• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1549-1560
• /
• 2015

For the past few years, personal information breach incidents, great and small, occurred constantly. Accordingly, the Personal Information Protection related Ordinances are enacted and amended persistently, and the information security products also keep advancing and developing in the same way. There are the certification systems such as Common Criteria Evaluation and Validation(CC) and Korea Cryptographic Module Validation Program(KCMVP) for the information security products. These are also strictly carried out. This paper analyzes and categorizes the 5 Personal Information Protection related Ordinances in the aspects of technical protection measures by using key words. Here are the 5 related ordinances; 'the Personal Information Protection Act', 'the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc', 'the Act on the Protection, Use, Etc, of Location Information', 'the Use and Protection of Credit Information Act', and 'the Electronic Financial Transactions Act.' Moreover, this study analyzes the association between the technical protection measures in the 5 relevant laws and the information security products that are obtaining the CC Evaluation & Validation(CC) and the products that are now produced at KISIA's member companies.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• International Commerce and Information Review
• /
• v.11 no.2
• /
• pp.233-257
• /
• 2009

The 21st century is witnessing the explosive increase in the usage of internet and international electronic transactions. Due to the unique characteristics of the electronic information, substantial part of such transaction can and do take the form of cross-border transactions. However, there have not been settled appropriate set of rules applicable to the international electronic transactions. Currently, in respect to e-L/C transactions in international trade, there are laws such as Electronic Transaction Basic Act in our country, E-Trade Promotion Act, E-Signature Law, Act on Promotion of Information and Communication Network Utilization and Information Protection and Marine Charter 5 in the Commercial Law. Nevertheless, a complete legislation, that is a uniform rule for e L/C which could support e L/C transactions fully hasn't been established yet. Accordingly, those laws concerned need to improve to regulate e-L/C transactions. The purpose of this paper is to look into the national status for law readjustment to prepare for a new electronic environment and to use appropriately the e-L/C issued by electronic means, and to conduct a comparative analysis on the related regulations to introduce a pertinent laws and propose related regulations to contribute to the making of effective laws to regulate e-L/C.

• Korean Security Journal
• /
• no.61
• /
• pp.285-305
• /
• 2019

In the bill of [Act on Certified Detective and Certified Detective Business] (hereinafter referred to as the Certified Detective Act) proposed and represented by the member of National Assembly, Lee Wan-Yong in 2017, the legislative point of view showed that various incidents and accidents, including new crimes, are frequently increasing as society develops and becomes more complex, however, it is not possible to solve all the incidents and accidents with the investigation force of the state alone due to manpower and budget, and therefore, a certified detective or private investigator are required. According to the decision of the Constitutional Court in June 2018, Article 40 (4) of the Act on the Use and Protection of Credit Information is concerned with 'finding the location and contact information of a specific person or investigating privacy other than commerce relations such as financial transactions' are prohibited. It is for the purpose of preventing illegal acts in the process of investigation such as the location, contact information, and the privacy of a specific person and protecting the privacy and tranquility of personal privacy from misuse and abuse of the personal information etc. Such 'privacy investigation business' currently operates in the form of self-employment business, which becomes a social issue as some companies illegally collect and provide such privacy information by using illegal cameras or vehicle location trackers and also comes to be the objects of clampdown of the investigative agency. Considering this reality, because it is difficult to find a resolution to materialize the legislative purpose of the Act on the use and protection of credit information other than prohibiting 'investigation business including privacy etc' and it is possible to run a similar type of business as a detective business in the scope that the laws of credit research business, security service business, the position of the Constitutional Court is that 'the ban on the investigations of privacy etc' does not infringe the claimant's freedom to choose a job. In addition to this decision, the precedent positions of the Constitutional Court have been that, in principle, the legislative regulation of a particular occupation was a matter of legislative policy determined by the legislator's political, economic and social considerations, unless otherwise there were any special circumstances, and. the Constitutional Court also widely recognized the legislative formation rights of legislators in the qualifications system related to the freedom of a job. In this regard, this study examines the problems and improvement plans of the certified detective system, focusing on the certified detective bill recently under discussion, and tries to establish a legal basis for the certified detective and certified detective business, in order to cultivate and institutionalize the certified detective business, and to suggest methodologies to seek for the development of the businesses and protect the rights of the people.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.05a
• /
• pp.483-486
• /
• 2021

With the explosive increase in data, the 'big data era' has arrived, focusing on deriving new values and insights through data. With the development of data analysis technology, the importance of data analysis and utilization in the field of diagnosis and treatment as well as prevention is expanding, while the use of big data is emerging in the healthcare field. Moreover, as the three data-related laws (Personal Information Protection Act, Information and Communication Network Act, and Credit Information Act) were passed in January 2020, it became possible to use a wide range of big data through pseudonym information. However, the use of healthcare big data is still struggling due to various policies and regulations, inconsistent data quality, and the absence of specialized personnel. Therefore, in this study, examines the current state of use of big data in the healthcare field, and analyzes the challenges, overseas cases, plans, and expected effects for activation of healthcare big data.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.13
• /
• pp.1013-1032
• /
• 2000

