• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.799-808
• /
• 2016

To find the pattern of personal data leak incidents and confirm which distribution is suitable for, this paper searched the personal data leak incidents reported by the media from 2011 to 2014. Based on result, this research estimated the statistical distribution using the 'K-S Statistics' and tested the 'Goodness-of-Fit'. As a result, the fact that in 95% significance level, the Poisson & Exponential distribution have high 'Goodness-of-Fit' has been proven quantitatively and, this could find it for major personal data leak incidents to occur 12 times in a year on average. This study can be useful for organizations to predict a loss of personal data leak incidents and information security investments and furthermore, this study can be a data for requirements of the cyber-insurance.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.05a
• /
• pp.750-753
• /
• 2017

Recently, the processing and utilization of big data, which is generated by the spread of smartphone, SNS, and the internet of things, is emerging as a new growth engine of ICT field. However, in order to utilize such big data, De-identification of personal information should be done. De-identification removes identifying information from a data set so that individual data cannot be linked with specific individuals. De-identification can reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing information, thus it attempts to balance the contradictory goals of using and sharing personal information while protecting privacy. De-identified information has also been re-identified and has been controversial for the protection of personal information, but the number of instances where personal information such as big data is de-identified and processed is increasing. In addition, many de-identification guidelines have been introduced and a method for de-identification of personal information has been proposed. Therefore, in this study, we describe the big data de-identification process and follow-up management, and then compare and analyze de-identification methods. Finally we provide personal information protection issues and solutions.

• International Journal of Contents
• /
• v.15 no.4
• /
• pp.74-81
• /
• 2019

This study examined the overall relationship between information privacy concern, need for uniqueness (NFU), and disclosure behavior to explain the personal factors that drive data-sharing on Facebook. The results of an online survey conducted with 222 Facebook users show that among diverse data that social media users disclose online, four distinct factors are identified: basic personal data, private data, personal opinions, and personal photos. In general, there is a negative relationship between privacy concern and a positive relationship between the NFU and the willingness to self-disclose information. Overall, the NFU was a better predictor of willingness to disclose information than privacy concern, gender, or age. While privacy concern has been identified as an influential factor when users evaluate social networking sites, the findings of this study contribute to the literature by demonstrating that an individual's need to manifest individualization on social media overrides privacy concerns.

• Journal of Legislation Research
• /
• no.53
• /
• pp.177-211
• /
• 2017

In the course of the emergence and development of new ICT technologies and services such as Big Data, Internet of Things and Artificial Intelligence, the future will change by these new innovations in the Fourth Industrial Revolution. The future of this fourth industrial revolution will change and our future will be data-based society or economy. Since there is personal information at the center of it, the development of the economy through the utilization of personal information will depend on how to make the personal information protection laws. In Korea, which is trying to lead the 4th industrial revolution, it is a legal interest that can not give up the use of personal information, and also it is an important legal benefit that can not give up the personal interests of individuals who want to protect from personal information. Therefore, it is necessary to change the law on personal information protection in a rational way to harmonize the two. In this regard, this article discusses the problems of duplication and incompatibility of the personal information protection law, the scope of application of the personal information protection law and the uncertainty of the judgment standard, the lack of flexibility responding to the demand for the use of reasonable personal information, And there is a problem of reverse discrimination against domestic area compared to the regulated blind spot in foreign countries. In order to solve these problems and to improve the legislation of personal information protection in the era of the fourth industrial revolution, we proposed to consider both personal information protection and safe use by improving the purpose and regulation direction of the personal information protection law. The balance and harmony between the systematical maintenance of the personal information protection legislation and laws and regulations were also set as important directions. It is pointed out that the establishment of rational judgment criteria and the legislative review to clarify it are necessary for the constantly controversial personal information definition regulation and the method of allowing anonymization information as the intermediate domain. In addition to the legislative review for the legitimate and non-invasive use of personal information, there is a need to improve the collective consent system for collecting personal information to differentiate the subject and to improve the legislation to ensure the effectiveness of the regulation on the movement of personal information between countries. In addition to the issues discussed in this article, there may be a number of challenges, but overall, the protection and use of personal information should be harmonized while maintaining the direction indicated above.

