• Journal of Information Technology Applications and Management
• /
• v.24 no.1
• /
• pp.81-91
• /
• 2017

In Korea, "Act on the Development of Cloud Computing and Protection of its Users" has been enforced since September 28, 2015. Many countries implemented 'Cloud First' policies and global companies such as Amazon, Microsoft, IBM started cloud services in Korea. Under these circumstance, the Act was established for developing the cloud computing industry. The Act includes clauses for encouraging the use of private cloud computing by public organizations, supporting small- and medium-size cloud service providers, and utilizing secure cloud computing services by users. However, some terms appear to be similar but have different meanings from "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and "Personal Information Protection Act". This generated some confusion and conflicts in relation to providing user information to a 3rd party and notifying the intrusion in the Cloud Computing Act. This paper discusses these issues and suggestions for revision of the Cloud Computing Act.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.301-304
• /
• 2016

Cyber world constitute the infrastructure of the country and its people and control. Cyber attacks and leakage of personal information are being threatened damage to the national economy and national security. December 2014 had been cyber hacking attacks on Korea Hydro & Nuclear Power Nuclear cooling system design drawings of a spill, and Cheong Wa Dae website hacked, KBS stations occurred in cyber hacking accidents. As a result, ICT-based Protection Act, Promotion of Information and Communications Network Utilization and Information Act on Protection, etc., privacy laws are being enforced, personal information in the form of requirements from leading high-tech eoryeowoona is to prevent the attacks of armed hackers Internet information society It proposes positive measures to keep your personal information officer and laws.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.271-274
• /
• 2013

From February 18, 2013, an information and communications service provider, we will not be able to collect the resident registration number by paragraph 2 of Article 23 of the Act on the Promotion of the use and protection of information and information network. Rather than a revision in accordance with resident registration number, than these laws, it had been used in the alternative, such as OTP authentication phone authentication I-PIN authentication of certificates that are recognized as such authentication. In this paper, we propose a new online identity authentication technology was and Utilization of IMEI, the OTP to introduce online identity authentication technology replacing the resident registration number.