• Smart Media Journal
• /
• v.10 no.2
• /
• pp.84-91
• /
• 2021

In the EU GDPR, when collecting personal information, the right of the information subject(user) to consent or refuse is given the highest priority. Therefore, the information subject must be able to withdraw consent and be forgotten and claim the right at any time. Especially, restricted IoT devices(Constrained Node) implement the function of consent of the data subject regarding the collection and processing of privacy data, and it is very difficult to post the utilization content of the collected information. In this paper, we designed and implemented a management system that allows data subjects to monitor data collected and processed from IoT devices, recognize information leakage problems, connect, and control devices. Taking into account the common information of the standard OCF(Open Connectivity Foundation) of IoT devices and AllJoyn, a device connection framework, 10 meta-data for information protection were defined, and this was named DPD (Data Protection Descriptor). we developed DPM (Data Protection Manager), a software that allows information subjects to manage information based on DPD.

• International conference on construction engineering and project management
• /
• 2022.06a
• /
• pp.1162-1169
• /
• 2022

As buildings become more and more complicated, the importance of developing and managing facility management information is increasing. In a building fire situation, various information is generated and needed to be quickly shared among participants. However, the current fire response system fails to monitor the relevant information in a real time basis. This study aims to develop a system prototype for fire protection management which can quickly and accurately manage and effectively deliver the pertinent information to the target participants. The research contributes to the efficiency of fire protection endeavors by interpreting both dynamic and static fire information in an appropriate manner.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1619-1637
• /
• 2016

With wide distribution of smart phones and development of mobile network, social network service (SNS) is displaying remarkable growth rates. Users build new social relations by sharing their interests, which brings surging growth to the SNS based on the combination between the strength of expanding the place for communication and distribution of smart phones featured with easy portability. This study is designed to understand impact factors of SNS on users in Korea and to conduct empirical research on casual relationship between the factors above and the factors affecting personal information behavior through the privacy protection and self-efficacy. In order to accomplish the objective above, the study presented a research model applied with key variables of the Health Belief Model (HBM) predicting behaviors capable of recognizing and preventing individual diseases in the field of health communication. To perform empirical verification on the research model of this study, a survey was conducted upon college students at N university located in Chungcheongnam-do and K university in rural area, who have experiences using the SNS. Through this survey, a total of 186 samples were collected, and path analysis was performed in order to analyze the relationship between the factors. Based on the findings from the survey, first, variables Perceived probability, Perceived severity, Perceived impairment of the HBM, key factors of personal information protection behavior on the SNS, were found to exhibit negative relationship with self-efficacy, and Perceived probability, Perceived benefit, Perceived impairment were found to exhibit negative relationship with privacy protection. But the above, Perceived severity showed positive relationship with privacy protection, and Perceived benefit and self-efficacy also displayed positive relationship. Second, although self-efficacy, a parameter, showed positive relationship with privacy protection, it demonstrated negative relationship with personal information protection behavior. Lastly, privacy protection exhibited positive relationship with personal information protection behavior. By presenting theoretical model reflected with characteristics of prevention based on these findings above unlike previous studies on personal information protection using technologies threatening personal information, this study is to provide theoretical and operational foundation capable of offering explanations how to predict personal information protection behavior on the SNS in the future.

• International Commerce and Information Review
• /
• v.6 no.2
• /
• pp.219-242
• /
• 2004

This study is conducted to find out whether companies which use electronic commerce for their business are collecting the least personal information. of consumers that are necessary for providing electronic commerce services to consumers. Investigators visited website of 799 electronic commerce companies, and checked out the personal informations of consumers that were asked when they join the site as a member. The collected data were analyzed with frequency, percentage, and cross-tab analysis using SPSS program. Generally most electronic commerces required more personal information of consumers than necessary for providing their services to consumers. These phenomena are partly due to the fact that regulations regarding consumer privacy in electronic commerce are advisory rather than mandatory at present. Therefore, it is suggested that mandatory regulation which makes companies poot their identification within a certain area of their web page has to enforced for the protection of consumer privacy in electronic commerce. And it would be more efficient if consumers are consistently educated about self protection guideline regarding personal information in using electronic commerce in addition to a mandatory regulation.

