Moon-Ho Joo,Hun-Yeong Kwon

DOI: https://doi.org/10.1016/j.giq.2023.101805

IF: 8.49

2023-04-01

Government Information Quarterly

Abstract:In the era of big data, data creates new added value by collecting, analyzing, and transforming the thoughts and actions of economic members and creating insights that can predict the future. This means that in the near future, data-driven decisions based on data, rather than subjectivity or experience, will be the driving force behind society.However, since valuable and useful data is bound to be generated from personal information, how to safely utilize personal information is becoming an important topic in the big data era. To protect personal information in this environment, data services and database providers have increased their focus on the implementation of de-identification, a technique that can protect personal information while maintaining the usefulness of the data. Moreover, many countries have introduced new policies and laws focusing on the de-identification of personal information.Accordingly, this paper compares and analyzes how the European Union, the United States, Japan, and South Korea have recently adopted the concept of de-identification in their own personal information protection laws, and presents common trends and implications. As a comparative framework, each country's conceptual classification system related to de-identification, legal treatment, data controller obligations, and de-identification procedures was included.This study identifies the shifts made in each country's regulatory system following the introduction of the concept of de-identification. These include a shift from a binary approach to an approach that considers the identifiability spectrum, from a belief in anonymization to regulation from a risk management perspective, and from a focus on de-identification methods, to responsibility for follow-up management.This study contributes to the establishment of specialized knowledge of de-identification practices by empirically examining the current status of de-identification information-related legal systems adopted by major countries/regions. Also, the study proved the actualization of theory by confirming that the de-identification policy approach from the perspective of risk management is actually applied to the laws of each country. In addition, the attempt to present a framework for systematic comparison of de-identification systems by country provides a new perspective that can trace the trend of future de-identification system changes on a consistent basis. In addition, this study brings the gradual expansion of data policy research by expanding the research on de-identified information, which has been studied mainly in Europe and the United States, to case studies in Japan and South Korea.

information science & library science

Zhou Tian-shu,Li Peng-fei,Li Jing-song

DOI: https://doi.org/10.2991/ccis-13.2013.56

2013-01-01

Abstract:Since the health information exchange (HIE) becomes more and more important and numerous systems have been implemented among medical institutions and regions, there also grows the concern of data security and privacy protection. In the prior work, we have designed and developed an international clinical data exchange system named Global Dolphin, technically achieving the goal of health information exchange between China and Japan. However, to put the system into practical use, we have to take the different privacy protection rules into account. In the clinical data exchange implementation, we tried to conform to the stricter privacy protection standards and designed a protected health information (PHI) de-identification system to keep the personal information secure from third parties. Since China and Japan do not yet have detailed rules and guidelines such as the safe harbor method in Health Insurance Portability and Accountability Act (HIPAA), thus we have referenced some of the HIPAA rules and guidelines about PHI, and used a dictionary and regular expressions pattern matching de-identification means to protect personal privacy.

Limin Zhang,Ruilin Tian,Jun Chen

DOI: https://doi.org/10.3390/risks10020041

2022-01-01

Risks

Abstract:In the past 30 years, as sponsors of defined benefit (DB) pension plans were facing more severe underfunding challenges, pension de-risking strategies have become prevalent for firms with DB plans to reduce pension-related risks. However, it remains unclear how pension de-risking activities affect firms' performance, partially due to the lack of de-risking data. In this study, we develop a multi-phase methodology to build a de-risking database for the purpose of investigating impacts of firms' pension risk transfer activities. We extract company filings between 1993 and 2018 from the SEC EDGAR database to identify different "de-risking" strategies that US-based companies have used. A combination of text mining, machine learning, and natural language processing methods is applied to the textual data for automated identification and classification of de-risking strategies. The contribution of this study is three-fold: (1) the design of a multi-phase methodology that identifies and extracts hidden information from a large amount of textual data; (2) the development of a comprehensive database for pension de-risking activities of US-based companies; and (3) valuable insights to companies with DB plans, pensioners, and practitioners in pension de-risking markets through empirical analysis.