At present, the scale of Electronic Commerce through internet has been rapidly increasing due to the development of information & communication technology, and aggregated to 2.4 billion dollar in America last year (1998). The market scale of worldwide electronic commerce is also presumed to be about 130 billion dollar in 2000, and to occupy more than 20% of the whole world trade in world 2020. Since the right of trademark, despite of being effective only in registered nations on the principle of territorialism, is unified on the cyber space of internet without domestic barrier or local limitation which make it easier to conduct the distribution of information rapidly through the address-internet domain name, those are very important that the systematic dispute-solving plan on problems such as decision of its Act and international jurisdiction to be established, in an effort to prevent the newly emerging dispute instances such as trademark infringement and improper competitiveness. In addition, it is natural that on the threshold of the electronic commerce age which formed with an unified area without the worldwide specific regulation, each country including us makes haste with the enactment of "electronic commerce Act" aiming at coming into force in 1999, in keeping with getting through "non-tariff law on electronic commerce" by U. S. parliament on May, 1998. In view of the properties of electronic commerce transactions through internet, there are the large curtailment of distributive channel, surmounting of restrictions on transaction area, space and time and the easy feedback with consumer and the cheap-required capital, from which the problems may arise - registration of trademark, the trademark infringement of domain name and the protection of prestigious trademark. Therefore, it is necessary to take the counter-measure, with a view of reviewing the infringement of trademark and domain name and the instances of each national precedent and to preventing the disputes. The improvement of the persistent system should be needed to propel the harmonious protection of those holding trademark right's credit and demanders' expectant profit by way of the righteous use of trademark.

• Asia-Pacific Journal of Business Venturing and Entrepreneurship
• /
• v.12 no.1
• /
• pp.133-144
• /
• 2017

This study investigates firm-specific financial variables that determine investment or speculative grades from the viewpoint of firms, which are one of the major stakeholders related to the credit rating. We employ an ordered probit model for our analysis with the sample data from 1999 to 2015 for listed firms in the Korean stock markets. For investment grades, operating margin, sales, market-to-book, dividend payment, capital expenditure ratio, and tangible asset ratio have a significantly positive impact on credit ratings. In the subsample for speculative grades, the coefficients of the dividend payment, retained earnings ratio, and capital expenditure ratio are significantly positive while short-term debt ratio and R&D expenditures have a significantly negative impact on credit ratings. For the analysis before and after 2009, when the Credit Information Use and Protection Act was strengthened after the global financial crisis, the coefficients of the capital expenditure ratio, cash ratio, and tangible asset ratio are significantly positive in the subsample for investment grades before 2009, but not significant after 2010. The coefficient of the long-term debt ratio is more significantly negative than that of the short-term debt ratio before 2009, for speculative grades, but short-term debt ratio has a more negative effect on ratings than long-term debt ratio after 2010. Surprisingly, the coefficient of the R&D expenditures is significantly negative in both investment and speculative grades since 2010. Our findings are inconsistent with the conjecture that the increase in R&D expenditures enhances the possibility of creating cash-flow by raising the investment growth opportunity, and thus affects positively the credit rating.

• Journal of Information Technology Services
• /
• v.21 no.1
• /
• pp.1-19
• /
• 2022

With the revision of the Credit Information Use and Protection Act in August 2020, the MyData service based on open banking policy will take effect in January 2022. Nonetheless, the previous studies focused on the legal system or security-related issues of such service. Therefore, this paper conducted an empirical study on financial consumers aged 20 or older nationwide to analyze the factors which influence the intention to use MyData services based on open banking. Five characteristics representing open banking-based MyData service were derived through prior research, and a research model that combined value-based adoption model and privacy calculus theory was presented. The proposed research model and the relationship of its variables was analyzed using a sample of 400 users that is randomly selected. The results of empirical analysis showed that personalization had the greatest influence on benefits and reliability on sacrifice among service characteristics. They also suggested that MyData operators should devote themselves to providing customized services optimized for customers and establishing trust relationships. It was confirmed that both usefulness and enjoyment had a great influence on perceived value, and in terms of sacrifice, the burden of financial costs had a greater influence than privacy concerns. This study is meaningful in that it explored the psychological propensity of financial consumers to identify service utilization factors and presented a new approach that can contribute to the successful settlement of the domestic MyData industry.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.1
• /
• pp.167-174
• /
• 2022

Since the Promotion Committee was established on March 25, 2021, urging the enactment of the Detective Business Act, many opinions and attention from all walks of life have been gathered. The Detective Business system, which is also one of the presidential pledges of the current 19th President Moon Jae In, is expected to be significant in that it can promote the development of a welfare state as well as efficient parts such as meeting the demand for security reinforcement services, improving the judicial system, and enhancing internationalization. In accordance with the consensus of the nine judges of the Constitutional Court that the lower part of Article 40 of the "Act on the Use and Protection of Credit Information" which prohibits the use of similar names such as investigating the general life of certain people does not violate the Constitution, detective work became possible regardless of the general life investigation. In particular, the detective job officially appeared on August 5, 2020, and it will be able to provide effective work services to the public by competing with prosecutors, police, and lawyers who have occupied exclusive positions in the field of a criminal investigations. However, although the role of detectives is gradually expanding and society is rapidly changing, illegal activities are prevalent throughout society, and more than 1,600 companies are currently operating suspiciously using the only name of "detectives", but the police are virtually letting go of the situation saying that they are "unauthorized.", and the damage is only going to the people, so at this point, the most worrisome thing is the absence of the law. Meanwhile, amid concerns over institutions overseeing illegal activities caused by the emergence of the detective industry, private security and detectives are similar to each other as in the United States, and it is expected to be able to gain public trust by entrusting the police in charge of managing and supervising private security companies. Therefore, at this time when most OECD countries except Korea legislate the Detective Business Act, prematurely allowing only the detective industry without enacting industry-related laws and systems can further fuel social confusion and hinder the detective industry along with the new fourth industry.