• Informatization Policy
• /
• v.28 no.3
• /
• pp.49-72
• /
• 2021

This study analyzes the major content, significances, and future outlook of Three Data Acts amendment enacted in August 2020 in South Korea, with the focus on their impact on the financial and data industries. It seems that the revision of the Credit Information Act will enable the specification of a business which had previously only been regulated as the business of credit inquiry, and also enable the domestic data industry to activate the MyData industry, data trading and platforms, and specify data pseudonymization and trading procedures. For the rational and efficient implementation of the amendments to the Three Data Acts, the Personal Information Protection Committee must be as transparent and lawful in its activities as possible, and fairness must be guaranteed. Even in the utilization of personal information, the development or complementation of the related data processing technologies is essential, and clear data processing methods and areas must be regulated. Furthermore, the amendments must be supported with guarantees and the systematization of a fair competitive system in the data market, stricter regulations on penalties for illegal acts related to data, establishment and strengthening of the related security systems, and reinforcement of the system of cooperation for data transfer.

• International Journal of Computer Science & Network Security
• /
• v.22 no.5
• /
• pp.320-326
• /
• 2022

The use of the Internet has become commonplace for billions of people on the planet. The rapid development of technology, in particular, mobile gadgets, has provided access to communication anywhere, anytime. At the same time, there are growing concerns about the behavior of people on the Internet, in particular, towards each other and social groups in general. This raises the issue of human rights in today's information society. In this study, we focused on human rights such as the right to privacy, confidentiality, freedom of expression, the right to be forgotten, etc. We point to some differences in this regard, in particular between the EU, etc. In addition, we describe the latest legal regulation in this aspect in European countries. Such methods as systemic, factual, formal and legal, to show the factors of formation and development of human rights in the context of digitalization were used. The authors indicate which of them deserve the most attention due to their prevalence and relevance. Thus, we concluded that the technological development of social communications has laid the groundwork for a legal settlement of privacy and opinion issues on the Internet. Simultaneously, jurisdictions address issues on every aspect of human rights on the Internet, based on previous norms, case law, and principles of law. It is concluded that human rights legislation on the Internet will continue to be actively developed to ensure a balance of private and public interests, safe online access and unimpeded access to it.

• Journal of Digital Convergence
• /
• v.19 no.8
• /
• pp.205-217
• /
• 2021

Decentralized SSI(Self Sovereign Identity) has become an alternative to a new digital identity solution, but an efficient de-identification technique has not been proposed due to the unique algorithmic characteristics of data transactions. In this study, to ensure the decentralized operation of SSI, we propose a de-identification technique that does not remove identifiers by restructuring the verification results of ZKP (Zero Knowledge Proof) into a form that can be provided to the outside by the verifier. In addition, it is possible to provide restructured de-identification data without the consent of data subject by proposing the concept of differential sovereignty management for each entity participating in verification. As a result, the proposed model satisfies the domestic personal information protection law in a decnetralized SSI, in addition provides secure and efficient de-identification processing and sovereignty management.

• Journal of Digital Convergence
• /
• v.17 no.10
• /
• pp.49-58
• /
• 2019

In the era of the 4th industrial revolution, the development of information technology brought various benefits, but it also increased social interest in privacy issues. As the possibility of personal privacy violation by big data increases, academic discussion about privacy management has begun to be active. While the traditional view of privacy has been defined at various levels as the basic human rights, most of the recent research trends are mainly concerned only with the information privacy of online privacy protection. This limited discussion can distort the theoretical concept and the actual perception, making the academic and social consensus of the concept of privacy more difficult. In this study, we analyze the privacy concept that is exposed on the internet based on 12,000 news data of the portal site for the past one year and compare the difference between the theoretical concept and the socially accepted concept. This empirical approach is expected to provide an understanding of the changing concept of privacy and a research direction for the conceptualization of privacy for current situations.