Wenjun Lin,Jiahao Qian,Wenwen Liu,Lang Wu

2023-12-19

Abstract:The exponential growth of collected, processed, and shared data has given rise to concerns about individuals' privacy. Consequently, various laws and regulations have been established to oversee how organizations handle and safeguard data. One such method is Statistical Disclosure Control, which aims to minimize the risk of exposing confidential information by de-identifying it. This de-identification is achieved through specific privacy-preserving techniques. However, a trade-off exists: de-identified data can often lead to a loss of information, which might impact the accuracy of data analysis and the predictive capability of models. The overarching goal remains to safeguard individual privacy while preserving the data's interpretability, meaning its overall usefulness. Despite advances in Statistical Disclosure Control, the field continues to evolve, with no definitive solution that strikes an optimal balance between privacy and utility. This survey delves into the intricate processes of de-identification. We outline the current privacy-preserving techniques employed in microdata de-identification, delve into privacy measures tailored for various disclosure scenarios, and assess metrics for information loss and predictive performance. Herein, we tackle the primary challenges posed by privacy constraints, overview predominant strategies to mitigate these challenges, categorize privacy-preserving techniques, offer a theoretical assessment of current comparative research, and highlight numerous unresolved issues in the domain.

Cryptography and Security

Myeong-soo Jeong,Kyung-ho Lee

DOI: https://doi.org/10.13089/jkiisc.2015.25.3.691

2015-06-30

Journal of the Korea Institute of Information Security and Cryptology

Abstract:Recently, with the growing number of services using personal information, government offices' tasks have become more dependent to personal information. Various policies and systems have been made and managed for the safe use of personal information in the circumstances that inevitably require the use of personal information, but the personal information privacy incidents and their scale are on a constant increase. Thus, Korea has been implementing personal information protection management system since 2008 to examine whether public organizations observe the personal information protection act and to how well they manage the personal information, and to improve what is insufficient in the process. However, despite high scores of the outcomes of the system, questions about the effectiveness of the outcomes and about the actual manage level are being raised. Thus, this study seeks to analyze public organizations' activities to protect personal information and the effectiveness of their foundation efforts for them by using the DEA model, and to propose a new model to enhance the effectiveness of the outcomes of personal information protection management system by reflecting them into the outcomes of system, using the derived effectiveness.

English Else

XIE Anming,JIN Tao,ZHOU Tao

DOI: https://doi.org/10.11959/j.issn.2096-0271.2017048

2017-01-01

Abstract:With the development of big data,there are many difficulties to protect personal information.De-identification removes identifiable information from a dataset so that individual data cannot be linked with specific individuals.De-identification thus helps to balance the contradictory goals of sharing personal information while protecting privacy.De-identification architecture on personal information was proposed.The specifications on implementing a de-identification process were described.On the basis of big data security standard system,some suggestions were proposed to develop de-identification standards.

Hyun-Jung Lee,Kwangwoo Lee,Dongho Won

DOI: https://doi.org/10.1109/trustcom.2011.106

2011-11-01

Abstract:As cyber-crimes using personal information such as ID theft are increasing, there is a need for appropriate technology or law to protect privacy. To this end, the Korean Government established the Privacy Act on March 29th 2011. The Privacy Act prescribes a specification for dealing with privacy with the intention to protect personal information from being collected, leaked, misused, or abused so that it can improve rights and interests of the nation and eventually realize the dignity and value of man. The United States, Japan, Canada, and several countries of the EU have their own privacy law being established or revised. Although there must be differences depending on the circumstances of each country, the ultimate goal of the privacy law should be the same. Consequently, there might be the same or similar technical protection required by all these countries. Between the increasing interest in protecting personal information and the establishment of the Privacy Act, many industries are having relevant products released one after another. Customers without knowledge of the law and the product types cannot decide what they need. This paper intends to derive necessary security functions of a personal information security system based on the Common Criteria and analyze the limit of the products in order to make guidelines for privacy and information protection system.

