• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.11
• /
• pp.395-402
• /
• 2022

In case of violation of the Personal Information Protection Act, administrative dispositions will be taken according to the legal standards, and the results will be announced. However, the current method has limitations in its effectiveness as repeated administrative dispositions are increasing despite the announcement by the disclosure system of the Personal Information Protection Act. In this paper, we deploy the introduction of the 'public announcement commandment' against violators by analyzing the administrative disposition results according to the violation of the Personal Information Protection Act. It is able to strengthen the existing disclosure system for self-disclose violations by providing easy recognition to the people about the fact of violation itself against the Personal Information Protection Act. Furthermore, we analyze major industries through the industry groups and violations of laws that were subject to publication, and data published on the results of administrative dispositions for violation of the Personal Information Protection Act. Finally, we propose the legal basis for the 'public announcement commandment' which allows the violator to publish by oneself for the announcement of the fact that the corrective action has been taken.

• Journal of Digital Convergence
• /
• v.11 no.1
• /
• pp.99-106
• /
• 2013

Personal information protection has become one of the most impending business issues because leakage of personal information can cause tremendous financial losses and image degradation. Consequently, personal information protection initiatives have been recognized widely in business. To invigorate personal information protection investments, performance measurement method such as cost benefits analysis or qualitative analyses are needed, which have not been studied enough in the previous studies. This study proposes a performance measurement model which can include quantitative and qualitative analyses in the context of personal information protection investments. A comparative analysis has been performed on security investment and IT investment performance measurements, which leads to choose the WiBe method (developed by the German Interior Ministry), considering the privacy characteristics and the method's applicability. In particular, the quantitative effect measured how proactive threat assessment based on the way according to the nature of the businesses and organizations of privacy and possible investment decisions. This study proposes the 16 performance indicators, which turn out to be meaningful in terms of their materiality and feasibility by conducting focus group interviews of 25 experts on personal information protection.

• Journal of the Korean Home Economics Association
• /
• v.46 no.2
• /
• pp.59-71
• /
• 2008

The purpose of this study was to discuss the role of mothers in children's privacy protection on the Internet. Specifically, the study explored 1)children's privacy protection efforts on the Internet, 2)types of personal information children provided at Web sites, and 3)the effect of mothers' privacy protection efforts on their children's privacy protection levels. The Internet survey was conducted and total of 153 mothers and their children aged 12-13 were included for statistical analysis. The descriptive statistics and Ordinary Least Squares were used. The results yield that children showed relatively high levels in providing personal information on the Internet, while they have no sufficient competency at privacy protection. The effect of mothers' privacy protection efforts on children's privacy protection was partially supported. The longer hours of Internet use and frequent participation in online events increased the potential consequences of children's privacy invasion. Providing privacy standards for online service providers and marketers targeting children could help protect children's privacy. Moreover, education program targeting parents and children could contribute them reduce potential consequences of children's privacy invasion.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• Journal of the Korean Home Economics Association
• /
• v.37 no.10
• /
• pp.55-66
• /
• 1999

The purpose of this study is to propose consumer policy related to the protection of personal information on the basis of regulations and laws in the developed countries. From this study, implications for the protection consumer privacy are discussed as follows. First, Consumer education is needed to enhance consumers'knowledge on their privacy right and this should be done not only by private consumer organization but also by businesses. Second, Businesses should realize ethical responsibilities of consumers'privacy right when they use personal information by databasemarketing. Finally, Government should establish a privacy law concerning both public and private sectors.

• Journal of the Korea Safety Management & Science
• /
• v.12 no.4
• /
• pp.107-116
• /
• 2010

To give a solution to solve personal information problems issued in this study, the domestic and overseas cases about information security management system including an authentication technique are analyzed. To preserve the outflow of personal information, which is such a major issue all over the world, a new security audit check list is also proposed. We hope this study to help information system developers construct and operate confidential information systems through the three steps: Analysis of risk factors that expose personal information, Proposal to solve the problem, Verification of audit checking items.

• Asian Journal of Innovation and Policy
• /
• v.9 no.3
• /
• pp.339-359
• /
• 2020

The policy change in the Data 3 Act is one of the issues that should be noted at a time when non-face-to-face business strategies become important after COVID-19. The Data 3 Act was implemented in South Korea on August 5, 2020, calling 'Big Data 3 Act' and 'Data Economy 3 Act,' and so personal information that was not able to identify a particular individual could be utilized without the consent of the individual. With the implementation of the Data 3 Act, it is possible to establish a fair economic ecosystem by ensuring fair access to data and various uses. In this paper, the law on the protection of personal information, which is the core of the Data 3 Act, was compared around Korea, the European Union and the United States, and the implications were derived through network analysis of keywords.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.99-106
• /
• 2012

Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.

• Journal of the Korean Institute of Oriental Medical Informatics
• /
• v.21 no.1
• /
• pp.1-13
• /
• 2015

The aim of this study was to investigate hospital employees' knowledge, recognition and practice on the protection of personal information. A total of 250 hospital employees were selected using convenient sampling in J province. The data were collected using self-reported questionnaire and were analyzed using SPSS 18.0 program and descriptive statistics, Chi-squire test, t-test, ANOVA, and Pearson correlation coefficients. Average score for knowledge, recognition and practice were significantly associated with gender, education, hospital size and there was a correlation among knowledge, recognition and practice. The results of this study will help to develop education program on the protection of personal information for hospital employees.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.995-1012
• /
• 2016

In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.