• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.1
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of Information Technology Services
• /
• v.21 no.3
• /
• pp.27-42
• /
• 2022

Open Data is an essential resource for the data industry. 'Act On Promotion Of The Provision And Use Of Public Data', enacted on July 30, 2013, mandates public institutions to manage the quality of Open Data and provide it to the public. Via such a legislation, the legal basis for the public to Open Data is prepared. Furthermore, public institutions are prohibited from developing and providing open data services that are duplicated or similar to those of the private sector, and private start-ups using open data are supported. However, as the demand for Open Data gradually increases, the cases of refusal to provide or interruption of Open Data held by public institutions are also increasing. Accordingly, the 'Open Data Mediation Committee' is established and operated so that the right to use data can be rescued through a simple dispute mediation procedure rather than complicated administrative litigation. The main issues dealt with in dispute settlement so far are usually the rights of third parties, such as open data including personal information, private information such as trade secrets, and copyrights. Plus, non-open data cannot be provided without the consent of the information subject. Rather than processing non-open data into open data through de-identification processing, positive results can be expected if consent is provided through active rights processing of the personal information subject. Not only can the Public Mydata Service be used by the information subject, but Open Data applicants will also be able to secure higher quality Open Data, which will have a positive impact on fostering the private data industry. This study derives a plan to establish a rights processing platform to enhance the usability of Open Data, including private information such as personal information, trade secrets, and copyright, which have become an issue when providing Open Data since 2014. With that, the proposals in this study are expected to serve as a stepping stone to revitalize private start-ups through the use of wide Open Data and improve public convenience through Public MyData services of information subjects.

• Journal of Convergence for Information Technology
• /
• v.11 no.1
• /
• pp.71-79
• /
• 2021

This study looked at the conflict between the aspect of the use of personally non-identifiable information for the development of the big data industry and the digital advertising industry and the aspect of personal information protection. In order to achieve the research purpose, this study focused on literature research such as thesis, legal texts, administrative regulations, and recent media articles. As a result of this study, the main issues related to the protection of personally non-Identifiable Information in digital behavioral advertising were 'conflict between freedom of advertising expression and personal rights', 'personalization of unidentifiable information', 'information imbalance'. In this regard, as measures to protect personally non-identifiable information in digital behavioral advertising, it was proposed to 'harmonize with freedom of advertising expression and personal rights, 'improve notification and consent. process', and 'reinforce the right to control personal information'.

• The Korean Society of Law and Medicine
• /
• v.14 no.1
• /
• pp.209-236
• /
• 2013

The concept of expectation rights considers 'the expectation' that the patient should be given proper medical treatment as the benefit and protection of the law, so it would be the benefit and protection of the law due to personal rights different from 'the legal principle that has the possibility to a considerable extent' being in an extension of life and body. However, the problem how the patient's expectation of medical service sets up in order to make it the benefit and protection of the law would be still left in the vague concept of the patient's 'expectation', thus, in the first place, the medical practice following formed medical standard in every particular medical institutes should be the standard because these medical services are normally within a range of the patients' expectations. In addition, it should be naturally constituted as mental profit to get the subjective circumstances such as 'the patient's expectation' to be an object, and also, different from the profit and protection of the law such as life and body that should be absolutely protected, the origin of violation behavior should be regarded simultaneously to define the denotation of expectation rights. Therefore, the expectation rights violations would be problematic in case it fails to reach the medical standard that is expected for common doctors to practice properly. This is the concept of expectation rights that gets subjective matters such as the patient's expectation to be objectivity as medical practices that can be expected by generalized abstract doctors. This standard should be defined as the minimum standard that is naturally expected for doctors to practice, different from medical standard that decides the level of doctors.

