Myunggeun Cho,Lee Hwansoo

DOI: https://doi.org/10.14400/JDC.2017.15.9.1

Abstract:As we enter the era of big data, the value of personal information is becoming ever more important. However, personal information protection laws in Korea have several issues. Furthermore, existing research are limited in their ability to facilitate a comprehensive understanding of measures to improve personal information protection laws. Accordingly, this study analyzes improvements to be made in the current personal information protection laws based on existing research. A total of 39 research articles discussing the problems of the personal information protection law were selected and analyzed by applying the meta - analysis technique. According to the results, the various issues such as the meaning and scope of personal information, the role and obligations of relevant parties, provision of personal information to third parties, and redundant and imbalanced regulations in special acts in each field. that exist in the current personal information protection laws were confirmed. This study contributes to the improvement of inconsistency between information protection laws and related special laws in each field in practice. Academically, it will contribute to understanding the problems of th law from the macro perspective and suggesting the integrated improvement ways of the law.

Computer Science,Law

Hyun-Jung Lee,Kwangwoo Lee,Dongho Won

DOI: https://doi.org/10.1109/trustcom.2011.106

2011-11-01

Abstract:As cyber-crimes using personal information such as ID theft are increasing, there is a need for appropriate technology or law to protect privacy. To this end, the Korean Government established the Privacy Act on March 29th 2011. The Privacy Act prescribes a specification for dealing with privacy with the intention to protect personal information from being collected, leaked, misused, or abused so that it can improve rights and interests of the nation and eventually realize the dignity and value of man. The United States, Japan, Canada, and several countries of the EU have their own privacy law being established or revised. Although there must be differences depending on the circumstances of each country, the ultimate goal of the privacy law should be the same. Consequently, there might be the same or similar technical protection required by all these countries. Between the increasing interest in protecting personal information and the establishment of the Privacy Act, many industries are having relevant products released one after another. Customers without knowledge of the law and the product types cannot decide what they need. This paper intends to derive necessary security functions of a personal information security system based on the Common Criteria and analyze the limit of the products in order to make guidelines for privacy and information protection system.

Moon-Ho Joo,Sang-Pil Yoon,Hun-Yeong Kwon,Jong-In Lim

DOI: https://doi.org/10.3233/ip-170057

2018-06-29

Information Polity

Abstract:In the age of big data, many countries are implementing and establishing de-identification policies quite actively. There are many efforts to institutionalize de-identification of personal information to protect privacy and utilize the use of personal information. But even with such efforts, de-identification policy always has a potential risk that de-identified information can be re-identified by being combined with other information. Therefore, it is necessary to consider the management mechanism that manages these risks as well as a mechanism for distributing the responsibilities and liabilities in the event of incidents involving the invasion of privacy. So far, most countries implementing the de-identification policies are focusing on defining what de-identification is and the exemption requirements to allow free use of de-identified personal information. On the other hand, there is a lack of discussion and consideration on how to distribute the responsibility of the risks and liabilities involved in the process of de-identification of personal information. The purpose of this study is to compare the de-identification policies of the European Union, the United States, Japan, and Korea, all of which are now actively pursuing de-identification policies. Additionally, this study proposes to take a look at the various de-identification policies worldwide and contemplate on these policies in the perspective of risk society and risk-liability theory. The constituencies of the de-identification policies are identified in order to analyze the roles and responsibilities of each of these constituencies thereby providing the theoretical basis on which to initiate the discussions on the distribution of burden and responsibilities arising from the de-identification policies.

Hyoung-Gyu Kim,Min-Ho Kim,Jung-Sook Kwon,Yong-Lak Choi

DOI: https://doi.org/10.9716/kits.2014.13.2.163

2014-06-30

Journal of the Korea society of IT services

Abstract:Personal information has been stolen continuously and it is also affected from development of the Internet. So the government requires that companies spend more effort for protecting customers' personal information. The OLAP server also should meet this requirement, but it is hard to satisfy for the authority management. The OLAP server must use personal information to extract required information from database. This thesis suggests a model of separating between general information and personal information, so this model can help to minimize the leakage of personal information. The model is implemented and tested as a prototype. This prototype can prove that the new model is better than the original one. This study presents that the authority management on the separation between personal information and general information helps protect the personal information of customers.

