• International Commerce and Information Review
• /
• v.4 no.2
• /
• pp.27-46
• /
• 2002

Nowadays, the explosive evolvement of Internet. which is referred to as EC, has been prevailing. That has given the chance all of the world consumers to contact all of the world companies to enter into business relationship. But, electronic commerce laws have been established per conventional jurisdiction. some legal issues take place in the field of cross-border electronic commerce, including the governing law and competent courts. In this situations, it is gradually and widely required to lay down the internationally harmonized electronic commerce legal framework. Now, there are a lot of legal issues assumed in EC, in this study, we studied three precedence problems concerning B2C: Consumer Protection Law regarding B2C, Personal Information Protection Law in Private Sector regarding B2C, Web Site Trust Mark System.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1141-1147
• /
• 2017

An unmanned aerial vehicle(UAV), commonly known as a drone, is an aircraft without a human pilot aboard, which is operated by wireless device. A drone provides the capability for the aerial search and traffic control as a police equipment. It has benefits for the missions for the aerial photography with the high resolution camera which can replace eye-dependent search processes. Moreover it has advantage of retrieving several times for the recorded videos. However, if the law enforcement agency misuse and overuse a drone for investigations and search missions without certain regulations and principles, it breaches privacy and personal information infringement. In this paper, we issue a lawful challenges on drone operations and discuss solutions to those challenges.

• Convergence Security Journal
• /
• v.20 no.5
• /
• pp.53-63
• /
• 2020

In accordance with the revision of the Data 3 Act, such as the Personal Information Protection Act, it is possible to process pseudonym information without the consent of the information subject for statistical creation, scientific research, and preservation of public records, and unlike personal information, it is legal for personal information leakage notification and personal information destruction There are exceptions. It is necessary to revise the pseudonym information in that the standard for the pseudonym processing differs by country and the identification guidelines and anonymization are identified in the guidelines for non-identification of personal information in Korea. In this paper, we focus on the use of personal information in accordance with the 4th Industrial Revolution, examine the concept of pseudonym information for safe use of newly introduced pseudonym information, and generate / use / provide / destroy domestic and foreign non-identification measures standards and pseudonym information. At this stage, through the review of the main contents of the law or the enforcement ordinance (draft), I would like to make suggestions on future management / technical protection measures.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.501-504
• /
• 2012

Personal Information Protection Law and Information Communication Network Law is administered from March, 2012 and August, 2012. It is very important to protect and manage the key well so that the third party doesn't know the key. Thus, at present, there increases an importance of Key Management Server. Key Management Server is an appliance type of hardware equipment which can securely store and manage encryption and decryption key. In this paper, we will survey on foreign key management server products and discuss about the necessities of legislation of related law and establishment of policy.

• The Korean Society of Law and Medicine
• /
• v.22 no.4
• /
• pp.185-210
• /
• 2021

On September 24, 2021, the new provisions(Article 38-2 of the Medical Service Act) mandatory CCTV installation in operating rooms where the unconscious patient is operating such as general anesthesia. The revised medical law aims to effectively prevent illegal activities that may occur in the operating rooms and to promote appropriate resolution to medical dispute. According to the law, medical institutions operating unconscious patients, such as general anesthesia, must install CCTVs in the operating rooms by September 25, 2023, and film surgical scenes only at the request of patients and their guardians, regardless of the consent of the medical personnel. The bill delegated the legislative device to minimize infringement of fundamental rights to subordinate statutes without stipulating it in the law.(Article 38-2(10)) The most realistic policy plan to minimize the infringement of the fundamental rights of patients is to prepare specific regulations. Therefore, this study examines the legislative background and main contents of the amended CCTV installation bill, and suggests issues to be reviewed when preparing subordinate statutes by analyzing major issues. It was reviewed based on compliance with the principle of minimizing infringement of fundamental rights of information subjects in the operating rooms. The information subjects of CCTV are health professionals and patients. Suggesting issues should be considered when preparing subordinate statutes so that the purpose of the CCTV installation law can be achieved while minimizing infringement of right of self-determination of personal information, personality rights, and human rights. It is hoped that this paper will be referred when discussing subordinate statutes and regulations to contribute minimizing infringement of fundamental rights.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.109-116
• /
• 2014