Eunyoung Im,Hyeoneui Kim,Hyungbok Lee,Xiaoqian Jiang,Ju Han Kim

DOI: https://doi.org/10.1186/s12911-024-02545-9

IF: 3.298

2024-06-01

BMC Medical Informatics and Decision Making

Abstract:Securing adequate data privacy is critical for the productive utilization of data. De-identification, involving masking or replacing specific values in a dataset, could damage the dataset's utility. However, finding a reasonable balance between data privacy and utility is not straightforward. Nonetheless, few studies investigated how data de-identification efforts affect data analysis results. This study aimed to demonstrate the effect of different de-identification methods on a dataset's utility with a clinical analytic use case and assess the feasibility of finding a workable tradeoff between data privacy and utility.

medical informatics

Jinsu Kim,Namje Park

DOI: https://doi.org/10.3390/s22072589

IF: 3.9

2022-03-28

Sensors

Abstract:A problem with biometric information is that it is more sensitive to external leakage, because it is information that cannot be changed immediately compared to general authentication methods. Regarding facial information, a case in which authentication was permitted by facial information output by a 3D printer was found. Therefore, a method for minimizing the leakage of biometric information to the outside is required. In this paper, different levels of identification information according to the authority of the user are provided by the de-identification of metadata and face information in stages. For face information and metadata, the level of de-identification is determined and achieved according to the risk level of the de-identified subject. Then, we propose a mechanism to minimize the leakage path by preventing reckless data access by classifying access rights to unidentified data according to four roles. The proposed mechanism provides only differentially de-identified data according to the authority of the accessor, and the required time to perform the de-identification of one image was, on average, 3.6 ms for 300 datapoints, 3.5 ms for 500 datapoints, and 3.47 ms for 1000 datapoints. This confirmed that the required execution time was shortened in proportion to the increase in the size of the dataset. The results for the metadata were similar, and it was confirmed that it took 4.3 ms for 300 cases, 3.78 ms for 500 cases, and 3.5 ms for 1000 cases.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jongbae Kim

DOI: https://doi.org/10.3390/electronics13193954

IF: 2.9

2024-10-09

Electronics

Abstract:The rapid expansion of non-face-to-face e-commerce services in the Korea has significantly increased the importance of personal identity proofing (PIP) for verifying users in online transactions, such as payments, refunds, membership registrations, and access to age-restricted products. Currently, personal identity proofing agencies (PIPAs) indiscriminately provide all of a user's personal information to internet service providers (ISPs), leading to substantial privacy concerns and preventing users from selectively disclosing only the necessary information. The objective of this paper is to enhance the safety, convenience, and security of PIP services by proposing a method that empowers users to control the personal information they disclose while enabling digital identity integration for both online and offline applications. To achieve this, an extensive overview and analysis of the current PIP systems in Korea is presented, including methods. The strengths and weaknesses of these systems are critically examined, revealing limitations in privacy protection, user convenience, and security. Based on this analysis, a new method is proposed that introduces differentiated levels of PIP means according to authentication strength, allowing for the minimal necessary disclosure of personal information. The proposed method aims to improve the stability and reliability of the PIP service environment by addressing current privacy concerns and enhancing user control over personal information. This approach can be applied to e-commerce services in Korea and other countries facing similar challenges, contributing to the development of safer and more reliable online services.

engineering, electrical & electronic,computer science, information systems,physics, applied

Muqun Li,David Carrell,John Aberdeen,Lynette Hirschman,Jacqueline Kirby,Bo Li,Yevgeniy Vorobeychik,Bradley A Malin

