• Journal of Digital Convergence
• /
• v.13 no.1
• /
• pp.275-281
• /
• 2015

The recent health care is growing rapidly want to receive offers users a variety of medical services, can be exploited easily exposed to a third party information on the role of the patient's hospital staff (doctors, nurses, pharmacists, etc.) depending on the patient clearly may have to be classified. In this paper, in order to ensure safe use by third parties in the health care environment, classify the attributes of patient information and patient privacy protection technique using hierarchical multi-property rights proposed to classify information according to the role of patient hospital officials The. Hospital patients and to prevent the proposed method is represented by a mathematical model, the information (the data consumer, time, sensor, an object, duty, and the delegation circumstances, and so on) the privacy attribute of a patient from being exploited illegally patient information from a third party the prevention of the leakage of the privacy information of the patient in synchronization with the attribute information between the parties.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.83-92
• /
• 2018

The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.

• Journal of Digital Convergence
• /
• v.14 no.4
• /
• pp.355-362
• /
• 2016

This cross-sectional study examined the differences of the human rights sensitivity changes between freshmen and seniors of nursing and non-nursing Students. The data for this study were collected using a human rights sensitivity questionnaire developed by Moon answered by 178 nursing and non-nursing students from five South Korean universities. A t-test, chi-square test were performed on the collected data. There were no significant differences in the human rights sensitivity scores between freshmen and seniors in nursing and non-nursing students. There were significant differences in the human rights sensitivity scores in the right to privacy of the psychiatric patients and the environmental rights among nursing students. There were significant differences in the human rights sensitivity scores in the disabled person's physical liberty in non-nursing students. The results of this study suggested the direction of educational curriculum revision about ethics and development of educational programs to improve the human rights sensitivity.

• Informatization Policy
• /
• v.19 no.1
• /
• pp.74-90
• /
• 2012

This thesis analyzes the Apple Inc.'s case from the viewpoint of the necessity for the protection of information privacy related to location data as for information society and ubiquitous community. Meanwhile, the regulatory conformity to equilibrium of contradictional value between personal data protection and utilization of information is debated from the fundamental right as for constitutional law concept to the commercial and technological structure in terms of economic and business point. Therefore, this paper reaches the conclusion that the legislative system should form a harmonious relationship between legal protection and lawful utilization to reappraise the present condition of legalization on personal data protection from guaranteeing rights and interests of information subject in the perspective of human rights to information guarantee consequently. As a result, it is required to revaluate the lawfulness of the fine on the violation of administrative duty levied by KCC(Korea Communications Commission).

• Journal of Arbitration Studies
• /
• v.17 no.2
• /
• pp.167-187
• /
• 2007

As Korea has reached a free trade agreement with the United States of America, it is required to provide an appropriate procedure to ".kr" domain name disputes based on the principles established in the Uniform Domain Name Dispute Resolution Policy(UDRP). Currently, Internet address Dispute Resolution Committee(IDRC) established under Article 16 of the Act on Internet Address Resources provides the dispute resolution proceedings to resolve ".kr" domain name disputes. While the IDRC's proceeding is similar to the UDRP administrative proceeding in procedural aspects, the Domain Name Dispute Mediation Policy that is established by the IDRC and that applies to disputes involving ".kr" domain names is very different from the UDRP for generic Top Level Domain (gTLD) in substantial aspects. Under the Korea-U.S. Free Trade Agreement(KORUS FTA), it is expected that either the Domain Name Dispute Mediation Policy to be amended to adopt the UDRP or the IDRC to examine the Domain Name Dispute Mediation Policy in order to harmonize it with the principles established in the UDRP. It is a common practice of cybersquatters to warehouse a number of domain names without any active use of these domain names after their registration. The Domain Name Dispute Mediation Policy provides that the complainant may request to transfer or delete the registration of the disputed domain name if the registrant registered, holds or uses the disputed domain name in bad faith. This provision lifts the complainant's burden of proof to show the respondent's bad faith because the complainant is only required to prove one of the three bad faiths which are registration in bad faith, holding in bad faith, or use in bad faith. The aforementioned resolution procedure is different from the UDRP regime which requires the complainant, in compliance with paragraph 4(b) of the UDRP, to prove that the disputed domain name has been registered in bad faith and is being used in bad faith. Therefore, the complainant carries heavy burden of proof under the UDRP. The IDRC should deny the complaint if the respondent has legitimate rights or interests in the domain names. Under the UDRP, the complainant must show that the respondent has no rights or legitimate interests in the disputed domain name. The UDRP sets out three illustrative circumstances, any one of which if proved by the respondent, shall be evidence of the respondent's rights to or legitimate interests in the domain name. As the Domain Name Dispute Mediation Policy provides only a general provision regarding the respondent's legitimate rights or interests, the respondent can be placed in a very week foundation to be protected under the Policy. It is therefore recommended for the IDRC to adopt the three UDRP circumstances to guide how the respondent can demonstrate his/her legitimate rights or interests in the disputed domain name. In accordance with the KORUS FTA, the Korean Government is required to provide online publication to a reliable and accurate database of contact information concerning domain name registrants. Cybersquatters often provide inaccurate contact information or willfully conceal their identity to avoid objection by trademark owners. It may cause unnecessary and unwarranted delay of the administrative proceedings. The respondent may loss the opportunity to assert his/her rights or legitimate interests in the domain name due to inability to submit the response effectively and timely. The respondent could breach a registration agreement with a registrar which requires the registrant to submit and update accurate contact information. The respondent who is reluctant to disclose his/her contact information on the Internet citing for privacy rights and protection. This is however debatable as the respondent may use the proxy registration service provided by the registrar to protect the respondent's privacy.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Asia pacific journal of information systems
• /
• v.22 no.1
• /
• pp.53-77
• /
• 2012