• Journal of the Korea Society of Computer and Information
• /
• v.21 no.11
• /
• pp.73-78
• /
• 2016

All citizens will not be infringed communications rub. That can be seen to have the privacy freedom.lot (Internet of things) have released a security system in the era of information privacy appear that public safety and threat. Currently, Information and communication devices can be use criminal investigation, including search and seizure confirmed the fact communication of the communication restriction information storage medium for the common purpose of providing material system, the system provides data and communications. This paper focused on Privacy and open of information data by the Prosecutor and Police in korea. Privacy rights include that transparency information, communication, and protections for the rights of the individuals. It is necessary to be lawfulness of processing, individuals consent while Prosecutors investigations. especially we need explicit condition and National agency need to obtain in order to legitimize their processing of personal information data. The author emphasize are as follows: first, to examine Privacy rights information' necessity and problem, second, to understand Privacy rights and limits, third, to suggest improvements for the purpose of Transparency, codes of conduct and Democracy of information.

• Fashion & Textile Research Journal
• /
• v.19 no.2
• /
• pp.194-206
• /
• 2017

This study analyzed the effect of individualism-collectivism propensity and social capital on participation activity as well as the effect of participation activity on fashion brands relationship orientation of social network service users. Also, this study investigated the difference in participation activity and fashion brands relationship orientation by participation level of social network service. A survey was conducted from October 1 to November 31, 2015, and 476 responses were used in the analysis. As results, the individualism-collectivism propensity was composed of vertical-horizontal individualism and vertical-horizontal collectivism. The social capital was composed of trust, norm, and network. Also, the participation activity was composed of personal interaction, consumer rights, information pursuit, interest pursuit, and economic pursuit. Vertical individualism positively affected information pursuit and economic pursuit, and horizontal individualism positively affected personal interaction, consumer rights, and information pursuit; in addition, vertical collectivism positively affected personal interaction, consumer rights, and interest pursuit. Horizontal collectivism positively affected information pursuit, but it negatively affected consumer rights. Consumer rights, information pursuit, interest pursuit, and economic pursuit of participation activity positively affected fashion brands relationship orientation. Also, there were significant differences in the participation activity and fashion brands relationship orientation by participation level. The study results provide useful information to the marketing strategies using social network service of fashion brands.

• 제어로봇시스템학회:학술대회논문집
• /
• 2004.08a
• /
• pp.788-793
• /
• 2004

Internet-based distribution of digital contents provides great opportunities for producers, distributors and consumers, but it may seriously threaten users' privacy. The Digital Rights Management (DRM) systems which one of the major issues, concern the protection of the ownership/copyright of digital content. However, the most recent DRM systems do not support the protection of the user's personal information. This paper examines the lack of privacy in DRM systems. We describe a privacy policy and user's privacy preferences model that protect each user's personal information from privacy violation by DRM systems. We allow DRM privacy agent to automatically negotiate between the DRM system policy and user's privacy preferences to be disclosed on behalf of the user. We propose an effective negotiation algorithm for the DRM system. Privacy rules are created following the negotiation process to control access of the user's personal information in the DRM system. The proposed privacy negotiation algorithm can be adapted appropriately to the existing DRM systems to solve the privacy problem effectively.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Convergence Security Journal
• /
• v.16 no.6_2
• /
• pp.89-97
• /
• 2016

Disclosure of personal information to be carried out in one of the Administrative Publicity, Administrative agency as specific information about the person who has violated the obligation imposed by the law is an unspecified number people know is through the direct or Internet media it is to be disclosed in an unspecified number of people. This is, indirect sanctions so as to fulfill its obligations by the addition of psychological pressure that exposes the personal information of the fact that in breach of his obligations to the breach of duty and it has been an unspecified number of people know it is a means. However, publication of these personal information, infringement of the moral rights of the Constitution guarantees an individual, of course, not only a matter of law that the right to self-determination of the personal information, has continued also doubts for the effectiveness of the system. As a result, in this paper, to discuss legal issues with the disclosure of management personal information and its improvement measures, and expected to be able to take advantage of the efficient development of the future of personal information disclosure system.