• The Journal of Society for e-Business Studies
• /
• v.23 no.4
• /
• pp.1-17
• /
• 2018

Recently, most online firms are trying to provide personalized services based on customer's data. However, customers are reluctant to give their information to online firm because of concerns about data breach. Online firms are seeking to increase their trust by ensuring the protection of personal information for customers through privacy seal (e.g. e-privacy) or data breach insurance. This research examines the effects of privacy assurance(i.e. privacy seal, data breach insurance) on consumer behavior in online environment. An experiment based on the hypothetical scenario was conducted using a between-subjects 2 (type of privacy assurance) + 1 (control) design. We found that both privacy seal and data breach insurance increased perceived privacy trust. In addition, privacy seal has a positive effect on the intention to provide personal information through perceived privacy trust. Finally, in the case of the group with a high (low) disposition to trust, higher perceived privacy trust is formed through privacy seal (data breach insurance). Theoretical and practical implications are discussed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.4
• /
• pp.53-68
• /
• 2008

We study on the practical privacy-preserving techniques by matrix-based randomization approach. We clearly examine the relationship between the two parameters associated with the measure of privacy breach and the condition number of matrix in order to achieve the optimal transition matrix. We propose a simple formula for efficiently calculating the inverse of transition matrix which are needed in the re-construction process of random substitution algorithm, and deduce some useful connections among standard error and another parameters by obtaining condition numbers according to norms of matrix and the expectation and variance of the transformed data. Moreover we give some experimental results about our theoretical expressions by implementing random substitution algorithm.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.41-62
• /
• 2016

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.169-179
• /
• 2011

Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.199-213
• /
• 2018

Since 2008, large-scale personal information breach incidents have occurred frequently. Even though national education, policy, and laws have been enacted and implemented to resolve the issue, personal information breaches still occur. Currently, individuals cannot confirm detailed information about what personal information has been affected, and they cannot respond to the breaches. Therefore, it is desirable to develop various methods for preventing and responding to personal information infringement caused by breach and leakage incidents and move to privacy protection behaviors. The purpose of this study is to create understanding of personal information security and information breach, to present services that can prevent breaches of personal information, to investigate the necessity of and analyze the potential public demand for such services, and to provide direction for future privacy-related information services.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.391-400
• /
• 2012

This study focused on the role of the center for private information, which can manage and share the personal data from data breach incidents. Especially, this study addresses on the importance of establishing information management systems for preventing secondary misappropriation of breached personal data and private information. The database of breached personal data can be used for reducing privacy worries of potential victims of secondary misuse of personal data. Individuals who use the same IDs and passwords on multiple websites may find this service more effective and necessary. The effectiveness of this breached data center on reducing secondary privacy infringement may differ depending on the extend of data being shared and the conditions of data submission. When businesses experienced data breach and submission of data to this center is required by the law, the accuracy and effectiveness of this service can be enhanced. In addition, centralized database with high quality data set can increase matching for private information and control the secondary misappropriation of personal data or private information better.

• Journal of KIISE
• /
• v.44 no.2
• /
• pp.195-207
• /
• 2017

In recent years, data are actively exploited in various fields. Hence, there is a strong demand for sharing and publishing data. However, sensitive information regarding people can breach the privacy of an individual. To publish data while protecting an individual's privacy with minimal information distortion, the privacy- preserving data publishing(PPDP) has been explored. PPDP assumes various attacker models and has been developed according to privacy models which are principles to protect against privacy breaching attacks. In this paper, we first present the concept of privacy breaching attacks. Subsequently, we classify the privacy models according to the privacy breaching attacks. We further clarify the differences and requirements of each privacy model.

• Knowledge Management Research
• /
• v.25 no.1
• /
• pp.1-19
• /
• 2024

This study analyzed the changes in social media reactions of data subjects to major personal data breach incidents in South Korea from January 2014 to October 2022. We collected a total of 1,317 posts written on Naver Blogs within a week immediately following each incident. Applying the LDA topic modeling technique to these posts, five main topics were identified: personal data breaches, hacking, information technology, etc. Analyzing the temporal changes in topic distribution, we found that immediately after a data breach incident, the proportion of topics directly mentioning the incident was the highest. However, as time passed, the proportion of mentions related indirectly to the personal data breach increased. This suggests that the attention of data subjects shifts from the specific incident to related topics over time, and interest in personal data protection also decreases. The findings of this study imply a future need for research on the changes in privacy awareness of data subjects following personal data breach incidents.

• Journal of Satellite, Information and Communications
• /
• v.12 no.1
• /
• pp.22-27
• /
• 2017

In this paper, A heightened interest in the latest drone, yet steady increase in the field to exploit them. The next market is expected to be vastly improved, and use drone also increasingly will be strengthened. But also not a few side effects of him. In order to use safer and more commonly a drone safety and privacy protection, and there are many issues that need to be considered. Violating privacy laws, such as relations caused by the drone flight and review this study ways to resolve the breach. The flight due to a draw at peace with human life and behavior and enjoy it, but this problem created by new outbreak.

• KIPS Transactions on Computer and Communication Systems
• /
• v.3 no.6
• /
• pp.197-208
• /
• 2014

In an information society, privacy protection is one of the most important ethical issues. In medical institutes in which personal medical information is collected and stored, in addition, a privacy breach can cause a serious damage on personal lives. This study attempted to develop privacy concern measurement tool in personal medical information to measure patients' concern on their medical information from medical service consumers' perspective and verify its validity. For this, privacy concern measurement tool in personal medical information was developed based on the results of previous studies. After performing Exploratory Factor Analysis(EFA) and Confirmatory Factor Analysis(CFA) on the measurement tool, its reliability and validity were verified. It appears that the measurement tool would be useful in developing decent privacy protection policy after investigating citizens' concern on the protection of personal medical information and domains they are interested in. For medical institutes as well, they would be helpful in coming up with a reasonable plan after figuring out problems in the protection of personal medical information and current status.