• Title/Summary/Keyword: 비식별 조치

Search Result 26, Processing Time 0.028 seconds

비식별 처리 분야의 국제 표준화 동향

  • Choi, Jisun;Lee, Yewon;Oh, Yongseok;Lim, HyungJin
    • Review of KIISC
    • /
    • v.29 no.4
    • /
    • pp.13-18
    • /
    • 2019
  • 우리나라 정부는 2016년, 현행 개인정보보호 법령의 틀 내에서 데이터가 안전하게 활용될 수 있도록 관계부처 합동 <개인정보 비식별 조치 가이드라인>을 마련하여, 비식별 조치를 위해 사업자 등이 준수해야 할 비식별 조치 기준을 제시하였다. 그 후 국내에서는 조화로운 방향으로 개인정보보호와 활용을 이루기 위해 다양한 노력이 있었고 이와 관련하여, 본고에서는 국내 비식별 조치 추진현황 및 2016년 이후 한국 주도로 개발 중인 국제표준 2건 등 비식별 처리 분야의 국제표준화 동향을 살펴본다.

개인정보 비식별화 현황 및 비식별 조치 가이드라인 보완 연구

  • Jimin Son;Minho Shin
    • Review of KIISC
    • /
    • v.33 no.6
    • /
    • pp.89-109
    • /
    • 2023
  • 최근 AI와 로봇기술 등으로 개인정보를 포함한 데이터의 처리가 일상화됨에 따라 한국정부는 개인정보 비식별 조치 가이드라인 및 데이터 3법을 발표함으로써 개인정보 비식별화를 돕고자 하였다. 하지만 복잡한 비식별화 절차와 이의 효과에 대한 불명확함으로 기업들이 개인정보를 포함한 빅데이터의 활용에 어려움을 겪고, 동시에 시민단체나 소비자단체에서는 현 가이드라인에 따른 비식별화 절차가 개인정보를 보호하기에 충분하지 않다고 지적하고 있다. 본고에서는 비식별화 현황과 기술을 검토하고 현 가이드라인의 한계점을 보완 함으로써 데이터 활용 업체와 기관들의 정확한 비식별화를 돕고 빅데이터 활용의 활성화에 기여하고자 한다.

A study on the method of measuring the usefulness of De-Identified Information using Personal Information

  • Kim, Dong-Hyun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.6
    • /
    • pp.11-21
    • /
    • 2022
  • Although interest in de-identification measures for the safe use of personal information is growing at home and abroad, cases where de-identified information is re-identified through insufficient de-identification measures and inferences are occurring. In order to compensate for these problems and discover new technologies for de-identification measures, competitions to compete on the safety and usefulness of de-identified information are being held in Korea and Japan. This paper analyzes the safety and usefulness indicators used in these competitions, and proposes and verifies new indicators that can measure usefulness more efficiently. Although it was not possible to verify through a large population due to a significant shortage of experts in the fields of mathematics and statistics in the field of de-identification processing, very positive results could be derived for the necessity and validity of new indicators. In order to safely utilize the vast amount of public data in Korea as de-identified information, research on these usefulness metrics should be continuously conducted, and it is expected that more active research will proceed starting with this thesis.

Fintech Industry Invigoration by the De-identification and Linkage Reform of Personal Information (개인정보 비식별 조치와 결합 개선을 통한 핀테크 시장 활성화)

  • Oh, Won-Gyeom;Park, Dea-woo
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • 2016.10a
    • /
    • pp.340-343
    • /
    • 2016
  • The Korean government published the personal information de-identification guideline on June 2016, which were made by related government ministries. The guideline's objective is that the invigoration of Korean bigdata industry on personal information protection under the current laws. However, if there is some unreasonable method or process in the guideline, it can be an obstacle to bigdata analysis. This article will review the guideline to find defects in methods and processes of de-identification evaluation, de-identification support and data-linkage and then propose the best solutions to improve them. Lastly, this article will mention how these solutions can invigorate Fintech industry.

  • PDF

Raising Risk and Suggesting Solution about Personal Information De-identification in Big-Data Environment (빅데이터 환경에서 개인정보 비식별화에 대한 위험성 제기 및 대응 방안 제시)

  • Lee, Su-Rim;Jang, Woong-Tae;Bae, Jae-Young;Lee, Chan-Ho;Hyun, Beom-Su
    • Annual Conference of KIPS
    • /
    • 2016.10a
    • /
    • pp.297-300
    • /
    • 2016
  • 최근 빅데이터 산업이 발전하고 있는 상황에서 빅데이터 산업에 활용되는 개인정보의 보호에 관한 문제가 대두하고 있다. 빅데이터 산업에서 개인정보를 활용하기 위해서는 비식별화 조치를 해야 한다. 하지만 비식별화는 비식별화 평가 모델 자체의 취약성과 더불어 비식별화된 개인정보를 재식별화 하는 위험성도 존재한다. 본 논문은 적정성 평가 모델, 비식별화 조치 기술, 재식별에 관한 위험성을 연구하고 각 위험성에 대한 대응 방안을 통해 재식별화의 문제를 해결하여 빅데이터 산업에서 비식별화된 개인정보가 안전히 쓰일 수 있도록 해야 한다.

A study on Data Context-Based Risk Measurement Method for Pseudonymized Information Processing

  • Kim, Dong-Hyun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.27 no.6
    • /
    • pp.53-63
    • /
    • 2022
  • Recently, as digital transformation due to the COVID-19 pandemic accelerates, data to improve individual quality of life is being used in large quantities, and more reinforced non-identification processing procedures are required to utilize the most valuable personal information among data. In Korea, procedures for de-identification measures are presented through amendments to laws and guidelines, but there is no methodology to measure the level of de-identification in the field due to ambiguous processing standards and subjective risk measurement methods. This paper compares and analyzes the current status of policy and guidelines related to de-identification measures proposed at home and abroad to derive complementary points, suggests a data context-based risk measurement method centered on pseudonymized information processing, and verifies its validity. As a result of verification through Delphi survey and focus group interview (FGI), it was confirmed that the need for the proposed methodology and the validity of the indicators were high.