Personal information leakage in financial corporations including three card corporations has occurred constantly this year. It is due to incomplete encryption system and negligent personal security. Solicitors are known as a cause of information leakage because they operate with leaked information. Information leakage can cause secondary damage with mental demage to person and result in a drop in reliability as well as an operating loss in financial corporations. Also because it can destroy a base of credit society, prevention of recurrence is badly needed. The government finally announced 'general measures for prevention of information leakage in the field of finance' with sanctions reinforcement and restriction to collect, possess, provide personal information as the main agenda. And a related law revision is going in the National Assembly. In this paper, effectiveness of government measures is weighed with the cause analysis of information leakage and countermeasure for prevention of information leakage is found.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.637-651
• /
• 2017

In order for a financial company to collect personal information, it explicitly notifies consumers of the contents stipulated by law and gets consent beforehand. As a result, as financial products became more complicated and diverse, and the contents of 'Consent form for providing personal information' became more complicated and more. In particular, in the case of internet or mobile, the letter became smaller as the screen size limit, making it more difficult to understand. This is because almost all companies that collecting personal information are in a similar situation, In the position of consumers who use services are, contradictions arise that habitually agree without understanding the consent contents. In this research, in order to present a consent policy establishment decision-making model to rationally collect and use personal information through the Internet website of financial companies, consider the domestic and foreign legal system Then, derive a problem To present improvement measures. In addition, the evaluation factors selected through the research are verified by presenting decision making models and formulas using AHP (Analytic Hierarchy Process) method.

• Journal of Information Technology Services
• /
• v.18 no.2
• /
• pp.55-73
• /
• 2019

The importance of the personal information has been increased, there have been a lot of efforts to establish a new policy, certification or law for administrating personal information more effectively and safely. Korean government has operated ISMS and PIMS certification system to assess whether an organization has established and managed appropriate information security system or not. However, it has been addressed the needs for revising and modifying of PIMS and ISMS. It is evaluated there are a few overlapped criteria to assess information management system in both ISMS and PIMS. ISMS-P certification, combining with ISMS and PIMS, is, finally, suggested, in the recent. GDPR is established having an aim of primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. This study compares GDPR and ISMS-P, focusing on "personal information". It can be expected to contribute as followings. This study can be a criterion for self-evaluation of possibility to violate of GDPR of a firm in preparation for ISMS-P. Second, this study also aims to increase the understanding of the role of ISMS-P and GDPR, among various certifications with the purpose of assessment of the information security management system, by reducing the costs required to obtain the unnecessary certification and alleviating the burden. Third, it contributes to diffusion of ISMS-P newly implemented in Korea.

• Convergence Security Journal
• /
• v.13 no.1
• /
• pp.31-36
• /
• 2013

The personal information protection act has been enacted from 2011 for the protection of public and private privacy. Since the application area of the law is so broad, there is a limit to covers everything in the financial field. In this paper, I'll discuss an impact and problem by the personal information protection act. and propose some new task to build an efficient personal information protection governance on financial sector.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.107-113
• /
• 2012

Recently, according to the establishment of personal information protection Act, the public and private organizations are taking a step to protect personal information rights and interests by employing the technical methods such as the access control mechanism, cryptography, etc. The result of the personal information leakage causes a serious damage for the organization image and also has to face with the responsibility by law. However, applying access control and cryptographic approach on the personal information item for every connection to large database system causes significant performance degradation in a large database system. In this paper, we designed and implemented the light weight system using JVM (Java Virtual Machine) for the Oracle DBMS environment which the concurrent transaction occurs many, thereby the proposed system provides the minimum impact on the system performance and meets the need of personal information protection. The proposed system was validated on the personal information protection system which sits on a 'A' public organization's portal site and personnel information management system.