non-identification measures and risk assessment criteria for data utilization and transaction activation should be prepared in a short time.

• The Korean Society of Law and Medicine
• /
• v.22 no.3
• /
• pp.31-55
• /
• 2021

The Personal Information Protection Act, one of the revised 3 Data Laws, established a special cases concerning pseudonymous data. As a result, a personal information controller may process pseudonymized information without the consent of data subjects for statistical purposes, scientific research purposes, and archiving purposes in the public interest, etc. In addition, as a follow-up to the revised Personal Information Protection Act, a 'Guidelines for Utilization of Healthcare Data' was prepared, which deals with the pseudonymization in the medical sector. The guidelines are meaningful in that they provide practical criteria for accomplices by defining specific interpretations and examples that take into account the characteristics of healthcare data. However, the guidelines need to clarify the purpose of using pseudonymous data and strengthen the fairness of the composition of the data deliberation committee. The guidelines also require establishing a healthcare data compensation framework and strengthening the protection of rights for vulnerable subjects. In addition, the guidelines need to be adjusted for inconsistency with the Bioethics and Safety Act and the Medical Service Act. It is expected that this study will contribute to the creation of a safe environment for the utilization of healthcare data as well as the improvement of related laws and systems.