Moon-Ho Joo,Hun-Yeong Kwon

DOI: https://doi.org/10.1016/j.giq.2023.101805

IF: 8.49

2023-04-01

Government Information Quarterly

Abstract:In the era of big data, data creates new added value by collecting, analyzing, and transforming the thoughts and actions of economic members and creating insights that can predict the future. This means that in the near future, data-driven decisions based on data, rather than subjectivity or experience, will be the driving force behind society.However, since valuable and useful data is bound to be generated from personal information, how to safely utilize personal information is becoming an important topic in the big data era. To protect personal information in this environment, data services and database providers have increased their focus on the implementation of de-identification, a technique that can protect personal information while maintaining the usefulness of the data. Moreover, many countries have introduced new policies and laws focusing on the de-identification of personal information.Accordingly, this paper compares and analyzes how the European Union, the United States, Japan, and South Korea have recently adopted the concept of de-identification in their own personal information protection laws, and presents common trends and implications. As a comparative framework, each country's conceptual classification system related to de-identification, legal treatment, data controller obligations, and de-identification procedures was included.This study identifies the shifts made in each country's regulatory system following the introduction of the concept of de-identification. These include a shift from a binary approach to an approach that considers the identifiability spectrum, from a belief in anonymization to regulation from a risk management perspective, and from a focus on de-identification methods, to responsibility for follow-up management.This study contributes to the establishment of specialized knowledge of de-identification practices by empirically examining the current status of de-identification information-related legal systems adopted by major countries/regions. Also, the study proved the actualization of theory by confirming that the de-identification policy approach from the perspective of risk management is actually applied to the laws of each country. In addition, the attempt to present a framework for systematic comparison of de-identification systems by country provides a new perspective that can trace the trend of future de-identification system changes on a consistent basis. In addition, this study brings the gradual expansion of data policy research by expanding the research on de-identified information, which has been studied mainly in Europe and the United States, to case studies in Japan and South Korea.

information science & library science

Ye-Jin Choi,Hyun-Kyung Kang

DOI: https://doi.org/10.5762/kais.2016.17.2.416

2016-02-29

Abstract:This study intended to identify dental hygienists' knowledge and extent of awareness and performance of patient's personal information protection. In addition, this research was conducted to contribute to medical centers' preparation of measures to strengthen the personal information protection by identifying the factors affecting dental hygienists' extent of performance related to the patient's personal information protection. After explaining the purpose and meaning of the research to the survey participants and gaining their consent, a self-administered survey was conducted from November 7, 2014 to June 30, 2015. The data on 210 dental hygienists in Busan city and Gyeongsangnam-do province was used for analysis. As a result, in dental hygienists with more than 10 years experience, the extent of the performance was significantly high (p

Jeong Yeon Kim

DOI: https://doi.org/10.7838/jsebs.2015.20.2.093

2015-05-31

Abstract:Providing trading partners with personal information to establish an e-commerce financial transaction is inevitable. Most e-commerce companies keep personal information and transaction data for user's convenience and develop additional services as their applications. However, keeping personal information increases the likelihood of identity theft causing direct or indirect damage while it may simplify repetitive financial transactions. This study introduces risk management methods based on quantitative and qualitative analysis including demand-supply curve model and Gordon & Loeb model to analyze the risks for security management. The empirical analysis with survey results from KISA (Korea Information Security Agency) shows that the root cause of different statistics of personal information leakage incidents according to core business of internet companies is the difference in their Loss Expectancy caused by them. Also we suggest disciplinary compensation and higher standard for personal information protection as a solution to prevent the variation of investment on it between individual companies.

Zhu Gao

DOI: https://doi.org/10.1088/1742-6596/1574/1/012107

2020-06-01

Journal of Physics: Conference Series

Abstract:Abstract The era of big data brings us not only an opportunity given by the development of the era, but also a challenge. To improve Chinese citizens’ quality of big data application is also an inevitable internal requirement for the social and economic development of various countries and regions in the era of big data economy. In the era of big data development, the security leakage of personal information has become more and more serious, which has aroused people’s high attention and increasing concern. The purpose of this paper is to provide countermeasures and Suggestions for the reasonable protection of personal information by deeply analyzing the practical dilemma and solutions of the reasonable protection of personal information in the era of big data. In this paper, first of all, this paper expounds the dialectical nature of the current era of big data network information search on the personal information security in our country the major risks and opportunities for development, and the in-depth analysis of the current our country network information search security risk main origin, on the basis of focus from legal ideological cultivation, inspection du regulatory legislation, application technology and so on three aspects put forward to speed up the building of the personal information security management system in our country strategic thinking. And then comb through studying related literature review of network information security evaluation index system, using the evaluation index system of comprehensive level calculation analysis method for network actual weight of each evaluation index in the relationship between level computation, the result shows that composite reliability were greater than 0.7, which eventually concluded that a more reasonable and practical index system of network weight calculation.