DOI: https://doi.org/10.1016/j.jbi.2016.03.019

Abstract:Objective: Electronic medical records (EMRs) are increasingly repurposed for activities beyond clinical care, such as to support translational research and public policy analysis. To mitigate privacy risks, healthcare organizations (HCOs) aim to remove potentially identifying patient information. A substantial quantity of EMR data is in natural language form and there are concerns that automated tools for detecting identifiers are imperfect and leak information that can be exploited by ill-intentioned data recipients. Thus, HCOs have been encouraged to invest as much effort as possible to find and detect potential identifiers, but such a strategy assumes the recipients are sufficiently incentivized and capable of exploiting leaked identifiers. In practice, such an assumption may not hold true and HCOs may overinvest in de-identification technology. The goal of this study is to design a natural language de-identification framework, rooted in game theory, which enables an HCO to optimize their investments given the expected capabilities of an adversarial recipient. Methods: We introduce a Stackelberg game to balance risk and utility in natural language de-identification. This game represents a cost-benefit model that enables an HCO with a fixed budget to minimize their investment in the de-identification process. We evaluate this model by assessing the overall payoff to the HCO and the adversary using 2100 clinical notes from Vanderbilt University Medical Center. We simulate several policy alternatives using a range of parameters, including the cost of training a de-identification model and the loss in data utility due to the removal of terms that are not identifiers. In addition, we compare policy options where, when an attacker is fined for misuse, a monetary penalty is paid to the publishing HCO as opposed to a third party (e.g., a federal regulator). Results: Our results show that when an HCO is forced to exhaust a limited budget (set to $2000 in the study), the precision and recall of the de-identification of the HCO are 0.86 and 0.8, respectively. A game-based approach enables a more refined cost-benefit tradeoff, improving both privacy and utility for the HCO. For example, our investigation shows that it is possible for an HCO to release the data without spending all their budget on de-identification and still deter the attacker, with a precision of 0.77 and a recall of 0.61 for the de-identification. There also exist scenarios in which the model indicates an HCO should not release any data because the risk is too great. In addition, we find that the practice of paying fines back to a HCO (an artifact of suing for breach of contract), as opposed to a third party such as a federal regulator, can induce an elevated level of data sharing risk, where the HCO is incentivized to bait the attacker to elicit compensation. Conclusions: A game theoretic framework can be applied in leading HCO's to optimized decision making in natural language de-identification investments before sharing EMR data.

Myunggeun Cho,Lee Hwansoo

DOI: https://doi.org/10.14400/JDC.2017.15.9.1

Abstract:As we enter the era of big data, the value of personal information is becoming ever more important. However, personal information protection laws in Korea have several issues. Furthermore, existing research are limited in their ability to facilitate a comprehensive understanding of measures to improve personal information protection laws. Accordingly, this study analyzes improvements to be made in the current personal information protection laws based on existing research. A total of 39 research articles discussing the problems of the personal information protection law were selected and analyzed by applying the meta - analysis technique. According to the results, the various issues such as the meaning and scope of personal information, the role and obligations of relevant parties, provision of personal information to third parties, and redundant and imbalanced regulations in special acts in each field. that exist in the current personal information protection laws were confirmed. This study contributes to the improvement of inconsistency between information protection laws and related special laws in each field in practice. Academically, it will contribute to understanding the problems of th law from the macro perspective and suggesting the integrated improvement ways of the law.