• International Commerce and Information Review
• /
• v.4 no.2
• /
• pp.57-76
• /
• 2002

This paper surveys consumer policies for the internet transaction in the developed countries. Recently the internet transaction has been witnessing a remarkable change represented by the rapid spread of "revolution of distribution". It cannot be, however, stated that internet transaction will dominates all the market places without enhancing consumer's reliability in the internet transaction. Many countries made an efforts to the consumer protection in order to develop infra-structure of information industry. We will soon discover a new paradigm that consumer protection is not a tool for development of cyber market but the goal itself. We survey the process of consumer policies discussed in the developed countries and study the point of prevailing arguments of the consumer protection in the internet transaction. The arguments discussed in OECD meetings are debatable, especially, to the degree of government intervention in the field of consumer protection between EU and US. In contrast of US insisted on the minimum intervention of the government, EU suggest the opinion of more aggressive role of government in consumer policy in the cyber market. This paper attempts to provide several guide lines of Korean consumer policy in the cyber market.

• International Commerce and Information Review
• /
• v.4 no.2
• /
• pp.27-46
• /
• 2002

Nowadays, the explosive evolvement of Internet. which is referred to as EC, has been prevailing. That has given the chance all of the world consumers to contact all of the world companies to enter into business relationship. But, electronic commerce laws have been established per conventional jurisdiction. some legal issues take place in the field of cross-border electronic commerce, including the governing law and competent courts. In this situations, it is gradually and widely required to lay down the internationally harmonized electronic commerce legal framework. Now, there are a lot of legal issues assumed in EC, in this study, we studied three precedence problems concerning B2C: Consumer Protection Law regarding B2C, Personal Information Protection Law in Private Sector regarding B2C, Web Site Trust Mark System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.1037-1055
• /
• 2016

After the enactment of the Personal Information Protection Act, policies and activities for the personal information protection have been actively promoted. However the people are showing negative attitudes about personal information, as the ongoing personal data leakages. Therefore, authors tried to empirical analysis of the effectiveness of national policy on the protection of personal information, using SERVQUAL model, focused on the people's perception, in order to identify that how the people recognized current policy. Authors find that the public has perceived the effectiveness of the policy positively, but the level of their awareness is low. And we identify that the people are highly aware of the policy's effectiveness for Immediacy, Convenience and Responsibility, while they have the lowest effectiveness for Efficiency. The policy's improvement focused on the public's low expectations/perceptions and effectiveness awareness, is required in order to develop people-oriented national privacy policy that are satisfied by the people.

• The Journal of the Korea Contents Association
• /
• v.16 no.10
• /
• pp.175-187
• /
• 2016

Protection of personal information has significant meaning in current information age. Information of crime victim is one of top in value in that divulgence of the information to perpetrators may threat safety of the victim or cause psychological demage as $2^{nd}$ harm if disclosed to public. Legal system protects the information with scattered statutes including Criminal Procedure Act. Existing studies have been limited to discussion of the single statute without integrated approach. Bearing necessity of the approach in mind, as issues of protection system this research proffers too broad subject of eligible inspection of case document, inactive practice of identity management cards and omission of personal information, and inappropriate punishment on the disclosure or divulgence. After reviewing systems of foreign jurisdictions to get useful implications, this paper suggests several measures with two separate aspect of legal provisions and protection practice.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.1
• /
• pp.639-643
• /
• 2018

Laws concerning the protection of personal information have been enacted and revised as the legislation on personal information protection on the basis of the Act on the Protection of Personal Information Maintained by Public Institutions. Nevertheless, there have been continuing threats resulting from the fact that restrictions on security subject to laws remain unclear. By proposing protected access utilizing a unique identification key of enterprises, regarding the personal information of various internal and external clients held by international manufacturing companies and attempting to make policy aspect and management access at the same time, there is a change of gradual decline in cloud personnel information management service, which is the domestic ISP service for personnel management as the technology facilitated to reduce the burden on personnel and cost for the protection of personal information and the market is also changing to the direction for companies to directly operate. Therefore, this study intends to examine the convenience of integrated management for ensuring security, while confirming the gap on flexibility and safety on management point regarding the human resources of international manufacturing companies arising from its interactions.