English Else

Sungjin Park,Jong-in Lim

Abstract:In our current information focused society, information is regarded as a core asset and the leakage of customers' information has emerged as a critical issue, especially in financial companies. It is very likely that the technology that safeguards which is currently in commercial use is not focused at an enterprise level but is fragmented by function or by only guards portions of a customer's personal information. Therefore, It is necessary to study the systems which monitor the indicators of access at an enterprise level in order to preemptively prevent the compromise of such data. This study takes an enterprise perspective on such systems for a financial company. I will focus on examination of the methods of implementation of the monitoring system, the application of pattern analysis and examination of Security Risk Indicators (SRI). A trial of the monitoring system provided security managers and related departments with proper screening capabilities of information. Therefore, it is possible to establish a systemic counter-plans based on detectable patterns.

Computer Science,Business

Jongbae Kim

DOI: https://doi.org/10.3390/electronics13193954

IF: 2.9

2024-10-09

Electronics

Abstract:The rapid expansion of non-face-to-face e-commerce services in the Korea has significantly increased the importance of personal identity proofing (PIP) for verifying users in online transactions, such as payments, refunds, membership registrations, and access to age-restricted products. Currently, personal identity proofing agencies (PIPAs) indiscriminately provide all of a user's personal information to internet service providers (ISPs), leading to substantial privacy concerns and preventing users from selectively disclosing only the necessary information. The objective of this paper is to enhance the safety, convenience, and security of PIP services by proposing a method that empowers users to control the personal information they disclose while enabling digital identity integration for both online and offline applications. To achieve this, an extensive overview and analysis of the current PIP systems in Korea is presented, including methods. The strengths and weaknesses of these systems are critically examined, revealing limitations in privacy protection, user convenience, and security. Based on this analysis, a new method is proposed that introduces differentiated levels of PIP means according to authentication strength, allowing for the minimal necessary disclosure of personal information. The proposed method aims to improve the stability and reliability of the PIP service environment by addressing current privacy concerns and enhancing user control over personal information. This approach can be applied to e-commerce services in Korea and other countries facing similar challenges, contributing to the development of safer and more reliable online services.

engineering, electrical & electronic,computer science, information systems,physics, applied

Van Thanh Tien NGUYEN,Chia-nan WANG,Fu-chiang YANG,Thi Minh Nhut VO

DOI: https://doi.org/10.55549/epstem.1175908

2022-09-16

The Eurasia Proceedings of Science Technology Engineering and Mathematics

Abstract:Cyber security aims to protect against the unlawful use of systems, networks, and technologies by lowering the likelihood of cyberattacks and thwarting their execution. The comparatively low degree of security, which plays an essential part in the activities of any nation, has been a primary contributor to the low overall operational efficiency. In addition, implementing machine learning and artificial intelligence would make the network vulnerable to several severe vulnerabilities in terms of cybersecurity, which could lead to disastrous results. Therefore, research into the efficacy of cyber security is essential to ensure the future safety of the whole world. An EBM evaluation approach was utilized in this research project so that the production efficiency of firms on a micro level could be assessed. After that, it analyzed the effectiveness of cybersecurity organizations' input and output variables by using financial data for 2020 from sources in the US market. It was found that DMU 1, DMU 7, DMU 9, and DMU 10 had the highest performance levels. After doing an efficiency analysis of the ten most prominent organizations now functioning in the cybersecurity sector, we realized that three of those companies required significant modifications. However, four of the other businesses were typically more efficient.

