• Asian Journal of Innovation and Policy
• /
• v.9 no.3
• /
• pp.339-359
• /
• 2020

The policy change in the Data 3 Act is one of the issues that should be noted at a time when non-face-to-face business strategies become important after COVID-19. The Data 3 Act was implemented in South Korea on August 5, 2020, calling 'Big Data 3 Act' and 'Data Economy 3 Act,' and so personal information that was not able to identify a particular individual could be utilized without the consent of the individual. With the implementation of the Data 3 Act, it is possible to establish a fair economic ecosystem by ensuring fair access to data and various uses. In this paper, the law on the protection of personal information, which is the core of the Data 3 Act, was compared around Korea, the European Union and the United States, and the implications were derived through network analysis of keywords.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.99-106
• /
• 2012

Numerous private corporations and public institutions are collecting personal information through the diverse methods for the purpose of sales, promotion and civil services, and using personal information for the profits of the organizations and services. However, due to immaturity of the technical, managerial measures and internal control for the collected personal information, the misuse, abuse and the leaks of personal information are emerged as major social issues, and the government also is promoting implementation of the act on the privacy protection by recognizing the importance of the personal information protection. This research describes on the measures to detect the anomaly by analyzing personal information treatment patterns managed by the organizations, and on the measures to coup with the leaks, misuse, and abuse of personal information. Particularly, this research is intended to suggest privacy leakage monitoring system design, which can be managed by making the elements related to personal information leaks to numeric core risk indexes to be measured objectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.995-1012
• /
• 2016

In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.31-36
• /
• 2013

The personal information protection act has been enacted from 2011 for the protection of public and private privacy. Since the application area of the law is so broad, there is a limit to covers everything in the financial field. In this paper, I'll discuss an impact and problem by the personal information protection act. and propose some new task to build an efficient personal information protection governance on financial sector.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.133-155
• /
• 2016

Recently, in the adoption of cloud computing are emerging as locations are key requirements of security and privacy, at home and abroad, several organizations recognize the importance of privacy in cloud computing environments and research-based transcription and systematic approach in progress have. The purpose of this study was to recognize the importance of privacy in the cloud computing environment based on personal information security methodology to the security of cloud computing, cloud computing, users must be verified, empirical research on the improvement plan. Therefore, for existing users of enhanced security in cloud computing security consisted framework of existing cloud computing environments. Personal information protection management system: This is important to strengthen security for existing users of cloud computing security through a variety of personal information security methodology and lead to positive word-of-mouth to create and foster the cloud industry ubiquitous expression, working environments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.705-717
• /
• 2020

Cities in the world are rushing to develop smart cities to create a sustainable and happy city by solving many problems in cities using information and communication technologies such as big data and IoT. However, in Korea's smart cities and smart city certification systems, the focus is on platform-oriented hardware infrastructure, and the information security aspect is first considered to build and authenticate. It is a situation in which a response system for the risk of leakage of big data containing personal information is needed through policy research on the aspect of personal information protection for smart city operation. This paper analyzes the types of personal information in smart cities, problems associated with the construction and operation of smart cities, and the limitations of the current smart city law and personal information protection management system. As a solution, I would like to present a model of a personal information protection management system in the smart city field and propose a plan to strengthen personal information protection through this. Since the management system model of this paper is applied and operated in the national smart city pilot cities, demonstration cities, and CCTV integrated control centers, it is expected that citizens' personal information can be safely managed.

• Journal of the Korea Society of Computer and Information
• /
• v.26 no.2
• /
• pp.177-182
• /
• 2021

This study was carried out for the purpose of selecting and structuring educational content for personal information protection education in supplementary education for childcare workers. Prior research and literature data were collected and analyzed to select educational content, and a preliminary survey was conducted for 125 applicants for education. Based on the surveyed data, the educational content was structured through focus group interview. In the focus group interview analysis, the person in charge of personal information of the institution and those who have completed education participated. Group interviews and individual interviews through e-mail, etc. were conducted, and the final contents were selected after reviewing the appropriateness of the derived opinions by two educational experts. It was found that the direction of the search for personal information protection education contents should be added to the contents of practical work in each stage of information management and practice such as document writing.

• Convergence Security Journal
• /
• v.19 no.2
• /
• pp.29-38
• /
• 2019

For that reason, trend research has been actively conducted to identify and analyze the key topics in large amounts of data and information. Also personal information protection field is increasing activities in order to identify prospects and trends in advance for preemptive response. However, only research based on technology such as trends in information security field and personal information protection solution is broadly taking place. In this study, threat-based trends in personal information protection field is analyzed through text mining method. This will be the key to deduct undiscovered issues and provide visibility of current and future trends. Policy formulation is possible for companies handling personal information and for that reason, it is expected to be used for searching direction of strategy establishment for effective response.

• Knowledge Management Research
• /
• v.20 no.3
• /
• pp.91-106
• /
• 2019

In the era of the 4th Industrial Revolution, the importance of information protection is increasing day by day with the advent of the 'hyper-connection society', and related government financial investment is also increasing. The source of the government's fiscal investment projects is taxpayers' money. Therefore, the government needs to evaluate the effectiveness and feasibility of the project by comparing the public benefits created by the financial investment projects with the costs required for it. At present, preliminary feasibility study system which evaluates the feasibility of government financial investment projects in Korea has been implemented since 1994, but most of them have been actively carried out only in some fields such as large SOC projects. In this study, we discuss the feasibility evaluation of public projects for the purpose of information security. we introduce the case study of the personal information protection program of Korean public institutions and propose a cost-effectiveness analysis method that can be applied to the feasibility study of the information protection field. Finally, we presented the feasibility study and criteria applicable in the field of information security.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1269-1277
• /
• 2016

European Union and United States have introduced new Privacy Shield agreement after decision of Court of Justice of the European Union which invalidated Safe Harbor agreement. Privacy Shield agreement contains several clauses to raise the level of personal data protection such as enhanced commitments, stronger enforcement, clear safeguards and transparency obligations, and effective protection of EU citizens' rights with several redress possibilities. This agreement has received positive response as an enhanced measure for personal data protection. This paper examines EU and US discussion history and current situation regarding Privacy Shield and suggests national policy direction such as measures for personal data transborder flow system improvement and international cooperation.