• Journal of Information Science Theory and Practice
• /
• v.8 no.3
• /
• pp.6-14
• /
• 2020

On information markets, we can identify different relations between sellers and their customers, with some users paying with money, some paying with attention, and others paying with their personal data. For the description of these different market relations, this article introduces the notion of arity into the scientific discussion. On unary information markets, customers pay with their money; examples include commercial information suppliers. Binary information markets are characterized by one market side paying with attention (e.g., on the search engine Google) or with personal data (e.g., on most social media services) and the other market side (mainly advertisers) paying with money. Our example of a ternary market is a social media market with the additional market side of influencers. If customers buy on unary markets, they know what to pay (in terms of money). If they pay with attention or with their personal data, they do not know what they have to pay exactly in the end. On n-ary markets (n greater than 1), laws should regulate company's abuse of money and-which is new-abuse of data streams with the aid of competition (or anti-trust) laws, and by modified data protection laws, which are guided by fair use of end users' attention and data.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.9
• /
• pp.43-49
• /
• 2019

Today, with the development of the internet of things, wearable devices related to personal health care have become widespread. Various global information and communication technology companies are developing various wearable health devices, which can collect personal health information such as heart rate, steps, and calories, using sensors built into the device. However, since individual health data includes sensitive information, the collection of irrelevant health data can lead to personal privacy issue. Therefore, there is a growing need to develop technology for collecting sensitive health data from wearable health devices, while preserving privacy. In recent years, local differential privacy (LDP), which enables sensitive data collection while preserving privacy, has attracted much attention. In this paper, we develop a technology for collecting vast amount of health data from a smartwatch device, which is one of popular wearable health devices, using local difference privacy. Experiment results with real data show that the proposed method is able to effectively collect sensitive health data from smartwatch users, while preserving privacy.

• Informatization Policy
• /
• v.27 no.3
• /
• pp.82-111
• /
• 2020

Recently, increasing use of big data have caused regulation factors of personal information and combination of pseudonymized information to emerge as key policy measures. Therefore, this study empirically analyzed the mediating effect and moderating effect of pseudonymized information combination as the third variable in the relationship between regulation factors of personal information and big data utilization. The analysis showed the following results: First, among personal information regulation factors, definition regulation, consent regulation, supervisory authority regulation, and punishment intensity regulation showed a positive(+) relationship with the big data utilization, while among pseudonymized information combination factors, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination were also found to be in a positive relationship with the use of big data. Second, among the factors of pseudonymized information combination, non-identification of combination, standardization of combined pseudonymized information, and responsibility of combination showed a positive(+) mediating effect in relation to regulation factors of personal information and big data utilization. Third, in the relationship between personal information regulation factors and big data utilization, the moderating effect hypothesis that each combination institution type of pseudonymized information (free-type, intermediary-type, and designated-type) would play a different role as a moderator was rejected. Based on the results of the empirical research, policy alternatives of 'Good Regulation' were proposed, which would maintain balance between protection of personal information and big data utilization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1245-1255
• /
• 2015

As cloud computing services become popular, the concern on the data security of cloud services increases and the efforts for the data security become essential. In this paper, we describe the pros and cons of cloud computing including the definition of cloud. Then, we discuss the regulations about the protection of user data defined in cloud promotion act. Previous studies related to the privacy protection and the entrustment of personal information in cloud computing are reviewed. We examine how to store the personal information depending on the cloud service model. As a result, we argue that the entrustment of personal information should vary according to the cloud service model and we propose how to protect the personal information on IaaS and SaaS cloud service models.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.12
• /
• pp.4400-4419
• /
• 2021

In the 4th Industrial Revolution, the healthcare industry is undergoing a paradigm shift from post-care and management systems based on diagnosis and treatment to disease prevention and management based on personal precision medicine. To optimize medical services for individual patients, an open ecosystem for the healthcare industry that allows the exchange and utilization of personal health records (PHRs) is required. However, under the current system of hospital-centered data management, it is difficult to implement the linking and sharing of PHRs in practice. To address this problem, in this study, we present the design and implementation of a patient-centered PHR platform using blockchain technology. This platform achieved transparency and reliability in information management by eliminating the risk of leakage and tampering/altering personal information, which could occur when using a PHR. In addition, the patient-consent system was applied to a PHR; thus, the patient acted as the user with ownership. The proposed blockchain-based PHR platform enables the integration of personal medical information with scattered distribution across multiple hospitals, and allows patients to freely use their health records in their daily lives and emergencies. The proposed platform is expected to serve as a stepping stone for patient-centered healthcare data management and utilization.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.2
• /
• pp.299-308
• /
• 2019

As the utilization value of personal information becomes higher, discussions about providing personal information are being conducted actively. One of the most common methods of providing personal information is that a group obtains a personal information with a consent of individual. However, the above method has 2 problems. First, more information is exposed than the information required by organization for utilization of personal information. Second, trusted party should provide organization with an authentication of personal information whenever they require personal information. To solve these problems, we propose a personal information management system with blockchain using zk-SNARK(zero-knowledge Succinct Non-interactive ARgument of Knowledge) for privacy. Our proposal enables individuals to guarantee reliability of their information and protect their privacy concurrently using zk-SNARK when they provid organization with their personal information. In addition, it is possible to manage the personal information data while ensuring the integrity of the data using blockchain and it is possible to share the personal information more conveniently than existing systems.