Jiana Bi,Yonghong Guo,Ning He,Shuang Wang

DOI: https://doi.org/10.25236/ijndes.2023.070210

Abstract:: While big data brings convenience to people, it also exposes various problems. Personal information is always exposed to risks. Protecting personal information from infringement in the big data era has become an urgent problem to be solved. This paper studies from three aspects. First, it analyzes the importance of personal information security protection in the big dataera: maintaining normal social production and life order, protecting personal physical and mental health and property safety, and reducing the occurrence of cyber crimes. Second, it summarizes the problems existing in personal information security protection in the big data era: serious disclosure of personal privacy information, malicious attacks on personal privacy by cyber hackers, low awareness of personal information security protection, and imperfect laws and regulations on personal information security protection. Third, the main measures of personal information security protection in the big data eraare put forward: improving the laws and regulations of personal information protection, raising the awareness of personal information security protection, building a data-centric security governance system, and strengthening the prevention and governance of cyber hacking attacks.

Computer Science,Law

Dong Hyeon Kim,Do Hyun Park

DOI: https://doi.org/10.1057/s41599-024-03470-y

2024-07-30

Humanities and Social Sciences Communications

Abstract:The General Data Protection Regulation (GDPR) of the European Union has established regulations on automated decisions in Article 22 with the proliferation of artificial intelligence. In response, the Personal Information Protection Act (PIPA) of South Korea, serving as a counterpart to the GDPR, has recently incorporated provisions for automated decisions under Article 37-2 through an amendment. Although the PIPA follows a distinct legal framework from the GDPR, it is crucial to ensure an equivalent level of protection for fundamental rights. Recognising this concern, this study analyses the differences between the PIPA and GDPR regarding automated decisions, focusing on three aspects: format, target, and content. This analysis identifies that the PIPA lacks comprehensive safeguards for data subjects in certain aspects compared to the GDPR. First, regarding the format, the PIPA grants the right to object rather than establishing a general prohibition to automated decisions, posing limitations in protecting individuals who are unable to effectively exercise their rights. Second, in terms of the target, the PIPA regulates a completely automated status at the overall system level, creating a regulatory vacuum for a multi-stage profiling system. Third, concerning the content, the PIPA faces several technical and practical limitations that remain unresolved in delineating the content of the right to explanation. Building upon this analysis, this study proposes potential legislation and interpretation remedies to address these concerns based on each aspect.

English Else

Ninne Zahara Silviani,Rina Shahriyani Shahrullah,Vanessa Riarta Atmaja,Park Ji Hyun

DOI: https://doi.org/10.25216/jhp.12.3.2023.517-546

2023-11-30

JURNAL HUKUM DAN PERADILAN

Abstract:This paper explores the various practices surrounding the legal framework for protecting personal data in the context of private electronic systems used by commercial companies. The research's main focus is the ambiguity of the goals of Indonesia's Electronic System providers and how they may adopt better practices to enhance data protection within Electronic System Providers, so this extensive examination also includes a thorough comparison of the personal data protection laws in South Korea and Indonesia. This investigation aims to carefully define, evaluate, and harmonize the two countries' unique legal systems. This study uses a normative legal research framework with a Teleological and Legal Protection approach as its research technique. Additionally, it uses the comparative law method to clarify, outline, and examine the specifics of the personal data protection laws that are now in force in Indonesia and South Korea. The results of this research go beyond identifying problems; they are expected to produce a thorough understanding of the complexities surrounding personal data security in the context of electronic commerce. These discoveries are well-positioned to be the foundation for upcoming regulatory improvements, eventually encouraging more potent and reliable data protection procedures in both nations.

Paul Marillonnet,Maryline Laurent,Mikaël Ates

DOI: https://doi.org/10.48550/arXiv.2109.12968

2021-09-27

Computers and Society

Abstract:This paper presents a survey of technologies for personal data self-management interfacing with administrative and territorial public service providers. It classifies a selection of scientific technologies into four categories of solutions: Personal Data Store (PDS), Identity Manager (IdM), Anonymous Certificate System and Access Control Delegation Architecture. Each category, along with its technological approach, is analyzed thanks to eighteen identified functional criteria that encompass architectural and communication aspects, as well as user data lifecycle considerations. The originality of the survey is multifold. First, as far as we know, there is no such thorough survey covering such a panel of a dozen of existing solutions. Second, it is the first survey addressing Personally Identifiable Information (PII) management for both administrative and private service providers. Third, this paper achieves a functional comparison of solutions of very different technical natures. The outcome of this paper is the clear identification of functional gaps of each solution. As a result, this paper establishes the research directions to follow in order to fill these functional gaps.

