• Journal of the Korea Safety Management & Science
• /
• v.16 no.3
• /
• pp.433-441
• /
• 2014

Increasing the outsourcing of personal information treatment, the safe management and director for fiduciary is very important. In this paper, under the personal information protection management systems the current situation of fiduciary management and direction was reviewed and the certification system was analysed in terms of availability of the controled items. Under the basis of legal compliance at the time of the Privacy Act, the characteristics of outsourcing type was also analyzed and derived new controled items. As a result of the proposed research, new controled items for fiduciary could be used as a standard for the managing Director.

• The Journal of Society for e-Business Studies
• /
• v.25 no.4
• /
• pp.1-14
• /
• 2020

IT businesses in Korea have relatively strong regulations. While providing the same service, domestic businesses are in a situation of 'reverse discrimination of regulations' as they are less competitive than global IT companies in accordance with the application of the personal information protection legislation in Korea. In this paper, Personal Information Protection legislation was classified and laws of major countries were analyzed in comparative ways. It also compared and analyzed the "private policy" presented by representative Internet sites (Naver, Daum, Google, Facebook) that provide services to users in Korea. We also proposed three aspects of legislation improvement to address reverse discrimination.

• The Journal of Korean Institute of Next Generation Computing
• /
• v.13 no.2
• /
• pp.7-17
• /
• 2017

In this paper, we propose the TPS (TPM-enhanced Privacy Protection System) which is an automated privacy protection system enhanced with a TPM (Trusted Platform Module). The TPS detects documents including personal information by periodic scanning the disk of clients at regular intervals and encrypts them. Hence, system manages the encrypted documents in the server. In particular, the security of TPS was greatly enhanced by limiting the access of documents including the personal information with regard to the client in an abnormal state through the TPM-based platform verification mechanism of the client system. In addition, we proposed and implemented a VTF (Virtual Trusted File) interface to provide users with the almost identical user interface as general document access even though documents containing personal information are encrypted and stored on the remote server. Consequently, the TPS automates the compliance of the personal information protection acts without additional users' interventions.

• Asia pacific journal of information systems
• /
• v.18 no.3
• /
• pp.45-65
• /
• 2008

The rapid growth of the Internet has increased the amount of transmission of personally identifiable information. At the same time, with new Internet related technologies, organizations are trying to collect and access more personal information than before, which in turn makes individuals concern more about their information privacy. For their successful businesses, organizations have tried to alleviate these concerns in two ways: (1) by offering privacy policies that promise certain level of privacy protection; (2) by offering benefits such as financial gains or convenience. In this paper, we interpret these actions in the context of the information processing theory of motivation. This paper follows Hann et al.(2007)'s methods to analyze Internet users privacy concerns in Korea and tries to compare the findings. Our research objectives are as follows: First, we analyze privacy concern mitigation strategies in the framework of the expectancy theory of motivation. Subsequently, we show how the expectancy theory based framework is linked o the conjoint analysis. We empirically validate the predictions that the means to mitigate privacy concerns are associated with positive valences resulting in an increase in motivational score. In order to accommodate real-life contexts, we investigate these means in trade-off situation, where an organization may only be able to offer partially complete privacy protection and/or promotions and/or convenience, While privacy protection (secondary use, improper access) are associated with positive valences, we also find that financial gains can significantly increase the individuals' motivational score of a website in Korea. One important implication of this empirical analysis is that organizations may possess means to actively manage the privacy concerns of Internet users. Our findings show that privacy policies are valued by users in Korea just as in the US or Singapore. Hence, organizations can capitalize on this, by stating their privacy policy more prominently. Also organizations would better think of strategies or means that may increase online users' willingness to provide personal information. Since financial incentives also significantly increase the individuals' motivational score of website participation, we can quantify the value of website privacy protection in terms of monetary gains. We find that Korean Internet users value the total privacy protection (protection against errors, improper access, and secondary use of personal information) as worthy as KW 25,550, which is about US 28. Having done this conjoint analysis, we next adopt cluster analysis methodology. We identify two distinct segments of Korea's internet users-privacy guardians and information sellers, and convenience seekers. The immediate implication of our study is that firms with online presence must differentiate their services to serve these distinct segments to best meet the needs of segments with differing trade-offs between money and privacy concerns. Information sellers are distinguished from privacy guardians by prior experience of information provision, To the extent that businesses cannot observe an individual's prior experience, they must use indirect methods to induce segmentation by self-selection as suggested in classic economics literature of price discrimination, Businesses could use monetary rewards to attract information sellers to provide personal information. One step forward from the societal trends that emphasize the need of legal protection of information privacy, our study wants to encourage organizations and related authorities to have the viewpoints to consider both importance of privacy protection and the necessity of information trade for the growth of e-commerce.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.3 no.5
• /
• pp.548-574
• /
• 2009

