• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of Information Technology Services
• /
• v.12 no.1
• /
• pp.131-141
• /
• 2013

Matters related to the right to be forgotten started the dispute Europe to introduce it first when Data Protection Directive established in 1995 proceeded revision. Relating to this, diverse disputes proceed on responding to personal information protection and internet laws in our nation. Especially as our National Assembly submitted the law regarding the promotion of information and communication network use and protection of information and amendment of copyright, it is necessary to look into the movement on introduction of law of right to be forgotten closely in detail. EU which attempted the institutionalization for the first time, relating to review of General Data Protection Regulation, proposed opinions such as the necessity to define subjects of personal information concretely and specifically and or protection target and balanced consideration on freedom of expression which is constitutional value. In the case of our nation, there was legislation attempt to introduce the regulation but it was limited in the form of fallen effectiveness without concrete and detailed review on internet law. To solve such problems, it is necessary to look into issues and matters to be considered required to accept right to be forgotten closely and discuss possibility of introducing right to be forgotten, conflicts between fundamental rights becoming issue, effect of goal achievement of personal information protection through the system introduction, and other rational acceptance method.

• The Korean Journal of Health Service Management
• /
• v.8 no.4
• /
• pp.35-45
• /
• 2014

This study aimed to identify the relationship between the awareness of employees in medical institutes on the protection of medical information and their practice, and basic data of the development of a protection policy is presented. The subjects of the study were 433 employees of general hospitals located in G city and they were interviewed to ascertain their awareness of the protection of medical information and their practice level. The collected data was analysed with a t-test, a dispersion analysis, a Pearson analysis, and a multi-regression analysis. The mean scores on the awareness of protection of medical information was $4.0{\pm}0.7$, and that for the proficiency level was $3.7{\pm}0.7$. As a relevant factor for awareness and proficiency, education in medical information protection was significantly related to awareness. Education experience in medical information protection and the daily mean number of patients in hospitals had a significant relationship with scores on awareness.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.3
• /
• pp.345-350
• /
• 2016

It is the personal information protection law is prepared, in the government, to develop a personal information protection basic plan has been implemented. However, year after year, complaints caused by infringement of personal information in public institutions has increased. In this paper, the recognition level of analysis related to the protection of personal information of local governments, public institutions through a questionnaire survey, raised the need for improvement.

• Journal of the Korean Home Economics Association
• /
• v.46 no.2
• /
• pp.59-71
• /
• 2008

The purpose of this study was to discuss the role of mothers in children's privacy protection on the Internet. Specifically, the study explored 1)children's privacy protection efforts on the Internet, 2)types of personal information children provided at Web sites, and 3)the effect of mothers' privacy protection efforts on their children's privacy protection levels. The Internet survey was conducted and total of 153 mothers and their children aged 12-13 were included for statistical analysis. The descriptive statistics and Ordinary Least Squares were used. The results yield that children showed relatively high levels in providing personal information on the Internet, while they have no sufficient competency at privacy protection. The effect of mothers' privacy protection efforts on children's privacy protection was partially supported. The longer hours of Internet use and frequent participation in online events increased the potential consequences of children's privacy invasion. Providing privacy standards for online service providers and marketers targeting children could help protect children's privacy. Moreover, education program targeting parents and children could contribute them reduce potential consequences of children's privacy invasion.

• The Journal of Information Systems
• /
• v.25 no.3
• /
• pp.1-30
• /
• 2016

Purpose The purpose of this study is to grasp the factors influencing domestic SNS users' privacy protection behavior and verify their relationship through self-efficacy and responsiveness. Thus, this study tries to suggest efficient and effective measures for SNS personal information protection. Design/methodology/approach To this end, with main variables of the protection motivation theory based on the assumption that when users are exposed to the threat to their health, they would have protection motivation and change their behavior of protecting their health, a research model was suggested. In addition, in order to empirically verify the research model, a survey was performed targeting general college students having the experience of using SNS. Findings As a result of the analysis, first, perceived effectiveness and self-efficacy had a positive effect on responsiveness. Second, perceived barrier had a positive effect on self-efficacy. Third, self-efficacy and responsiveness had a positive effect on privacy protection behavior. This study is expected to contribute to establishing an effective guideline for measures that could induce SNS users' privacy protection behavior.

• ETRI Journal
• /
• v.38 no.1
• /
• pp.18-29
• /
• 2016

In this paper, we discuss the issues of providing protection for point-to-multipoint connections in both Ethernet and MPLS-TP-based packet transport networks. We introduce two types of per-leaf protection-linear and ring. Neither of the two types requires that modifications to existing standards be made. Their performances can be improved by a collective signal fail mechanism proposed in this paper. In addition, two schemes - tree protection and hybrid protection - are newly proposed to reduce the service recovery time when a single failure leads to multiple signal fail events, which in turn places a significant amount of processing burden upon a root node. The behavior of the tree protection protocol is designed with minimal modifications to existing standards. The hybrid protection scheme is devised to maximize the benefits of per-leaf protection and tree protection. To observe how well each scheme achieves an efficient traffic recovery, we evaluate their performances using a test bed as well as computer simulation based on the formulae found in this paper.

• Informatization Policy
• /
• v.28 no.1
• /
• pp.64-76
• /
• 2021

The purposes of this study are to identify factors that affect personal information protection activities from the perspective of personal information managers and explore ways of promoting such activities. The main factors examined by threat and response assessments were selected based on the protection motivation theory, and the effects of each factor were analyzed using a multinomial logit model. The analysis results show that small-scale personal information managers need to be provided with both educational support to enhance their awareness and technical support, such as protection inspection tools, to help them carry out their own personal information protection activities. Personal information managers larger than a certain size also require tax support, including tax cuts, to support their budgets for and investments in personal information protection activities. In addition, they need professional education that emphasizes practice.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.23 no.2
• /
• pp.15-20
• /
• 2023

Recently, digitalization is accelerating in all industries, and the use of information and personal information produced and used in the process of it is very important for the success or failure of a company. However, malicious attempts to steal or leak major information and personal information of a company as an adverse effect continue to increase, and appropriate defense and response are absolutely necessary. However, in the case of small and medium-sized enterprises, the priority of information protection and the possession of professional manpower are very insufficient compared to large enterprises. This paper studies the certification and audit implemented in Korea, and suggests ways to expand the certification of the information protection system suitable for SMEs and improve the effectiveness of the support system through the expansion of the privacy law notification standard and operation of support system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.6
• /
• pp.17-32
• /
• 2003

The information drive of the businesses requires new alternatives in that the promotion of business efficiency through information process technologies ends up conflicting with the protection of information human rights on laborers' side. Nevertheless, apathy on information protection has a tendency to be distorted by the efficiency of the businesses. Should the capital and mass media warn economic red lights, political circles with uneasiness would ignore the significance of information protection on the behalf of business efficiency. Therefore, the importance of information protection is considered a smaller interest than that of business efficiency with the infringements of human rights on laborers' side arising. Informatization of the businesses along with the developments of information process technologies has enabled the management to monitor and control the behaviors of laborers. This new problem needs to establish both information protection mechanism and institutional devices to regulate those labor controls. The security of business activity without human rights infringement warrants both basic rights of the public and spirit of the Constitution. The study suggests the establishment and revision of laws suitable to the period of information human rights. On top of that, the establishment of the basic law for information protection of individuals' with the common principle that integrates the related laws and rules on-off line is needed. This will warrant the active participation of labor unions and create specific alternatives for information protection.