• Journal of the Korea Society of Computer and Information
• /
• v.24 no.11
• /
• pp.109-117
• /
• 2019

Recently, the invasion of privacy in medical information has been issued following the interest in the secondary use of mass medical information. The mass medical information is very useful information that can be used in various fields such as disease research and prevention. However, due to privacy laws such as the Privacy Act and Medical Law, this information, including patients' or health professionals' personal information, is difficult to utilize as a secondary use of mass information. To do these problem, various methods such as k-anonymity, l-diversity and differential-privacy that can be utilized while protecting privacy have been developed and utilized in this field. In this paper, we discuss the differential privacy processing of the various methods that have been studied so far, and discuss the problems of differential privacy using Laplace noise and the previously proposed differential privacy. Finally, we propose a new scheme to solve the existing problem by adding a 1-bit status field to the last column of a given data set to confirm the response to queries from analysts.

• The Korean Society of Law and Medicine
• /
• v.20 no.1
• /
• pp.109-132
• /
• 2019

Recently, medical accidents related to surgical procedures have increased. In addition, the media reported that some of these accidents were involved in health crimes. Patient-advocate groups have called for mandatory establishment and management of CCTV in operating rooms. There is a lot of discussion among the interested parties, so it is necessary to review the relevant laws and regulations. The purpose of this study is to identify the characteristics of CCTV in operating rooms and to review legislations related to establishment and management of the CCTV in operating rooms. Medical institutions use CCTV for management of facilities and patient safety and install it in operating rooms optionally. The Constitution guarantees the privacy and the privacy of correspondence of every citizen, but it can be limited by the law for public welfare. Currently, however, there is no existing law about establishment and management of the CCTV in operating rooms and it can be defect of legal system. Under the current legislations, it is likely that the Self-determination can be violated due to the characteristic of healthcare provider when CCTV is mandatorily installed in operating room. In addition, the regulations on access and leakage of confidential information known by operator are insufficient. So that, the safety of the visual data might be threatened. Furthermore, unless the period and the place of storage of the visual data are clearly defined, it is highly unlikely to meet the original purpose of patient safety and prevention of medical accidents. This study is meaningful as there is few previous study on this topic although the need for legal review about this is growing and several bills are being proposed. It is expected that the results of this study can be utilized as basic data for enactment or amendment of the laws and regulations about establishment and management of CCTV in operating rooms.

• The Korean Society of Law and Medicine
• /
• v.23 no.4
• /
• pp.29-74
• /
• 2022

As social disasters occur under the Disaster Management Act, which can damage the people's "life, body, and property" due to the rapid spread and spread of unexpected COVID-19 infectious diseases in 2020, information collected through inspection and reporting of infectious disease pathogens (Article 11), epidemiological investigation (Article 18), epidemiological investigation for vaccination (Article 29), artificial technology, and prevention policy Decision), (3) It was used as an important basis for decision-making in the context of an infectious disease crisis, such as promoting vaccination and understanding the current status of damage. In addition, medical policy decisions using infectious disease data contribute to quarantine policy decisions, information provision, drug development, and research technology development, and interest in the legal scope and limitations of using infectious disease data has increased worldwide. The use of infectious disease data can be classified for the purpose of spreading and blocking infectious diseases, prevention, management, and treatment of infectious diseases, and the use of information will be more widely made in the context of an infectious disease crisis. In particular, as the serious stage of the Disaster Management Act continues, the processing of personal identification information and sensitive information becomes an important issue. Information on "medical records, vaccination drugs, vaccination, underlying diseases, health rankings, long-term care recognition grades, pregnancy, etc." needs to be interpreted. In the case of "prevention, management, and treatment of infectious diseases", it is difficult to clearly define the concept of medical practicesThe types of actions are judged based on "legislative purposes, academic principles, expertise, and social norms," but the balance of legal interests should be based on the need for data use in quarantine policies and urgent judgment in public health crises. Specifically, the speed and degree of transmission of infectious diseases in a crisis, whether the purpose can be achieved without processing sensitive information, whether it unfairly violates the interests of third parties or information subjects, and the effectiveness of introducing quarantine policies through processing sensitive information can be used as major evaluation factors. On the other hand, the collection, provision, and use of infectious disease data for research purposes will be used through pseudonym processing under the Personal Information Protection Act, consent under the Bioethics Act and deliberation by the Institutional Bioethics Committee, and data provision deliberation committee. Therefore, the use of research purposes is recognized as long as procedural validity is secured as it is reviewed by the pseudonym processing and data review committee, the consent of the information subject, and the institutional bioethics review committee. However, the burden on research managers should be reduced by clarifying the pseudonymization or anonymization procedures, the introduction or consent procedures of the comprehensive consent system and the opt-out system should be clearly prepared, and the procedure for re-identifying or securing security that may arise from technological development should be clearly defined.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.117-130
• /
• 2011

