• Title/Summary/Keyword: privacy breach

Search Result 35, Processing Time 0.028 seconds

An Exploratory Study on the impact of EU Adequacy Decision on GDPR compliant companies (EU 적정성 결정이 GDPR 대상기업에 미치는 영향에 관한 탐색적 연구)

  • Kim, YoungSoo;Chang, Hangbae
    • Journal of Platform Technology
    • /
    • v.9 no.4
    • /
    • pp.32-41
    • /
    • 2021
  • The EU enacted a law strongly regulating the GDPR to protect the privacy of its citizens on 25 May 2018. Compliance with GDPR is an essential prerequisite for companies to enter the European market in the global economic era. In this paper, Step-by-step measures have been defined to conclude DPA agreements for the appropriate level of protection against EU personal data transfer. To explore the benefits and expected effects of determining appropriateness at the government level. As a result, enterprises benefit from simplifying processes, reducing time, and reducing costs when entering the EU. Government-level support in response to personal data breach and communication with the EU Commission will have a positive impact, However, even after the adequacy decision, the entity continues to need activities to secure personal data through compliance with GDPR principles and obligations. Major operations of companies that comply with GDPR are also maintained as important tasks that must be observed in most cases except for the Data Protection Agreement.

Legal Research about the Public Offering of Director Compensation (이사보수의 공개에 관한 법적 연구)

  • Kwon, Sang-Ro
    • The Journal of the Korea Contents Association
    • /
    • v.12 no.10
    • /
    • pp.169-177
    • /
    • 2012
  • Due to the influences of global financial crisis, countries are putting their efforts on the enhancement of appropriateness and transparency of director compensation. In several countries including Germany, the United States, the United Kingdom, France, and Italy, listed companies and financial institutions in certain levels make public announcement for compensations of individual directors, not the averages. Recently, even Asian countries including China, Hong Kong, and Singapore are introducing individual director compensation public announcement policies. On the other hand, in cases of companies, which must submit annual reports, under current Korean capital market laws and enforcement ordinances, they are obligated to mention 'total wage paid to all executives in that business year' on the annual report, but does not have to mention individual wages of each executive. About this, at the 17th national assembly, revised bill for the Securities and Exchange Act for companies to mention wages of each executive. The financial world is opposing to open individual director compensation to the public as they concern about the shrinking of outstanding human resources recruitment, breach of corporate confidence, privacy invasion, deterioration of labor-management relations, and downfall of the executive's management will as director compensation will be standardized downward; however, if public opening of individual director compensation is forced, domestic companies will prepare more objective and rational standards when they calculate director compensations, and moreover, it will prevent arbitrary intervention of dominant shareholders. Therefore, to clearly and efficiently control director compensation, we need regulations for obligating public opening of individual director compensation.

Analysis of Al-Saggaf et al's Three-factor User Authentication Scheme for TMIS

  • Park, Mi-Og
    • Journal of the Korea Society of Computer and Information
    • /
    • v.26 no.9
    • /
    • pp.89-96
    • /
    • 2021
  • In this paper, we analyzed that the user authentication scheme for TMIS(Telecare Medicine Information System) proposed by Al-Saggaf et al. In 2019, Al-Saggaf et al. proposed authentication scheme using biometric information, Al-Saggaf et al. claimed that their authentication scheme provides high security against various attacks along with very low computational cost. However in this paper after analyzing Al-Saggaf et al's authentication scheme, the Al-Saggaf et al's one are missing random number s from the DB to calculate the identity of the user from the server, and there is a design error in the authentication scheme due to the lack of delivery method. Al-Saggaf et al also claimed that their authentication scheme were safe against a variety of attacks, but were vulnerable to password guessing attack using login request messages and smart cards, session key exposure and insider attack. An attacker could also use a password to decrypt the stored user's biometric information by encrypting the DB with a password. Exposure of biometric information is a very serious breach of the user's privacy, which could allow an attacker to succeed in the user impersonation. Furthermore, Al-Saggaf et al's authentication schemes are vulnerable to identity guessing attack, which, unlike what they claimed, do not provide significant user anonymity in TMIS.