Jinfu Yang,Gi-Jin

2014-01-01

법학연구

Abstract:These days, countries faces a brand new global wave of big data; Korea is no exception. It is time to inspect the related laws on privacy of personal data and to adjust, if necessary, themselves into today’s changed environment looking for more adequate answer. This paper attempts to find some solutions in the legal aspects mostly focused in consideration of necessity of making efficient use of big data. Firstly, to avoid intricacy, similar privacy protection provisions in the three relevant laws should be consolidated into Personal Information Protection Act which has enacted in 2009 as a general personal data protection law. Secondly, in the definition of personal data in the relevant Acts, a requirement of ‘(easy) identifiability’ had better be replaced by sensitivity. This identifiability is too broad word which might bring about reluctance of processing useful data. For privacy itself, sensitivity in nature of data can be more effective and practical. Thirdly, although the current relevant laws have established the common stance of requiring data subjects’ consent before data collection, etc. there are still loopholes in the big data processing. Therefore, not only collection but also generation of sensitive personal data from mixing de-identified databases should be informed to the data subject.

Venessa Darwin,Mike Nkongolo

2023-06-17

Abstract:This study proposes a comprehensive framework for enhancing data security and privacy within organizations through data protection awareness. It employs a quantitative method and survey research strategy to assess the level of data protection awareness among employees of a public organization.

Cryptography and Security,Computers and Society

Juyeon Lee,Kwihoon Kim,Seung-Hyun Kim,

DOI: https://doi.org/10.22251/jlcci.2023.23.4.701

2023-02-28

Korean Association For Learner-Centered Curriculum And Instruction

Abstract:Objectives In this study, 17 types of government-approved textbooks for the 2015 revised curriculum middle school informatics subjects were analyzed from the perspective of privacy literacy, and based on the results of the analysis, educational programs for two classes based on the latest cases were developed. Methods 17 types of government-approved textbooks for the 2015 revised curriculum middle school informatics subjects were analysed from the perspective of privacy literacy, and a personal information protection education program is developed by linking the parts to be supplemented and the cases of personal information leakage. Results In order to verify the validity of the developed education program, two Delphi tests were conducted on 15 informatics teachers. As a result, the necessity of personal information protection education, the appropriateness of the second class, and the appropriateness of each class' composition were all measured at a minimum of 0.49 CVR. Conclusions As a result of analyzing government-approved textbooks from the perspective of privacy literacy, the parts to be supplemented were identified, and the class was designed by connecting the parts to be supplemented and the latest cases. This study is significant as a basic study of personal information protection education.

Xiangqian Dong,Bing Guo,Xuliang Duan,Yuncheng Shen,Hong Zhang,Yan Shen

DOI: https://doi.org/10.1109/ICESS.2016.10

2016-01-01

Abstract:Personal data represents a post-industrial opportunity. In order to release the huge potential of personal data and enhance the rights of possession, use, and disposal, a highly reliable, secure and available infrastructure is required. Regarding the personal data market, current solutions focus on data discovery and passive privacy protection. What's worse is that the data owner loses the right of control. In this paper, we present a prototype of DSPM: an efficient platform we devise to balance the data sharing and privacy protect, enhance the probability of data discovery and the ability of the individual to control the data. It is shown that DSPM is align with the initiative aims of establishing a user-centric framework for identifying the opportunities, risks and collaborative responses in the use of personal data.

Wanyi Chen

DOI: https://doi.org/10.1590/s0034-759020230406

2023-01-01

Revista de Administração de Empresas

Abstract:ABSTRACT The commercial exploitation of personal information has raised concerns regarding privacy, illegal data use, and information security, among others. Therefore, personal data protection systems (PDPS) play a significant role, and corporations are the primary enforcers of these systems’ regulation. However, PDPS require significant investment from companies, and there is no consensus regarding the economic outcomes of establishing these systems. This study investigates whether the establishment of PDPS affects short-term financial performance and long-term corporate value. After applying the propensity score matching method, a dataset comprising 912 firm-year observations of e-commerce companies listed on the Shanghai and Shenzhen Stock Exchanges from 2008 to 2020 was selected. The results show that PDPS implementation can improve a company’s short-term financial performance by a) exploring markets and strengthening internal control and b) increase long-term corporate value by strengthening corporate social responsibility. This study offers insights for companies to proactively implement PDPS and strengthen their management of personal data, thereby boosting the overall corporate value. In addition, this study can help governments to develop legislation on national information security and enhance international cooperation, especially for emerging markets.

management,business