De-identification Policy Comparison and Activation Plan for Big Data Industry (비식별화 정책 비교 및 빅데이터 산업 활성화 방안)

  • Lee, So-Jin;Jin, Chae-Eun;Jeon, Min-Ji;Lee, Jo-Eun;Kim, Su-Jeong;Lee, Sang-Hyun
    • The Journal of the Convergence on Culture Technology
    • /
    • v.2 no.4
    • /
    • pp.71-76
    • /
    • 2016
  • In this study, de-identification policies of the US, the UK, Japan, China and Korea are compared to suggest a future direction of de-identification regulations and a method for vitalizing the big data industry. Efficiently using the de-identification technology and the standard of adequacy evaluation contributes to using personal information for the industry to develop services and technology while not violating the right of private lives and avoiding the restrictions specified in the Personal Information Protection Act. As a counteraction, the re-identification issue may occur, for re-identifying each person as a de-identified data collection. From the perspective of business, it is necessary to mitigate schemes for discarding some regulations and using big data, and also necessary to strengthen security and refine regulations from the perspective of information security.

A New Scheme for Risk Assessment Based on Data Context for De-Identification of Personal Information (개인정보 비식별 조치를 위한 데이터 상황 기반의 위험도 측정에 관한 새로운 방법)

  • Kim, Dong-hyun;Kim, Soon-seok
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.4
    • /
    • pp.719-734
    • /
    • 2020
  • This paper proposes a new measurement scheme for estimating the processing level according to risk when performing de-identification in the use of personal information by practitioners in the organization in line with the recently revised Data 3 Act. Our proposed methods considered the surrounding circumstances surrounding the data, not just the data, for risk measurement, and divided the data situation into three categories more systematically so that it can be applied in all areas in a general-purpose environment, the data utilization environment, and the data (self) so that it can be calculated quantitatively based on each context risk according to the presented classification. The proposed method is designed to calculate the risk of existing de-identifiable information in a quantitative manner so that personal information controller in general organizations can use it in practice, not just in the qualitative judgment of experts.

Legal Issues in Protecting and Utilitizing Medical Data in United States - Focused on HIPAA/HITECH, 21st Century Cures Act, Common Law, Guidance - (미국의 보건의료데이터 보호 및 활용을 위한 주요 법적 쟁점 -미국 HIPAA/HITECH, 21세기 치료법, 공통규칙, 민간 가이드라인을 중심으로-)

  • Kim, Jae Sun
    • The Korean Society of Law and Medicine
    • /
    • v.22 no.4
    • /
    • pp.117-157
    • /
    • 2021
  • This research reviewed the HIPAA/HITECH, 21st Century Cures Act, Common Law, and private Guidances from the perspectives in protecting and utilitizing the medical data, while implications were followed. First, the standards for protection and utilization are relatively clearly regulated through single law on personal medical information in the United States. The HIPAA has been introduced in 1996 as fundamental act on protection of medical data. Medical data was divided into personally identifiable information, non-identifying information, and limited dataset under HIPAA. Regulations on de-identification measures for medical information, objects for deletion of limited data sets, and agreement on prohibition of data re-identification were stipulated. Moreover, in the 21st Century Cures Act regulated mutual compatibility for data sharing, prohibition of data blocking, and strengthening of accessibility of data subjects. Common Law introduced comprehensive consent system and clearly stipulates procedures. Second, the regulatory system is relatively simplified and clearly stipulated in the United States. To be specific, the expert consensus and the safe harbor system were introduced as an anonymity measure for identifiable medical information, which clearly defines the process while increasing trust. Third, the protection of the rights of the data subject is specified, the duty of explanation is specified in detail, while the information right of the consumer (opt-out procedure) for identification information is specified. For instance, the HHS rule and FDA regulations recognize the comprehensive consent system for human research, but the consent procedure, method, and requirements are stipulated through the common rule. Fourth, in the case of the United States, a trust-based system is being used throughout the health and medical data legislation. To be specific, Limited Data Sets are allowed to use in condition to the researcher's agreement to prohibit re-identification, and de-identification or consent process is simplified under the system.

A Study on Personal Information Protection System for Big Data Utilization in Industrial Sectors (산업 영역에서 빅데이터 개인정보 보호체계에 관한 연구)

  • Kim, Jin Soo;Choi, Bang Ho;Cho, Gi Hwan
    • Smart Media Journal
    • /
    • v.8 no.1
    • /
    • pp.9-18
    • /
    • 2019
  • In the era of the 4th industrial revolution, the big data industry is gathering attention for new business models in the public and private sectors by utilizing various information collected through the internet and mobile. However, although the big data integration and analysis are performed with de-identification techniques, there is still a risk that personal privacy can be exposed. Recently, there are many studies to invent effective methods to maintain the value of data without disclosing personal information. In this paper, a personal information protection system is investigated to boost big data utilization in industrial sectors, such as healthcare and agriculture. The criteria for evaluating the de-identification adequacy of personal information and the protection scope of personal information should be differently applied for each industry. In the field of personal sensitive information-oriented healthcare sector, the minimum value of k-anonymity should be set to 5 or more, which is the average value of other industrial sectors. In agricultural sector, it suggests the inclusion of companion dogs or farmland information as sensitive information. Also, it is desirable to apply the demonstration steps to each region-specific industry.