Factors Affecting the Intention to Adopt Self-Determination Rights of Personal Medical Information (개인의료정보 자기결정권 행사 의도에 영향을 미치는 요인)

  • Yunmo Koo;Sungwoo Hong;Beomsoo Kim
    • Information Systems Review
    • /
    • v.20 no.1
    • /
    • pp.159-177
    • /
    • 2018
  • With an extensive proliferation of information and communication technology, the volume and amount of digital information collected and utilized on the Internet have been increasing rapidly. Also on the rapid rise are side effects such as unintended breach of accumulated personal information and consequent invasion of personal privacy. Informational self-determination is rarely practiced, despite various states' legal efforts to redress data subjects' damage. Personal health information, in particular, is a subcategory of personal information where informational self-determination is hardly practiced enough. The observation is contrasted with the socio-economic inconvenience that may follow due to its sensitive nature containing individuals' physical and health conditions. This research, therefore, reviews factors of self-determination on personal health information while referring to the protection motivation theory (PMT), the long-time framework to understand personal information protection. Empirical analysis of 200 data surveyed reveals threat-appraisal (perceived vulnerability and perceived severity of threats) and coping-appraisal (perceived response effectiveness), in addition to individual levels of concern regarding provided personal health information, influence self-determination to protect personal health information. The research proposes theoretical findings and practical suggestions along with reference for future research topics.

A Study of Domain Name Disputes Resolution with the Korea-U.S. FTA Agreement (한미자유무역협정(FTA)에 따른 도메인이름 분쟁해결의 개선방안에 관한 연구)

  • Park, Yu-Sun
    • Journal of Arbitration Studies
    • /
    • v.17 no.2
    • /
    • pp.167-187
    • /
    • 2007
  • As Korea has reached a free trade agreement with the United States of America, it is required to provide an appropriate procedure to ".kr" domain name disputes based on the principles established in the Uniform Domain Name Dispute Resolution Policy(UDRP). Currently, Internet address Dispute Resolution Committee(IDRC) established under Article 16 of the Act on Internet Address Resources provides the dispute resolution proceedings to resolve ".kr" domain name disputes. While the IDRC's proceeding is similar to the UDRP administrative proceeding in procedural aspects, the Domain Name Dispute Mediation Policy that is established by the IDRC and that applies to disputes involving ".kr" domain names is very different from the UDRP for generic Top Level Domain (gTLD) in substantial aspects. Under the Korea-U.S. Free Trade Agreement(KORUS FTA), it is expected that either the Domain Name Dispute Mediation Policy to be amended to adopt the UDRP or the IDRC to examine the Domain Name Dispute Mediation Policy in order to harmonize it with the principles established in the UDRP. It is a common practice of cybersquatters to warehouse a number of domain names without any active use of these domain names after their registration. The Domain Name Dispute Mediation Policy provides that the complainant may request to transfer or delete the registration of the disputed domain name if the registrant registered, holds or uses the disputed domain name in bad faith. This provision lifts the complainant's burden of proof to show the respondent's bad faith because the complainant is only required to prove one of the three bad faiths which are registration in bad faith, holding in bad faith, or use in bad faith. The aforementioned resolution procedure is different from the UDRP regime which requires the complainant, in compliance with paragraph 4(b) of the UDRP, to prove that the disputed domain name has been registered in bad faith and is being used in bad faith. Therefore, the complainant carries heavy burden of proof under the UDRP. The IDRC should deny the complaint if the respondent has legitimate rights or interests in the domain names. Under the UDRP, the complainant must show that the respondent has no rights or legitimate interests in the disputed domain name. The UDRP sets out three illustrative circumstances, any one of which if proved by the respondent, shall be evidence of the respondent's rights to or legitimate interests in the domain name. As the Domain Name Dispute Mediation Policy provides only a general provision regarding the respondent's legitimate rights or interests, the respondent can be placed in a very week foundation to be protected under the Policy. It is therefore recommended for the IDRC to adopt the three UDRP circumstances to guide how the respondent can demonstrate his/her legitimate rights or interests in the disputed domain name. In accordance with the KORUS FTA, the Korean Government is required to provide online publication to a reliable and accurate database of contact information concerning domain name registrants. Cybersquatters often provide inaccurate contact information or willfully conceal their identity to avoid objection by trademark owners. It may cause unnecessary and unwarranted delay of the administrative proceedings. The respondent may loss the opportunity to assert his/her rights or legitimate interests in the domain name due to inability to submit the response effectively and timely. The respondent could breach a registration agreement with a registrar which requires the registrant to submit and update accurate contact information. The respondent who is reluctant to disclose his/her contact information on the Internet citing for privacy rights and protection. This is however debatable as the respondent may use the proxy registration service provided by the registrar to protect the respondent's privacy.

  • PDF