The Journal of Society for e-Business Studies (한국전자거래학회지)

Society for e-Business Studies (한국전자거래학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Relative Importance of the Administrative and Technical Measures for the Personal Information Protection

개인정보의 관리적·기술적 보호조치 기준의 상대적 중요도에 관한 연구

  • Kim, Young Hee (Department of Industrial and Information Systems Graduate School of Public Policy and Information Technology, Seoul National University of Science and Technology) ;
  • Kook, Kwang Ho (Department of Industrial and Information Systems Engineering, Seoul National University of Science and Technology)
  • Received : 2014.10.23
  • Accepted : 2014.11.17
  • Published : 2014.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

As the collection and use of personal information increases, the accidents that abuse and leak personal information are continuously increasing. The nation has established new laws and strengthened related laws for the prevention of the mass leakage of personal information and the secondary damage due to the leaked personal information. The nation also established the guidelines that need to be implemented by the institutions handling personal information for the safety of the personal information. For the efficient implementation of guidelines under the limited time and resources, it is necessary to establish the priorities between guidelines. This paper compares the relative importance of the guidelines by AHP (Analytic Hierarchy Process) technique. We performed the analysis on two expert groups, the group of consultants working in information security consulting company and the group of information security staffs handling personal information directly in the company. We compared the differences between groups and recommended the relative importances of the guidelines.

정보화 환경에서 개인정보의 수집 활용이 증가됨에 따라 개인의 프라이버시를 침해하는 개인정보 유출 및 오 남용되는 사고가 계속적으로 증가하고 있다. 이에 국가차원에서 개인정보 대량 유출사고 재발 방지 및 2차 피해 예방을 위해 관련 법률 규정 강화와 관련 법제를 바탕으로 개인정보취급기관에서 지켜야할 개인정보에 관한 안전성 확보에 필요한 보호조치 기준을 마련하였다. 이와 함께 관련 기준 항목별 중요도에 따른 우선순위 및 정량화에 대한 개선 연구도 함께 진행되었다. 그러나 법률에서 밝힌 안전성 확보조치 기준 및 개선연구의 경우 기준 항목에 대한 전문가 집단의 업무영역, 전문도등의 특성에 따른 분류와 차이점을 반영하지 않아 개인정보 처리기관에서 기준적용에 대한 합리적인 의사결정에 어려움이 존재한다. 따라서 이번 연구에서는 법률에서 요구한 개인정보의 안전성 확보조치 기준 평가를 위해 다양한 전문가의 참여와 각 전문가별 업무특성, 경험에 따른 가중치를 부여하고, 비모수적 검정을 통해 각 전문가 집단별 의견이 통계적으로 차이가 있는지 검정하여 좀 더 신뢰성 있는 기준별 가중치를 선별하여 개인정보 취급기관에서 우선 적용 가능한 합리적인 기준 제안을 목적으로 한다.

Keywords

References

  1. Choi, S. U., "Implementation of Nonparametric Statistics in the Non-Normal Process," Journal of the Korea Safety Management and Science, pp. 573-577, 2012.
  2. Gibbons, J. D. and Chakraborti, S., Nonparametric Statistical Inference, 5 Edition, Chapman and Hall/CRC, 2010.
  3. Implement the OECD 'Privacy Guidelines' in the Electronic Environment : Focus the internet 1998, .
  4. Kim, B. S., "The Legal Justice of Conferring Criminal Negligence on Chief Privacy Officers, Journal of the Korea Society of IT Services, Vol. 10, No. 4, pp. 21-32, 2011. https://doi.org/10.9716/KITS.2011.10.4.021
  5. Kim, D. K. and Kim, O. K., "A Study on the Development of Criteria and Priority Orders for Selecting Third Party Logistics Companies," Journal of the Korean Operations Research and Management Science Society, Vol. 20, No. 2, pp. 161-163, 2003.
  6. Kim, J. D. and Hwang, S. H., "A Study on Critical Success Factors for Implementing Governance of Personal Information Protection," Journal of the Korea Institute of Information Security and Cryptology, Vol. 21, No. 5, pp. 97-203, 2011.
  7. Kim, J. Y., "Analyzing Effects on Firms' Market Value of Personal Information Security Breaches," The Journal of Society for e-Business Studies, Vol, 18, No. 1, pp. 1-12, 2013.
  8. Kim, S. G., "Analysis on Domestic and Foreign Privacy Information Acts to Suggest Directions for Developing Korean Privacy Information Protection Act," Journal of the Korea Institute of Information Security and Cryptology, Vol. 22. No. 5. pp. 1091-1102, 2012.
  9. Kim, Y. H. and Kook, K. H., "A Study on Priority Ranking of Actions Providing Personal Information Security," Convergence Security Journal, Vol, 14. No. 4, pp. 9-17, 2014.
  10. Korea Communications Commission, National Information Society Agency, "15th hacking prevention workshop," National Information Society Agency, 2011.
  11. LEE, C. H., "group decision making," sejongbooks, 2000.
  12. Lee, P. J., "System of Personal Information Protection Act and The Related Laws," Journal of the Korean Review of Crisis and Emergency Management, Vol. 10, No. 1, pp. 81-103, 2014.
  13. Mann, H. and Whitney, D., "On a Test of whether One of Two Random Variables Is Stochastically Larger than the Other," Ann. Math. Statist, Vol. 18, pp. 50-60, 1949.
  14. Ministry of Security and Public Administration, "Actions Providing Personal Information Security," Ministry of Security and Public Administration Notice No. 43, pp. 1-48, 2011.
  15. Ministry of Security and Public Administration, "National Informatization Whith Paper," National Information Society Agency pp. 407-408, 2012.
  16. Ministry of Security and Public Administration, "The terms of the Personal Information Protection Act personal information and infringement," Ministry of Security and Public Administration, pp. 18-53, 2010.
  17. National IT Industry Promotion Agency, Korea Internet Security Center, "IT industry 10 grand challenge," National IT Industry Promotion Agency, 2012.
  18. Organization for Economic Cooperation and Development guidelines, Annex to the recommendation of the Council of Vol. 23, 1980, "Guidelines governing the protection of privacyand transborder flows of personal data."
  19. Saaty, T. L., "The Analytic Hierarchy Process," New York : McGraw-Hill. International, 1980.
  20. Saaty, T. L., "Decision Making with Dependenceand Feedback : The Analytic Network Process," Int. J. Services Sciences, Vol. 1, No. 1, pp. 83-98, 2008. https://doi.org/10.1504/IJSSCI.2008.017590
  21. Saaty, T. L., "Decision making for leaders (AHP series, Vol. 2)," RWS, 1995.
  22. Shin, Y. J., Jeong, H. C., and Kang, W. Y., "A Study of Priority for Policy Implement of Personal Information Security in Public Secto," Journal of the Korea Institute of Information Security and Cryptology, Vol. 22, No. 2, pp. 379-390, 2012.
  23. So, W. Y., "A Study on the Operating Status of the Protection Organizations in Developed Countries," Korea Information Security Agency, 1998.
  24. Wacks, R., Personal Information : Privacy and the Law, Oxford : Clarendon Place, 1989.

Cited by

  1. AHP 방법을 활용한 디지털포렌식 전문가 역량의 우선순위 도출 vol.22, pp.1, 2017, https://doi.org/10.7838/jsebs.2017.22.1.107
  2. AHP 기법을 이용한 금융회사 『개인정보의 안전성 확보조치 기준』 우선순위에 관한 연구: 금융회사 위·수탁자 간 인식 차이를 중심으로 vol.24, pp.4, 2014, https://doi.org/10.7838/jsebs.2019.24.4.031