• Asia pacific journal of information systems
• /
• v.30 no.3
• /
• pp.547-567
• /
• 2020

As the complexity of managing online personal information is increasing and data breach incidents frequently occur, online users feel a loss of control over their privacy. Such a situation leads to their cynical attitudes towards privacy protection, called privacy cynicism. This study aims to examine the role of privacy cynicism in online users' privacy behaviors. Data were gathered from a survey that 281 people participated in and were analyzed with covariance-based structural equation modeling. The findings of this study reveal that privacy cynicism has not only a direct influence on disclosure intention but also moderates an effect of privacy concerns on the intention. The analytical results also indicate that there is a nonlinear effect of privacy cynicism on the outcome variable. This study developed the concept of privacy cynicism—a phenomenon that significantly affects online privacy behavior but has been rarely examined. The study is an initial research into the nature and implications of privacy cynicism and furthermore clarified its role by the nonlinear relationship between privacy cynicism and the willingness to disclose personal information.

• Journal of the Korea Convergence Society
• /
• v.9 no.3
• /
• pp.231-240
• /
• 2018

Recently, personal information processing are becoming more important in the behavioral advertising based on online and mobile platform. The behavioral advertising analyzes and utilizes individual's search & purchase history, hobbies, and tendency based on the personal behavior information collected using the automatic collection device. Therefore, it collects and stores other types of personal information which did't defined in Privacy Act and can analyze personal behavior. This characteristics may cause disclosure of personal information and exposure to intrusion. In this paper, we investigate and analyze the privacy policy of the advertising agencies, and discussded the measures to be taken in collecting, storing and using personal information suitable for behavior information.

• Convergence Security Journal
• /
• v.12 no.5
• /
• pp.87-97
• /
• 2012

Privacy of personal information disclosure incident occurs frequently as a problem to our society's most important and sensitive social agenda is emerging. Personal information is actually more accurate, depending on the type or types of economic value and sensitivity, the quality of the information, because it can cause a spill a serious social threat and systematic personal information protection and management are not carried out and the information society in a big mess can result. Customers my affairs when small guard security companies, especially the sensitive personal information of customers who need to work, the collected information be leaked or the company's trade secrets, are exposed on the outside, it could be a serious threat to a greater problem cause. Small escort guard companies, however, compared with large companies to build its own security system, due to issues such as the extent of funding, staffing shortages, there are many difficulties. Status of Information Security, scale and analyze the characteristics of small escort guard companies occupied by guard security companies in the present study, sleep, look at him in the solution of the practical issues of information protection system laid small guard. Expenses supplier of propose a security system for preventing the leakage of personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.9
• /
• pp.2550-2572
• /
• 2023

Epidemiological survey is an important means for the prevention and control of infectious diseases. Due to the particularity of the epidemic survey, 1) epidemiological survey in epidemic prevention and control has a wide range of people involved, a large number of data collected, strong requirements for information disclosure and high timeliness of data processing; 2) the epidemiological survey data need to be disclosed at different institutions and the use of data has different permission requirements. As a result, it easily causes personal privacy disclosure. Therefore, traditional access control technologies are unsuitable for the privacy protection of epidemiological survey data. In view of these situations, we propose a black box-assisted fine-grained hierarchical access control scheme for epidemiological survey data. Firstly, a black box-assisted multi-attribute authority management mechanism without a trusted center is established to avoid authority deception. Meanwhile, the establishment of a master key-free system not only reduces the storage load but also prevents the risk of master key disclosure. Secondly, a sensitivity classification method is proposed according to the confidentiality degree of the institution to which the data belong and the importance of the data properties to set fine-grained access permission. Thirdly, a hierarchical authorization algorithm combined with data sensitivity and hierarchical attribute-based encryption (ABE) technology is proposed to achieve hierarchical access control of epidemiological survey data. Efficiency analysis and experiments show that the scheme meets the security requirements of privacy protection and key management in epidemiological survey.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.503-512
• /
• 2020

The revisions to data privacy acts allows the disclosure of data after anonymizing personal information. Such anonymized data is expected to be useful in research and services, but there are high concerns about privacy breaches such as re-identifying of the individuals from the anonymized data. In this paper, we showed that identifying individuals from public data is not very difficult, and also raises questions about the reliability of the public data. We suggest that users understand the trade-offs between data disclosure and privacy protection so that they can use data securely under the revised data privacy acts.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.14 no.6
• /
• pp.273-279
• /
• 2014