Financial firms, especially large scaled firms such as KB bank, NH bank, Samsung Card, Hana SK Card, Hyundai Capital, Shinhan Card, etc. should be securely dealing with the personal financial information. Indeed, people have tended to believe that those big financial companies are relatively safer in terms of information security than typical small and medium sized firms in other industries. However, the recent incidents of personal information privacy invasion showed that this may not be true. Financial firms have increased the investment of information protection and security, and they are trying to prevent the information privacy invasion accidents by doing all the necessary efforts. This paper studies how effectively a financial firm will be able to avoid personal financial information privacy invasion that may be deliberately caused by internal staffs. Although there are several literatures relating to information security, to our knowledge, this is the first study to focus on the behavior of internal staffs. The big financial firms are doing variety of information security activities to protect personal information. This study is to confirm what types of such activities actually work well. The primary research model of this paper is based on Theory of Planned Behavior (TPB) that describes the rational choice of human behavior. Also, a variety of activities to protect the personal information of financial firms, especially credit card companies with the most customer information, were modeled by the four-step process Security Action Cycle (SAC) that Straub and Welke (1998) claimed. Through this proposed conceptual research model, we study whether information security activities of each step could suppress personal information abuse. Also, by measuring the morality of internal staffs, we checked whether the act of information privacy invasion caused by internal staff is in fact a serious criminal behavior or just a kind of unethical behavior. In addition, we also checked whether there was the cognition difference of the moral level between internal staffs and the customers. Research subjects were customer call center operators in one of the big credit card company. We have used multiple regression analysis. Our results showed that the punishment of the remedy activities, among the firm's information security activities, had the most obvious effects of preventing the information abuse (or privacy invasion) by internal staff. Somewhat effective tools were the prevention activities that limited the physical accessibility of non-authorities to the system of customers' personal information database. Some examples of the prevention activities are to make the procedure of access rights complex and to enhance security instrument. We also found that 'the unnecessary information searches out of work' as the behavior of information abuse occurred frequently by internal staffs. They perceived these behaviors somewhat minor criminal or just unethical action rather than a serious criminal behavior. Also, there existed the big cognition difference of the moral level between internal staffs and the public (customers). Based on the findings of our research, we should expect that this paper help practically to prevent privacy invasion and to protect personal information properly by raising the effectiveness of information security activities of finance firms. Also, we expect that our suggestions can be utilized to effectively improve personnel management and to cope with internal security threats in the overall information security management system.

• Journal of Information Processing Systems
• /
• v.3 no.2
• /
• pp.82-88
• /
• 2007

Web services are the new building block of today's Internet, and provides interoperability among heterogeneous distributed systems. Recently in web services environment, security has become one of the most critical issues. The hackers attack one of fragile point and can misuse legitimate user privilege because all of the connected devices provide services for the user control and monitoring in real time. Also, the users of web services must temporarily delegate some or all of their rights to agents in order to perform actions on their behalf. This fact risks the exposure of user privacy information. In this paper, we propose secure delegation model based on SAML that provides confidentiality and integrity about the user information in distributed systems. In order to support privacy protection, service confidentiality, and assertion integrity, encryption and a digital signature mechanism is deployed. We build web service management server based on XACML, in order to manage services and policies of web service providers.

• Informatization Policy
• /
• v.27 no.3
• /
• pp.3-18
• /
• 2020

In the growing digitalized world, the European Union implemented the General Data Protection Regulation(GDPR) to establish a comprehensive data protection framework across member states. Given the constitutional roots of GDPR, the EU's regulatory approach is different than other data protection regimes. The new regulation has strengthened individual rights to data protection, but it also introduced several obligations for businesses that collect and process personal data. We review the existing literature on privacy, particularly GDPR, from a policy perspective. The evidence outlines data regulation's effects on competition, innovation, marketing activities, and cross-border data flows. The discussion highlights the tradeoffs between increased regulation of data protection and its effects on the market.

• Journal of Korean Academy of Nursing Administration
• /
• v.15 no.1
• /
• pp.81-90
• /
• 2009

Purpose: The purpose of this study was to identify nurses' perceptions on the older adult's dignity, and identify the risk factors that threaten older adult dignity and nurses' experiences of ethically difficult care in nursing homes. Method: Qualitative content analysis was done using an analysis scheme developed by the investigators. The data were collected from 51 nurses in 10 different nursing homes, who have agreed this study. Using a self-completion questionnaire was developed by the authors. The questionnaire which consisted of 3 items about dignity definitions, risk factors, and experiences on ethical dilemma. Results: The scheme consisted of 14 categories and 33 subcategories of the 261 significant statements. The categories of the dignity perception analyzed were respect, social right and equality. The categories of risk factors analyzed were loss of control, abuse, physical restraint, invasion of privacy, decision limitation and staff qualification. The categories of dignity experiences were abuse, physical restraint, invasion of privacy, staff qualification and decision limitation. Conclusions: This study may suggests interpretation for compromised older adult's dignity and provides data to use in the development of the useful guidelines and educational programs for the nurses in nursing homes.