• International Journal of Computer Science & Network Security
• /
• v.21 no.5
• /
• pp.113-120
• /
• 2021

The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

• Informatization Policy
• /
• v.27 no.3
• /
• pp.3-18
• /
• 2020

In the growing digitalized world, the European Union implemented the General Data Protection Regulation(GDPR) to establish a comprehensive data protection framework across member states. Given the constitutional roots of GDPR, the EU's regulatory approach is different than other data protection regimes. The new regulation has strengthened individual rights to data protection, but it also introduced several obligations for businesses that collect and process personal data. We review the existing literature on privacy, particularly GDPR, from a policy perspective. The evidence outlines data regulation's effects on competition, innovation, marketing activities, and cross-border data flows. The discussion highlights the tradeoffs between increased regulation of data protection and its effects on the market.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.693-696
• /
• 2013

Information protection system (Information protection system)-based IT environment built popularity in public agencies and businesses take advantage of the resources for the integration of the information system one essential environment began to recognize, cloud systems (Cloud System), cloud security (Cloud Security), big data (Big Data), big data security (Big Data Security), industrial security (Security Industry), as well as the issue. Due to the influence of these information protection system (Information protection system) in response to my external security threats based on the analysis plan. In this paper, data protection systems (Information protection system), resulting in the introduction, there are a number of security threats and particularly industrial security aspects and internal and external security threats in response by lighting about aspects of the plan is based on knowledge.

• Journal of Information Technology Services
• /
• v.10 no.4
• /
• pp.21-32
• /
• 2011

The recently revised "Telecommunications Business Promotion and Personal Data Protection Act" is an important legal milestone in promoting the Korean telecommunications infrastructure and industry as well as protecting individuals' personal data and individuals' rights to privacy. Special characteristics of information security and privacy protection services including public goods' feature, adaptiveness, relativity, multi-dimensionality, and incompleteness, are reviewed. The responsibility of chief security/privacy officers in the IT industry, and the fairness and effectiveness of the criminal negligence in the Telecommunications Act are analyzed. An assessment of the rationale behind the act as well as a survey of related laws and cases in different countries, offers the following recommendations : i) revise the act and develop new systems for data protection, ii) grant a stay of execution or reduce the sentence given extenuating circumstances, or iii) use technical and managerial measures in data protection for exemption from criminal negligence.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of Information Technology Services
• /
• v.8 no.1
• /
• pp.47-58
• /
• 2009

The information protection security diagnosis institution was applied services since 2004, for the leveling up of public information protection and the establishment of the stability and reliability of information communication. And this security diagnosis was implemented actually on the 142 firms in 2005, the 160 firms in 2006 and the 205 firms in 2007. But this is recognized by the some firms as one of the unnecessary regulations. And there are some difficulties with collecting the subjective and reliable source data for establishing the information protection security diagnosis target. In this research, the enhanced model on the selection of information protection security diagnosis target firms was suggested by the interview with some expert and the analysis for the related actual data. By the model which are introduced from the statistical analysis of the related data and the summary of some expert's suggestions, information protection security diagnosis target can include the information telecommunication service providers taking 5 billion won as sales in a year, and web service providers like as shopping mall site, with the personal records of 2 million subscribers.

• Journal of Communications and Networks
• /
• v.8 no.2
• /
• pp.228-233
• /
• 2006

Survivability is a very important requirement for the deployment of broadband networks because out of service links can affect volumes of traffic even if it is a very short time. And the data paths of broadband networks, which are critical for traffic engineering, are always necessary to be well protected. The procedure of protection or restoration for a path is initiated when failure is detected within the working path. In order to minimize the influence on transmission quality caused by the failure of links and to provide a definite time for the recovery from the failure, the protection switching time (PST) should be carefully considered in the path arrangement. Several researches have been devoted to construct the protection and restoration schemes of data paths over dense wavelength division multiplexing (DWDM) networks, however, there was rare research on the design of data paths with guaranteed protection switching time. In this paper, the PST-guaranteed scheme, which is based on the concept of short leap shared protection (SLSP), for the arrangement of data paths in DWDM networks is proposed. The proposed scheme provides an efficient procedure to determine a just-enough PST-guaranteed backup paths for a working path. In addition to selecting the PST-guaranteed path, the network cost is also considered in a heuristic manner. The experimental results demonstrate that the paths arranged by the proposed scheme can fully meet the desired PST and the required cost of the selected path is competitive with which of the shared path scheme.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2011.07a
• /
• pp.294-295
• /
• 2011

The fundamental problem of selective protection scheme for encoded bitstreams is to find an efficient algorithm to select the set of frames required to be encrypted that can maximize protection effect with the minimum amount of protected data is required. In this paper, we propose an optimal selective protection scheme for SVC bitstreams by protecting the best combination of frames for selective protection in the sense that the amount of data required for protection is minimized and the resulting visual quality degradation is maximized. The selection of the frames to be encrypted is done by first expressing R-Q (protection rate - visual quality) relationship with Lagragian cost model. The experimental results show that, compared to protecting SVC bitstreams layer by layer, the proposed scheme gives superior performance in terms of protection effectiveness due to its better selection of frames for protection given protection bit budgets.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.844-847
• /
• 2011

Wireless mesh network (WMN) is a type of mobile ad-hoc network consists of wireless router, mobile clients and gateway which connects the network with the Internet. To provide security in the network it is required to encrypt the message sent among the communicating nodes in such way so that only legitimate user can retrieve the original data. Several security mechanisms have been proposed so far to enhance the security of WMN. However, there still exists a need for a comprehensive mechanism to prevent attacks in data communication. Considering the characteristic of mesh network, in this paper we proposed a public key cryptography based security architecture to establish a secure key agreement among communicating nodes in mesh network. The proposed security architecture consists of two major sections: client data protection and network data protection. Client data protection deals with the mutual authentication between the client and the access router and provide client to access router encryption for data confidentiality using standard IEEE 802.11i protocol. On the other hand, network data protection ensures encrypted routing and data transfer in the multi hop backbone network. For the network data protection, we used the pre-distributed public key to form a secure backbone infrastructure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.995-1012
• /
• 2016

In Internet of Things (IoT) environments, devices or sensors everywhere can automatically collect data without the individual awareness, further combine and share data using ubiquitous network, and thus the development of IoT raises new challenges in respect of personal data protection and privacy. This study aims to identify main issues related to data protection in the IoT and propose adequate measures. We analyzed the types of personal data controllers and processors in IoT and figured out the issues regarding the processing of personal data and the rights to privacy of data subject. Accordingly, we suggested the institutional ways (e.g., establishment of user-friendly notice and flexible consent system, re-identification risk monitoring system, data protection in cross-border transfer, and user education) to improve the situation of personal data protection in IoT and finally proposed the improvement tasks to carry out first based on the degree of urgency and importance.