• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Knowledge Management Research
• /
• v.25 no.2
• /
• pp.219-243
• /
• 2024

This study investigates the impact of privacy concerns, perceived utility, and awareness of the right to personal data self-determination on the effective use and expansion of MyData services, which are critical to the data economy. Integrating the value-based adoption model with privacy calculus theory, the research examines how perceived utility, privacy concerns, trust, and personal innovativeness influence perceived value, perceived privacy, and the intention to provide personal information. Data collected from an online survey of 442 MyData service users and prospective users were analyzed using PLS-SEM and Bootstrapping methods via SmartPLS 4. The results indicate that perceived utility positively affects the intention to provide personal information, while privacy concerns have a negative impact. Trust and personal innovativeness positively influence the intention to adopt MyData services, and the awareness of personal data self-determination rights moderates these intentions. The findings underscore the importance of developing beneficial services that mitigate users' privacy concerns and build trust for the successful implementation of MyData services. Additionally, the study highlights the need for education and awareness campaigns to enhance understanding of the right to personal data self-determination.

• Information Systems Review
• /
• v.20 no.1
• /
• pp.159-177
• /
• 2018

With an extensive proliferation of information and communication technology, the volume and amount of digital information collected and utilized on the Internet have been increasing rapidly. Also on the rapid rise are side effects such as unintended breach of accumulated personal information and consequent invasion of personal privacy. Informational self-determination is rarely practiced, despite various states' legal efforts to redress data subjects' damage. Personal health information, in particular, is a subcategory of personal information where informational self-determination is hardly practiced enough. The observation is contrasted with the socio-economic inconvenience that may follow due to its sensitive nature containing individuals' physical and health conditions. This research, therefore, reviews factors of self-determination on personal health information while referring to the protection motivation theory (PMT), the long-time framework to understand personal information protection. Empirical analysis of 200 data surveyed reveals threat-appraisal (perceived vulnerability and perceived severity of threats) and coping-appraisal (perceived response effectiveness), in addition to individual levels of concern regarding provided personal health information, influence self-determination to protect personal health information. The research proposes theoretical findings and practical suggestions along with reference for future research topics.

• Journal of Platform Technology
• /
• v.12 no.1
• /
• pp.141-150
• /
• 2024

The importance of personal data protection is increasingly emphasized both at home and abroad, and while overseas countries are applying various policies and dynamic management technologies, there are some gaps between compliance with laws and regulations and the application of technologies in Korea, and there are few user interfaces that provide convenient ways for data subjects to stop processing personal data. This study first analyzes the need for dynamic personal information consent management technology, the current state of the industry, and the prospects for its development. Next, this study proposes a basic model for dynamic management of personal information consent that maximizes the data subject's right to personal data self-determination while strictly complying with personal data protection laws in Republic of Korea. In particular, this study analyzes the basis of domestic laws and regulations related to the suspension of personal data processing, designs a basic model of personal data consent dynamic management interface, and presents its effectiveness. Based on the results of this study, we expect that the proposed dynamic management model for personal data use consent can be used in various ways for various websites and applications in the future.

• The Journal of Korean Academic Society of Nursing Education
• /
• v.29 no.3
• /
• pp.281-291
• /
• 2023

Purpose: The purpose of this study is to confirm the relationship between nursing students' self-determination and life satisfaction in order to clarify the mediating effect of grit and social support, which can have a mutual influence on self-determination and life satisfaction. Methods: The data collection for this study was conducted from January 1 to 31, 2022, with nursing students enrolled in nursing departments at six universities located in three regions. The data collected in this study were analyzed using the IBM SPSS statistics 25.0 program. Results: The study found correlations between life satisfaction and self-determination (r=.64, p<.001), grit (r=.41, p<.001), and social support (r=.46, p<.001). Grit (B=0.06) and social support (B=0.06) showed a mediating effect in the relationship between self-determination and life satisfaction. Conclusion: Based on the results of the study, it is suggested that a program that can enhance the life satisfaction of nursing students be developed and implemented by focusing on social support, which is an external resource, and self-determination and grit, which are internal resources.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.1
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• Journal of Korean Academy of Nursing
• /
• v.45 no.3
• /
• pp.347-356
• /
• 2015

Purpose: In this study, the effectiveness of a motivational interviewing smoking cessation YOU-TURN program for adolescents was examined. The program was based on the self-determination theory. Methods: The study was carried out with a nonequivalent control group pretest-posttest design. Participants in the present study were 136 high school students living in D city. The students were assigned to the experimental group (n=52) who participated in the motivational interviewing smoking cessation YOU-TURN program based on self-determination theory, or to the control group (n=84) who participated in a general smoking cessation program. Data were collected from September 1, 2013 through April 30, 2014. Collected data were analyzed using SPSS PC+ 21.0 with Chi-square test, Fisher's exact test, t-test, Mann-Whitney U test, Repeated Measures ANOVA, and MANOVA-Wilk's Lambda. Results: The experimental group had a significant increase in basic psychological needs, and duration of quitting-smoking in comparison with the control group. The experimental group had a significant decrease in cigarettes smoked per day and cotinine in urine in comparison with the control group. Conclusion: The motivational interviewing YOU-TURN program, when delivered to adolescents who smoked, was effective in discouraging smoking, and can be utilized as an effective nursing intervention for adolescents who smoke.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.