Personal information (hereinafter referred to as "PI") infringement has recently emerged as a serious social problem in Korea. PI infringement in the public and private sector is common. There were 182,666 cases of PI in 2,624 public organizations during the last three years. Online infringement cases have increased. PI leakage causes moral and economic damage and is an impediment to public confidence in public organizations seeking to manage e-government and maintain open and aboveboard administration. Thus, it is an important matter. Most cases of PI leakage result from unsatisfactory management of security, errors in home page design and insufficient system protection management. Protection management, such as encryption or management of access logs should be reinforced urgently. However, it is difficult to comprehend the scope of practical technology management satisfied legislation and regulations. Substantial protective countermeasures, such as access control, certification, log management and encryption need to be established. It is hard to deal with the massive leakage of PI and its security management. Therefore, in this study, we analyzed the conditions for the technical protection measures during the processing phase of PI. In addition, we classified the standard control items of protective measures suited to public circumstances. Therefore, this study provides a standard and checklist by which staff in public organizations can protect PI via technical management activities appropriate to laws and ordinances. In addition, this can lead to more detailed and clearer instructions on how to carry out technical protection measures and to evaluate the current status.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.11 no.11
• /
• pp.1017-1024
• /
• 2016

In this paper, we have figured out status and demand about personal information in local laws and regulations of the four major city out of the municipality 18 institutions of Gangwon Province. To take advantage of the autonomous regulations Information System(ELIS), and research and analysis in the autonomy regulations of local governments to object to the attachment format. To object to the Attachment to the request of the resident registration number notation is a super key. There is a disclosure resistance sense of personal information, and research analysis of the smart phone number and home phone number. We have proposed the urgent development of automatic search engine of PIMS compliance with personal information.

• Convergence Security Journal
• /
• v.12 no.2
• /
• pp.13-21
• /
• 2012

The purpose of this study is to profile actual conditions of personal information protection systems operated in overseas countries and examine major considerations of personal information that security service providers must know in the capacity of privacy information processor, so that it may contribute to preventing potential occurrence of any legal disputes in advance. Particularly, this study further seeks to describe fundamental idea and principle of said Personal Information Protection Act; enhancement of various safety measures (e.g. collection/use of privacy data, processing of sensitive information/personal ID information, and encryption of privacy information); restrictions on installation/operation of video data processing devices; and penal regulations as a means of countermeasure against leakage of personal information, while proposing possible solutions to cope with these matters. Using cases among foreign countries for this study.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.767-779
• /
• 2013

A field of privacy protection lacks statistical information about the current status, compared to other fields. On top of that, since it has not been classified as a concrete separate field, the related survey is only conducted as a part of such concrete areas. Furthermore, this trend of being regarded as a part of fields such as informatization, information protection and law will continue in the near future. In this paper, a novel and practical way for collecting and storing a big amout of data from 110,000 privacy policies by data controller is proposed and the real analysis results is also shown. The proposed method can save time and cost compared with the traditional survey-based method while maintaining or even advancing the accuracy of results and speediness of process. The collected big personal data can be used to set up various kinds of statistical models and they will play an important role as a breakthrough of observing the present status of privacy information protection policy. The big data concept is incorporated into the privacy protection and we can observe the method and some results throughout the paper.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.8
• /
• pp.1161-1170
• /
• 2013

Currently in 2013, a law that was drawn as a result of social agreement for personal information protection was enacted, and through several amendments, definite policy of written law and guideline were presented for definitive information protection in various fields of social business including IT field. Based on a series of social issues about the importance of personal information, a new access paradigm to personal information appeared. And from macroscopic access method called information protection, the necessity of technical access method came to the fore. Of course, it seems somewhat irrational to restrict all data in the form of personal information to a certain category of information until now. But in the deluge of information based on IT field, it is true that the part of checking the flow of personal information and selecting as security target has been standardized. But still there are cases in which it is difficult to routinely apply the five standardized flows of personal information Life-Cycle-collect, process, provide, store, and destroy-to information that all companies and organizations have. Therefore, the researcher proposes the standardized methodology by proposing the access control methodology for dualised hierarchical personal information Life-Cycle. The results of this research aim to provide practical data which makes optimal access control to personal information Life-Cycle possible.