DOI QR코드

DOI QR Code

위탁자의 개인정보보호 관리역량 제고에 관한 연구

A Study on the Management Capabilities Enhancement of Consignor's Personal Information Protection

  • Cheong, Hwan-Suk (Graduate School of Information Security, Chonnam National University) ;
  • Park, Euk-Nam (Graduate School of Information Security, Chonnam National University) ;
  • Lee, Sang-Joon (Graduate School of Business Administration, Chonnam National University)
  • 투고 : 2016.01.08
  • 심사 : 2016.06.13
  • 발행 : 2016.08.31

초록

주민번호를 포함한 개인정보의 처리업무는 상당한 전문지식과 많은 비용이 소요되어 IT 전문 업체에 위탁 처리하는 경우가 보편화 되었다. 개인정보 관련 사고는 점차 증가하고 있으며, 사고 유형의 대부분은 수탁자에 의한 누출 혹은 유출에 의해 발생하고 있다. 개인정보보호 실태점검과 관리수준 진단 결과 공공기관에서의 수탁자에 대한 개인정보 사고 예방노력과 개인정보보호 관리체계 구축 노력이 시급한 상황이다. 본 논문에서는 개인정보 보호의 효율적 제고 방안에 대하여 연구하였다. 개인정보 처리 업무위탁에 대한 법률사항을 분석하고, 관리체계 구축을 위한 법률 기준 지표를 선택하여, 수탁자에 대한 개인정보보호 관리수준 분석 방안과 수탁자 개인정보보호 관리체계 강화 방안을 제시하였다. 개인정보보호 관리체계 강화 방안으로 수탁자 개인정보보호 관리체계를 제시하였고, 세 가지 법률 강화방안을 제시하였다. 본 논문에서는 개인정보보호 관리체계 강화 방안을 구성하기 위하여 공공기관의 대표적 개인정보 처리 위탁업무 중 IT유지보수, 고지서인쇄, 콜센터와 관련된 30개 수탁자들을 대상으로 설문조사를 통해 조사하였고, 강화 방안에 대한 문헌 근거를 제시하였으며, 개인정보 위탁자와 수탁자에 대한 FGI를 통해 강화방안에 대한 검증을 실시하였다.

Personal information processing works, including resident registration number is common to be consigned by IT specialized company due to high level expertise and tremendous cost. The accident related to personal information is increasing and most of accidents are caused by the consignee's leaking information. According to the Inspection of personal information protection and the management level diagnosis of personal information protection, public Institutions need to build the consignee's accident prevention and personal information management system as soon as possible. In this paper, the efficient enhancement ways for the personal information protection is studied. We analyze the law of business consignment and select basic management items related with personal information protection, and propose a analysis scheme for management level of personal information protection and a enhancement scheme for management system of personal information protection. This paper suggests consignee's management system of personal information protection for the enhancement way and the three Strengthening ways in law. To compose the a enhancement scheme for management system of personal information protection, we conduct questionnaire survey to 30 consignees(IT maintenance, notice printing, call center, welfare center) related to typical tasks of public organizations, present reference for this scheme, and execute verification of this scheme by focus group interview of consignor and consignee.

키워드

참고문헌

  1. Joint Interagency, Personal Information Protection Normalization measures, 2014, p.8. http://www.pmo.go.kr/pmo/news/news01.jsp?mode=view&article_no=49241
  2. Press Release by Ministry of Government Administration and Home Affairs, Privacy breaches greatly enhanced prevention activities, 2014. http://www.moi.go.kr/frt/bbs/type010/commonSelectBoardArticle.do?bbsId=BBSMSTR_000000000008&nttId=44682
  3. Ministry of Future Creation and Science, KISA, 2013 Information Security Survey(Business Sector), 2013, p.137-139. http://isis.kisa.or.kr/board/?pageId=060200&bbsId=15&itemId=43&pageIndex=2
  4. Joint Interagency, Personal Information Protection Normalization measures, 2014, p.3. http://www.pmo.go.kr/pmo/news/news01.jsp?mode=view&article_no=49241
  5. Ministry of Government Administration and Home Affairs, 2015 Public Institution Personal Information Protection Management Level Diagnostic Result, 2015, pp.4. http://www.privacy.go.kr/nns/ntc/selectBoardArticle.do?nttId=5925&bbsId=BBSMSTR_000000000001
  6. Y. J. Lee, A Study on the Improvement and supervisory Status for Personal Fiduciary Services in Financial Institutions, Journal of Security Engineering, Vol.11, No.3, 2014, pp.233-250. http://dx.doi.org/10.14257/jse.2014.06.02
  7. T. H. Kang, Study on Measures to Strengthen Personal Information Protection Consignee Management System, Journal of the Korea Institute of Information Security and Cryptology, Vol.23, No.4, 2013, pp.781-797. http://dx.doi.org/10.13089/JKIISC.2013.23.4.781
  8. Y. D. Go, A Proposal of Enhanced Personal Information Security Management Framework of Consigning of Personal Information, Journal of the Korea Institute of Information Security and Cryptology, Vol.25, No.2, 2015, pp.383-393. http://dx.doi.org/10.13089/JKIISC.2015.25.2.383
  9. Ministry of Government Administration and Home Affairs, 2014 Public Institution Personal Information Protection Management Level Diagnostic Results, 2014, pp.2. http://www.privacy.go.kr/nns/ntc/selectBoardArticle.do?nttId=5925&bbsId=BBSMSTR_000000000001
  10. http://sharedassessments.org/about/,Jan(2012)
  11. KISA, A Reasearch on ISMS Maturity Level and Evaluation Methodology, Sep(2010), pp.18-26. http://www.kisa.or.kr/jsp/common/libraryDown.jsp?folder=017271
  12. D. K. Choi, Study the role of information security personnel have on an organization's information security level, Journal of the Korea Institute of Information Security and Cryptology, Vol.25, No.1, 2015, pp.197-209. http://dx.doi.org/10.13089/JKIISC.2015.25.1.197
  13. B. Y. Min, Study on Personal Information Management Plan for Consignment Work, A Master's Thesis ofr Graduate School of Information and Communication. Sungkyunkwan University 2014.
  14. D. K. Jeong, Comparative study of the privacy information protection policy(Privacy information basic laws and dedicated organization), Journal of the Korea Institute of Information Security and Cryptology, Vol.22, No.4, 2012, pp.923-939.
  15. R. Wacks, Personal Information : Privacy and the Law, Oxford:Clarendon Place. 1989.
  16. ISO/IEC 27014, Information technology - Security techniques - Governance of information security.
  17. BS 10012:2009, Data protection - Specification for a personal information management system, BSI, 2009.
  18. JIS Q 15001:2006, Personal information protection management systems - Requirements. Japanese Standards Association Japan Institute for Promotion of Digital Economy and Community, 2006.
  19. ISO/IEC FDIS 27014, Information technology - Security techniques - Governance of information security.
  20. ISO/IEC 29100(2011), Information technology - Security techniques - Privacy framework.
  21. H. Y. Youm, The International Standard Necessary of PIMS, Review of the Korea Institute of Information Security and Cryptology, Vol.23, No.4, 2013, pp.66-72.