In a situation where worldwide free trade between countries has expanded recently, our country is being rapidly pushed FTA agreements with the financial developed countries such as United States, EU. According to the agreement, the user information of foreign financial companies in Korea is expected to be transfered overseas. In this paper, we need to define the scope and the definition about the transfer of information and analyze the relating domestic and foreign laws preparing for Cross Border Financial Information Transfer. Also, we review the expected issues about the transfer of information divided into institutional and technical sectors and arc presented the policy implication such as differentiation of regulatory information, enactment and amendment of Personal Information Protection Law(Draft) and related regulations, ensuring the safety of financial companies, raise the standard guidelines of the transfer of information. We refers to the needs for policy formulation to differentiate our privacy information from financial information to protect the privacy of users. The proposed countermeasures in this paper is expected to be helpful the measures to prepare for other institutions such as banks and supervisory authorities prepare for the future Cross Border Financial Information Transfer according to PTA.

• Informatization Policy
• /
• v.28 no.1
• /
• pp.3-21
• /
• 2021

Klaus Schwab's discussion on the Fourth Industrial Revolution provides a framework for predicting the direction of legal technology development. Technological convergence, which has emerged as the core concept of the Fourth Industrial Revolution has a significant effect on legal technology. In particular, various new technologies, such as legal chatbots and platforms, are being introduced to enhance efficiency and accessibility in the legal field. However, legal technology is still in its early stage, with institutional improvement needed to vitalize the industry. In this paper, we first specify the concept and classification of legal technology in Chapter 2, followed by trends and limitations in Chapter 3 and ways of vitalizing legal technology in the future in Chapter 4. To invigorate legal technology development, it is necessary to put in place legal regulatory measures that stipulate the active disclosure of legal data, such as precedents, and make free use of such measures. In the law, many issues, such as the safety of artificial intelligence, personal information protection, and ethical standards, will be discussed in the future. Therefore, via this paper, we hope to promote the formation of social consensus and prepare countermeasures, such as legislative measures.

• The Journal of Society for e-Business Studies
• /
• v.26 no.4
• /
• pp.37-52
• /
• 2021

Due to the spread of COVID-19, it is rapidly changing from face-to-face to non-face-to-face work environments and is changing to a digital work environment that can be accessed anytime, anywhere, providing convenience to all lives. However, the number of breaches, personal information leakage, and technology leakage targeting SMEs that are vulnerable to security continues to increase. Accordingly, the government has been continuously promoting the information security consulting support project for SMEs every year since 2014. Therefore, this study intends to develop a performance model and measurement methodology for continuous and more systematic support and efficient management of information protection support projects in consideration of the importance of information security for SMEs. It is intended to be used as basic data when setting future operational directions and goals. The main method of this study is to derive performance models and indicators for SME information security support projects based on domestic literature, case studies, and survey results, utilize expert advice to verify the developed performance measurement indicators, and use pilot-test questionnaires. Conduct evaluation through surveys. Based on the verified indicators, we would like to present a performance model and measurement index for the information security support project for SMEs.