Computer Science,Law

Chi Hsien Tsai

DOI: https://doi.org/10.24289/ijsser.279112

2015-12-26

International Journal of Social Sciences and Education Research

Abstract:In the ICT era and take into account the trend toward NPM, Governance has been urging the e-government to provide “active” and “tailored” services. More importantly, in the aged society resulting from the aging baby boomers, the services of a democratic government need to be more satisfactory and timely when a large part of the citizens in any society become old. A system or database containing personal data by which to identify individuals is indispensable when the e-government wants to deliver services. According to Tsai (2005a: 7)’s research: a method of personal identification is used to distinguish the data specific to personal characteristics such as ID cards, credit cards, GCA, signatures, fingerprint, iris scans, blood vessels, etc. The first part assigns data on personal characteristics on the “carrier,” and the second part makes us of a “live” body. Because the “carrier” may be lost and copied, the second method is less risky from the current perspectives of “duplication” technology. Although a “live” body is better than a “carrier,” considering the method of personal identification, there is another issue that must be considered when the e-government wants to collect personal data that relates to the issue of “privacy,” not to mention the development of a means by which to integrate different kinds of personal “live” data into a database. Therefore, in this research, a literature analysis and the political economy approach are used to explore this issue based on demand and supply, problems of privacy, risks, and management mechanisms because determining a method by which to ensure that personal identification data is not leaked and misused is a very serious issue. This also involves the concept of “risk,” as Beck, Giddens, Lash & Urry (1994) mentioned in their discussion of “Risk Society” in the “Second Modernity.” As a result, risk management is vital, especially the recognition of how risk diverges among people. This essay therefore focuses on the following: how to choose a proper personal identification tool, the establishment of a personal identification database and the creation of a set of safe enquiry mechanisms, which includes both inquiry rights and inquiry methods. This inquiry method contains both public usage and personal usage, based on group decisions and self-decisions, respectively. Furthermore there should be laws established to punish offenders. Thus, this paper not only provides a method for using personal identification to benefit people, but also offer cures intended to prevent risk by using a special enquiry mechanism. Consequently, the e-government will be able to actively provide tailored services and provide welfare to the population. More important, this decision making mechanism model could be widely applied to solve similar kind of problems, especially in the diverged era. Besides, this kind of integrative platforms could be applied to different ministries as a basic infrastructure to achieve the aims of openness, transparency, knowledge accumulation, etc. on the part of e-governments.

Meng Wang,Yalin Qin,Jiaojiao Liu,Weidong Li

DOI: https://doi.org/10.1057/s41599-023-01673-3

2023-05-09

Humanities and Social Sciences Communications

Abstract:Personal physiological data is the digital representation of physical features that identify individuals in the Internet of Everything environment. Such data includes characteristics of uniqueness, identification, replicability, irreversibility of damage, and relevance of information, and this data can be collected, shared, and used in a wide range of applications. As facial recognition technology has become prevalent and smarter over time, facial data associated with critical personal information poses a potential security and privacy risk of being leaked in the Internet of Everything application platform. However, current research has not identified a systematic and effective method for identifying these risks. Thus, in this study, we adopted the fault tree analysis method to identify risks. Based on the risks identified, we then listed intermediate events and basic events according to the causal logic, and drew a complete fault tree diagram of facial data breaches. The study determined that personal factors, data management and supervision absence are the three intermediate events. Furthermore, the lack of laws and regulations and the immaturity of facial recognition technology are the two major basic events leading to facial data breaches. We anticipate that this study will explain the manageability and traceability of personal physiological data during its lifecycle. In addition, this study contributes to an understanding of what risks physiological data faces in order to inform individuals of how to manage their data carefully and to guide management parties on how to formulate robust policies and regulations that can ensure data security.

Jingyi Cao,Xiangyi Chen,Bo Liu,Ming Ding,Rong Xie,Li Song,Zhu Li,Wenjun Zhang

2024-11-15

Abstract:The widespread use of image acquisition technologies, along with advances in facial recognition, has raised serious privacy concerns. Face de-identification usually refers to the process of concealing or replacing personal identifiers, which is regarded as an effective means to protect the privacy of facial images. A significant number of methods for face de-identification have been proposed in recent years. In this survey, we provide a comprehensive review of state-of-the-art face de-identification methods, categorized into three levels: pixel-level, representation-level, and semantic-level techniques. We systematically evaluate these methods based on two key criteria, the effectiveness of privacy protection and preservation of image utility, highlighting their advantages and limitations. Our analysis includes qualitative and quantitative comparisons of the main algorithms, demonstrating that deep learning-based approaches, particularly those using Generative Adversarial Networks (GANs) and diffusion models, have achieved significant advancements in balancing privacy and utility. Experimental results reveal that while recent methods demonstrate strong privacy protection, trade-offs remain in visual fidelity and computational complexity. This survey not only summarizes the current landscape but also identifies key challenges and future research directions in face de-identification.

