• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.6
• /
• pp.66-76
• /
• 2017

In this study, we investigated how to protect personal healthcare information when constructing OMOP (Observational Medical Outcomes Partnership) CDM (Common Data Model). There are two proposed methods; to restrict data corresponding to HIPAA (Health Insurance Portability and Accountability Act) PHI (Protected Health Information) to be extracted to CDM or to disable identification of it. While processing sensitive information is restricted by Korean Personal Information Protection Act and medical law, there is no clear regulation about what is regarded as sensitive information. Therefore, it was difficult to select the sensitive information for protecting personal healthcare information. In order to solve this problem, we defined HIPAA PHI as restriction criterion of Article 23 of the Personal Information Protection Act and maps data corresponding to CDM data. Through this study, we expected that it will contribute to the spread of CDM construction in Korea as providing solutions to the problem of protection of personal healthcare information generated during CDM construction.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1117-1132
• /
• 2019

Recently, IT technology such as internet, mobile, and IOT has rapidly developed, making it easy to collect data necessary for business, and the collected data is analyzed as a new method of big data analysis and used appropriately for business. In this way, data collection and analysis becomes easy. In such data, personal information including an identifier such as a sensor id, a device number, IP address, or the like may be collected. However, if systematic management is not accompanied by collecting and disposing of large-scale data, violation of relevant laws such as "Personal Data Protection Act". Furthermore, data quality problems can also occur and make incorrect decisions. In this paper, we propose a new data governance maturity model(DGMM) that can identify the personal data contained in the data collected by companies, use it appropriately for the business, protect it, and secure quality. And we also propose a over all implementation process for DG Program.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.23 no.12
• /
• pp.1565-1570
• /
• 2019

Many possibilities of Big Data has been discussed widely for several years. And the importance of protecting personal information has been emphasized more strongly. During the process of integrating several personal information for the improvement of usability of Big Data, there are many problems occured like the likelihood of the identification of one person, the level of personal infomation used to create personalized services in the companies making and using Big Data. In this study, I summarize GDPR(General Data Protection Regulation) of EU, CCPA(California Consumer Privacy Act) of USA and domestic Big Data 3 Acts Amendment proposals. Also I discuss re-identifcation of de-identificated information, social costs of the usage agreement of personal information, possible problems in construction and combination of private and public big data, political suggestions about settlement of regulatory environment.

• The Korean Journal of Applied Statistics
• /
• v.37 no.3
• /
• pp.381-393
• /
• 2024

This study investigates the impact of pseudonymization of personal information and its effect on the accuracy of data analysis. We quantitatively evaluated the relationship between the degree of pseudonymization and the accuracy of data analysis using logistic regression models, decision trees, and random forests. Through this, we confirmed that pseudonymizing sensitive information can realize personal information protection without significantly damaging data quality. However, we recognized limitations such as single sample data and consistent application of pseudonymization ratios. To overcome these limitations, additional research on diverse datasets is necessary to strengthen the generalizability of results. Moreover, we propose developing and applying methodologies to find optimal pseudonymization ratios for individual variables. The results from this study provide new insights into maintaining usability of data while achieving regulatory compliance and personal information protection.

• Journal of the Korean BIBLIA Society for library and Information Science
• /
• v.31 no.2
• /
• pp.183-201
• /
• 2020

There is an increasing demand for services utilizing various data such as social data, public data, and personal information. In particular, the United States and the Korean government are working in various ways to utilize My Data. In 2019, the Financial Services Commission in Korea intends to expand financial services using personal information through MyData. This paper will examine MyData issues of the US and European governments and propose ways to promote MyData in Korea in terms of data compatibility and data quality.

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• The Journal of Society for e-Business Studies
• /
• v.17 no.3
• /
• pp.43-60
• /
• 2012

This study reviews the life cycle models considering legal and technical characteristics of personal data respectively. Based on the reviews, this research proposes 'consent and management based model of personal data' which is applicable to the domestic IT companies. The model suggested in this paper has characteristics that 'Consent' and 'Management' factors are ㅁpositively considered, which is overlooked in the other models. The validity of the model is examined by two methods, validation of the model of excellence by contrast of the other models, and 'consent' and 'management' factors cover all the life cycle processes. Using this model, IT companies will be contributed to the analysis of the personal data utilization and the development of IT system protection.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.753-763
• /
• 2014

Recently financial institutions and large retailers have a large amount of personal information leakage accident occurred one after another, and the damage is a trend of increasing day by day. Regulation such as enforcing the encryption of the personal identification information are strengthened. Efficient technology to encrypt personal information is Format-preserving encryption. Typical encryption expand output data length than input data length and change a format. Format Preserving Encryption is an efficient method to minimize database and application modification, because it makes preserve length and format of input data. In this paper, to encrypt personal information efficiently, we propose newly Format Preserving Encryption using Block cipher mode of operation.

• Journal of Information Technology Applications and Management
• /
• v.16 no.4
• /
• pp.79-92
• /
• 2009

With the rising reliance on market estimation through customer analysis in customer-centered marketing, there is a rapid increase in the amount of personal data owned by corporations. There has been a corresponding rise in the customers' interest in personal information protection, and the problem of personal information leakage has risen as a serious issue. The purpose of this research is to develop a diagnosis model for personal information protection that is suited to our country's corporate environment, and on this basis, to present diagnostic instruments that can be applied to domestic corporations. This diagnosis model is a structural equation model that schematizes the degree of synthetic effect that administration factors and estimation items have on the protection of personal information owned by corporations. We develop the model- consisting of the administration factors for personal information protection and the measurement items of each factor- using the development method of standardized structural equation model. We then present a tool through which the administration factors and estimation items verified through this model can be used in the diagnosis for personal information protection in corporations. This diagnostic tool can be utilized as a useful instrument to prevent in advance the leakage of personal information in corporations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.391-400
• /
• 2012

This study focused on the role of the center for private information, which can manage and share the personal data from data breach incidents. Especially, this study addresses on the importance of establishing information management systems for preventing secondary misappropriation of breached personal data and private information. The database of breached personal data can be used for reducing privacy worries of potential victims of secondary misuse of personal data. Individuals who use the same IDs and passwords on multiple websites may find this service more effective and necessary. The effectiveness of this breached data center on reducing secondary privacy infringement may differ depending on the extend of data being shared and the conditions of data submission. When businesses experienced data breach and submission of data to this center is required by the law, the accuracy and effectiveness of this service can be enhanced. In addition, centralized database with high quality data set can increase matching for private information and control the secondary misappropriation of personal data or private information better.