Recently, it was occurred in the nation's largest Information spill about 140 million cases of credit card customers' personal and credit information. As such, it was rapidly to increase in consumer complaints about the privacy of personal information in accordance with outflow of financial companies increased accident. But it is still not clear precaution. Therefore, in financial customer position, it is possible to confirm and determine in advance whether or not superior to the security company. In addition, It is time to be required institutional device that can be a real effort to equip a good security company. This report is considered a model of "Disclosure of corporate security assessment " of these devices institutional study. And We study in realistic and objective stance about why do we need this policy.

• Information Systems Review
• /
• v.18 no.3
• /
• pp.209-233
• /
• 2016

Internet companies that utilize social network have increased in number. The introduction of diverse social media services facilitated innovative changes in e-business. Social network service (SNS), which is a domain of social media, is a web-based service designed to strengthen human relations in the Internet and build new social relations. The remarkable growth of social network services and the profit generation and perception of this service are the new growth engines of this digital age. Given this development, many global IT companies views SNS as the most powerful form of social media. Thus, they invest efforts to develop business models using SNS.2) This study verifies the impact of privacy exposure in SNS as a result of privacy invasion. This study examines the purpose of using the SNS and user's awareness of the significance of personal information, which are key factors that affect self-disclosure of personal information. This study utilizes theory of reasoned action (TRA) to provide a theoretical platform that describes the specific behavior and emotional response of individuals. This study presents a research model that considers negative attitude (negatude). In this model, self-disclosure in SNS is considered a TRA. TRA is a subjective norm, a behavioral intention, and a key variable of exposure behavior. A survey was conducted on college students at Y university in Seoul to empirically verify the research model. The students have experiences in using SNS. A total of 198 samples were collected. Path analysis was applied to analyze the relations of factors. The results of path analysis show the statistically insignificant impact of privacy invasion on negatude, subjective norm, behavioral intention, and exposure behavior. The impact of unrecognized privacy invasion was also considered insignificant. The impacts of intention to use SNS on negatude, subjective norm, behavioral intention, and exposure behavior was significant. A significant impact was also found for the significance of personal information on subjective norm, behavioral intention, and exposure behavior, whereas the impact on negatude was insignificant. The impact of subjective norm on behavioral intention was significant. Lastly, the impact of behavioral intention on exposure behavior was insignificant. These findings are significant because the study examined the process of self-disclosure by integrating psychological and social factors based on theoretical discussion.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.606-608
• /
• 2014

Recent smartphone users constantly increases, an increase in malicious applications smartphones indiscretions exists within the Terminal, through the deployment of privacy disclosure, Singh and other victims also are on the rise. A typical personal way to malicious code masquerading as a normal application and install it on the handset of my text message or a personal note, such as personal information, the certificate directory, is the way that leaked. Therefore, to obtain permission to attack the root Terminal event by collecting malware infections and respond to determine whether it is necessary for the technique. In this paper, check the features of a Smartphone in real time systems, to carry out a study on the application throughout the Terminal to collect my attack event analysis, malware infection can determine whether or not the mobile security monitoring system. This prevents a user's personal information and take advantage of the top and spill are expected to be on the field.

• Journal of Convergence for Information Technology
• /
• v.8 no.2
• /
• pp.77-82
• /
• 2018

Recently, as cloud services become popular with general users, users' information is freely transmitted and received among the information used in the cloud environment, so security problems related to user information disclosure are occurring. we propose a method to secure personal information of multiple users by making personal information stored in the cloud server and a key for accessing the shared information so that the privacy information of the multi users using the cloud service can be prevented in advance do. The first key used in the proposed scheme is a key for accessing the user 's personal information, and is used to operate the information related to the personal information in the form of a multi - layer. The second key is the key to accessing information that is open to other users than to personal information, and is necessary to associate with other users of the cloud. The proposed scheme is constructed to anonymize personal information with multiple hash chains to process multiple kinds of information used in the cloud environment. As a result of the performance evaluation, the proposed method works by allowing third parties to safely access and process the personal information of multiple users processed by the multi - type structure, resulting in a reduction of the personal information management cost by 13.4%. The efficiency of the proposed method is 19.5% higher than that of the existing method.