Computer Vision and Pattern Recognition,Cryptography and Security

Laura Boeschoten,Roos Voorvaart,Ruben Van Den Goorbergh,Casper Kaandorp,Martine De Vos

DOI: https://doi.org/10.3233/ds-210035

2021-10-13

Data Science

Abstract:The General Data Protection Regulation (GDPR) grants all natural persons the right to access their personal data if this is being processed by data controllers. The data controllers are obliged to share the data in an electronic format and often provide the data in a so called Data Download Package (DDP). These DDPs contain all data collected by public and private entities during the course of a citizens’ digital life and form a treasure trove for social scientists. However, the data can be deeply private. To protect the privacy of research participants while using their DDPs for scientific research, we developed a de-identification algorithm that is able to handle typical characteristics of DDPs. These include regularly changing file structures, visual and textual content, differing file formats, differing file structures and private information like usernames. We investigate the performance of the algorithm and illustrate how the algorithm can be tailored towards specific DDP structures.

Yang Lu,Shujun Li,Athina Ioannou,Iis Tussyadiah

DOI: https://doi.org/10.48550/arXiv.1909.09942

2019-09-22

Cryptography and Security

Abstract:Although there are privacy-enhancing tools designed to protect users' online privacy, it is surprising to see a lack of user-centric solutions allowing privacy control based on the joint assessment of privacy risks and benefits, due to data disclosure to multiple platforms. In this paper, we propose a conceptual framework to fill the gap: aiming at the user-centric privacy protection, we show the framework can not only assess privacy risks in using online services but also the added values earned from data disclosure. Through following a human-in-the-loop approach, it is expected the framework provides a personalized solution via preference learning, continuous privacy assessment, behavior monitoring and nudging. Finally, we describe a case study towards "leisure travelers" and several future areas to be studied in the ongoing project.

Suvineetha Herath,Dakota State University,Haywood Gelman,Lisa McKee,

DOI: https://doi.org/10.32727/8.2023.18

2023-10-12

Abstract:In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR).

Na Young Ahn,Jun Eun Park,Dong Hoon Lee,Paul C. Hong

DOI: https://doi.org/10.48550/arXiv.2004.14495

2020-04-29

Computers and Society

Abstract:There has been vigorous debate on how different countries responded to the COVID-19 pandemic. To secure public safety, South Korea actively used personal information at the risk of personal privacy whereas France encouraged voluntary cooperation at the risk of public safety. In this article, after a brief comparison of contextual differences with France, we focus on South Korea's approaches to epidemiological investigations. To evaluate the issues pertaining to personal privacy and public health, we examine the usage patterns of original data, de-identification data, and encrypted data. Our specific proposal discusses the COVID index, which considers collective infection, outbreak intensity, availability of medical infrastructure, and the death rate. Finally, we summarize the findings and lessons for future research and the policy implications.

Sylwia Kosznik-Biernacka

DOI: https://doi.org/10.5604/01.3001.0014.5614

2020-12-04

Security Dimensions

Abstract:Article 32 of the EU General Data Protection Regulation imposes the obligation to implement appropriate safeguards to protect personal data. It states that the application of adequate measures is to be preceded by a risk analysis and evaluation. In the current paper, as the main risk factors, probability and consequences were assumed that take into account the basic attributes of information, i.e. confidentiality, integrity and availability. Next, a risk analysis methodology based on the risk matrix is proposed. The issue discussed in the publication is currently valid and still requires careful analysis in order to develop universal standards aimed at establishing certification mechanisms as well as quality labels and markings in terms of personal data protection.

English Else