• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1013-1023
• /
• 2016

Transborder data flow(TBDF) of personal information in Korea has been limited by current Privacy law which request data subject to give consent. As the IT industry is growing at an incredible rate, there is a need to review the existing law to cope with growing industrial demand and increasing numbers of international data transfer. The transfer of personal data overseas not only allow businesses providing IT services including finance, internet, e-commerce to thrive, but also impact every aspect of our lives which are increasingly depended on these technology. Transmitting personal data across borders raises serious questions of privacy protection and restriction of business operation. In ordrer to promote interoperability of personal data in international environment, a considerable amount of research and debate needs to be taken before implementing a sound policy. This paper presents a need for a sound TBDF policy in Korea by examine the main policy challenges associated with TBDF. Finally, the paper identify policy suggestions based on European Union's approach as they have successfully implemented TBDF policy that balanced data privacy and economic agenda.

• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.

• Journal of Information Technology Services
• /
• v.22 no.6
• /
• pp.1-15
• /
• 2023

This study compares and analyzes the legal systems of Korea, the European Union, China, and the United States based on the disclosure principles and processing policies for personal data processing and provides references for seeking improvements in our legal system. Furthermore, this research aims to suggest institutional implications to overcome data transfer limitations in the upcoming digital economy. Findings on a comparative analysis of the relevant legal systems for disclosing privacy policies in four countries showed that Korea's privacy policy is under the eight principles of privacy proposed by the OECD. However, there are limitations in the current situation where personal information is increasingly transferred overseas due to direct international trade e-commerce. On the other hand, the European Union enacted the General Data Protection Regulation (GDPR) in 2016 and emphasized the transfer of personal information under the Privacy Policy. China also showed differences in the inclusion of required items in its privacy policy based on its values and principles regarding transferring personal information and handling sensitive information. The U.S. CPRA amended §1798.135 of the CCPA to add a section on the processing of sensitive information, requiring companies to disclose how they limit the use of sensitive information and limit the use of such data, thereby strengthening the protection of data providers' rights to sensitive information. Thus, we should review our privacy policies to specify detailed standards for the privacy policy items required by data providers in the era of digital economy and digital commerce. In addition, privacy-related organizations and stakeholders should analyze the legal systems and items related to the principles of personal data disclosure and privacy policies in major countries so that personal data providers can be more conveniently and accurately informed about processing their personal information.

• Korea Trade Review
• /
• v.46 no.6
• /
• pp.239-255
• /
• 2021

To review the theoretical background of regulatory approaches to cross-border transfer of personal data, this paper divides major digital trade participating countries into four types according to the OECD - non-regulatory, post-intervention, pre-supervision, and national control. It then analyzes the US, Japan, the EU, and China respectively that belong to each type. South Korea, which is currently about to pass the amendment by the National Assembly, has identified that it is in the middle of post-intervention and pre-supervision, and needs to evolve into pre-supervision norms like the EU while it has to participate more actively in the process of establishing international digital trade rules. Korea first needs to sign digital trade agreements and promote mutual certification projects more actively from the standpoint of a medium-sized open country with growing digital companies and digitally-open consumers. Second, the government should fully consider the interests of not only companies but also various trade stakeholders including domestic consumers, when drafting and implementing trade policies. To this end, 'a single window approach' is needed not only at the Ministry of Trade, Industry, and Energy, but also at the level of the entire government which require an integrated form of digital trade policy governance.

• Journal of Fisheries and Marine Sciences Education
• /
• v.28 no.2
• /
• pp.366-375
• /
• 2016

The purpose of this research is to describe the experiences of transfer students in nursing colleges. This study was based on the qualitative content analysis. To collect qualitative data, 10 personal interviews were conducted from June 2013 to September 2014. Five sub-themes emerged from the data as follows: Participants started new challenge with self-confidence; Nursing science was difficult and unfamiliar disciplines to them; Firstly, they had no place in nursing department, but got places of their own over time; They managed to hold their own in confronting with difficulties; They consequently made personal upgrades in their life. The results of this study could guide nursing faculties to understand what kind of burdens transfer students experienced, how they had adapted to them, and how to support them to realize their full potential to grow into competent nurses.

• Journal of Electrical Engineering and Technology
• /
• v.8 no.6
• /
• pp.1559-1570
• /
• 2013

The family of ISO/IEEE11073 standards is the basis of the e-health system and provides interoperability for personal health devices. In the early stage of e-health business, it was expected that people would use a health device individually. In this case, a measurement datum was episodically acquired and generally transmitted for one person at a time. Recently, a health device is expected to be used by multiple people, and large amounts of measurement data are gathered in a short time interval. In addition, mobile health devices have become more popular, so that energy efficient measurement data transmission is required, to prolong the use of a device. In IEEE11073 PHD standards, data transmission is classified into three different types: immediate individual transfer, small block transfer, and large block transfer. The large block transfer using PM-store concept provides efficient transmission. However, an existing PM-store has problem when a device is used by multiple people. To address the defined problem, a modified PM-segment that is in compliance with 11073 standards is proposed in this paper. In particular, the proposed PM-segment is designed to minimize the additional complexity of an agent instead of a manager and it is interoperable with the existing manager. The proposed PM-segment shows better performance than the existing PM-segment, in terms of memory requirements and expected queue time. Also, performance comparison among the three transfers is performed in regard to the delay time and communication power consumption points of view.

• Journal of Family Resource Management and Policy Review
• /
• v.5 no.2
• /
• pp.13-27
• /
• 2001

The purpose of this study was to analyze which factor, influenced their change from pre-wage group to family business group. The subject of study classified by wage earner group and family business group. Independent variables effected by transform to family business group are classified by personal variables and workable variables. The major findings of this study are as followings: Sex, age, marriage of personal variables and pre-work time, pre-wage, wholesale - retail business, restaurant business and person service business of pre-industry of work variables had significant effect on transform to family business. Especially, Marriage group and low pre-wage income group significant effected on transfer to family business. By this, personal to transfer to family business can conjugate information of search and choice decision and can be used as a valuable data for future family business study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1205-1219
• /
• 2019

As the ability to use data becomes competitive power in the data-driven economy, the effort to create economic value by using personal data is emphasized as much as to protect personal data. EU's PSD2(the second Payment Service directive) became the initiative of the Open Banking trends all over the world, as it is the Mydata policy which protects the data subject's right by empowering the subject to control over the personal data with the right to data portability and promotes personal data usages and transfer. Korean government is now fast adopting EU's PSD2 in financial sector, but there is growing concerns in personal data abuse and misuse, and data breach. This study analyzes domestic financial Mydata policy in comparison with EU's PSD2 and focus on Personal information life-cycle risks of financial Mydata policy. Some suggestions on how to promote personal information and privacy in domestic financial Mydata Policy will be given.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.995-1012
• /
• 2016

In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.