• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• Journal of Korea Society of Industrial Information Systems
• /
• v.16 no.4
• /
• pp.53-65
• /
• 2011

As the Information and Communication Technologies continue to advance, some sensitive services (e.g. e-commerce, on-line financial service, and etc.) have spread rapidly. Accordingly, ensuring the safety of the sensitive service itself using personal Information as well as the protection of personal Information Is becoming very important. In addition, with the popularization of smart phone and the universalized use of wireless Internet, many services that have been provided on the basis of the conventional wired network are increasingly propagating to wired and wireless converged network environment. These changes in the network environment requires new paradigm for the pursuit of safe and stable communication. In this paper, we propose seamless and secure service framework that can facilitate a sustainable secure connection between the user terminal and the sensitive service system by using both the personal and network Information. The proposed service framework is capable of isolating the source of authorized use by a third party of the personal Information as far as the user terminal is not lost, although some personal Information is disclosed. Besides, it can provide a seamless and safe service environment even if the access network is changed by relocation of terminals in the heterogeneous mobile network environment.

• The Journal of the Korea Contents Association
• /
• v.14 no.6
• /
• pp.1-10
• /
• 2014

Through the development of internet mobile devices and online business activation, sensitive data of unspecified user is being easily exposed. In such an open business environment, the outflow of sensitive personal information has often been remarked on recently for which adoption of encryption solution for database became top priority in terms of importance. In 2011, government also legislated for the protection of personal information as an information network law, and is now applying the law to a variety of industries. Firms began to comply with these regulations by establishing various measures for protection of personal information and are now quickly introducing encryption solution to reinforce security of personal information they are managing. In this paper, I present architecture and technological parts that should be considered when introducing security solution.

• Journal of Korean Society of Archives and Records Management
• /
• v.17 no.1
• /
• pp.51-71
• /
• 2017

Approximately 10 million electronic approval documents have been released online since the commencement of the original information disclosure service. However, it is practically impossible to carry out an original information disclosure service by confirming a large amount of electronic approval documents to all persons in charge of information disclosure. Recently, some public organizations have been using private information filtering tools to filter personal information at the stage of document production, but the management of different sensitive information has not been managed using solutions. In this study, we set up the advanced direction of the filtering tool by analyzing the filtering tool in use to support the original information disclosure, and redesigned the text of the approval document and the original information disclosure process with the use of the filtering tool.

• The Journal of Information Systems
• /
• v.21 no.2
• /
• pp.73-96
• /
• 2012

With emergence of smart technologies(e.g., smartphones), Location-Based Services(LBS) are expected to provide more enhanced values utilizing consumers' personal information than other smart services. However, in contrast to existing smartphone applications, LBS could raised severe consumer's privacy concerns because of rapidly changing information sensitive to consumers. In this context, the purpose of this study is to explore relationships among privacy concerns reduction, trust and intention to use LBS by examining the effect of precedence factors(social presence, reputation, mobile literacy, ability of information control) of privacy concern reduction. In addition, the study investigates the role of personal innovation as a moderating effect between privacy concern reduction and intention to use LBS. The results showed that the proposed precedence factors of privacy concerns with a exception of Mobile Literacy had a positive impact on privacy concerns reduction that then positively affected trust and intention to use LBS. In addition, the relationship between trust and intention to use LBS was significantly supported. Finally, personal innovation as a moderating effect significantly influenced the relationship between privacy concern reduction and intention to use LBS. This study is expected to be a reference for a subsequent study about the spread of LBS application of smartphone. Also, the finding of this study is meaningful for helping service direction to firms providing LBS.

• International journal of advanced smart convergence
• /
• v.12 no.2
• /
• pp.56-66
• /
• 2023

The goal of deep learning is to extract complex features from multidimensional data use the features to create models that connect input and output. Deep learning is a process of learning nonlinear features and functions from complex data, and the user data that is employed to train deep learning models has become the focus of privacy concerns. Companies that collect user's sensitive personal information, such as users' images and voices, own this data for indefinite period of times. Users cannot delete their personal information, and they cannot limit the purposes for which the data is used. The study has designed a deep learning method that employs privacy protection technology that uses distributed collaborative learning so that multiple participants can use neural network models collaboratively without sharing the input datasets. To prevent direct leaks of personal information, participants are not shown the training datasets during the model training process, unlike traditional deep learning so that the personal information in the data can be protected. The study used a method that can selectively share subsets via an optimization algorithm that is based on modified distributed stochastic gradient descent, and the result showed that it was possible to learn with improved learning accuracy while protecting personal information.

• Journal of the Korea Society of Computer and Information
• /
• v.12 no.3
• /
• pp.195-201
• /
• 2007

ARecent advances of network technologies and internet infrastructures construct a fast and useful information-oriented society. However, these nay infringe on privacy and expose sensitive information such as user id, secret number and credit card number. Therefore, we need countermeasures for solving these problems. In this paper we try to hack personal information using Google and domestic search engines, Naver and Empas. After analyze the result, we suggest solutions to prevent personal information hacking based on these search engines.

• Information Systems Review
• /
• v.16 no.3
• /
• pp.179-190
• /
• 2014

Because personal information files held by educational institutions include sensitive information such as personal school affairs information or health information, damages resulted from personal information leakage of educational institutions are expected to be serious. In order to respond to this problem, the Ministry of Education has expanded information security education targeting (personal) information security officers in educational institutions. However, a number of personal information leakage cases of public institutions occurred at educational institutions. Thus, this study, targeting information security education centers, through an empirical research, tries to confirm whether information security education supply is being properly provided for (personal) information security officers in educational institutions, and suggest the appropriate balance between education supply and education demand as the implication for the educational direction of information security education centers.

• Convergence Security Journal
• /
• v.18 no.5_1
• /
• pp.83-92
• /
• 2018

The GDPR implemented since 25 May 2018 is common to all EU Member States and is legally binding. It is also important and legally valuable in that it takes into account the latest trends related to privacy protection. The purpose of this study is to propose a comprehensive review and improvement direction of the personal information protection laws in South Korea through a comparative analysis of EU GDPR and privacy related laws in South Korea. As a result of this study, the differences between the GDPR and privacy related laws in South Korea are Definition of personal sensitive information, Right to data portability, Data protection officer, Transfers of personal data to third countries, Supervisory authority, and Punishment, etc. The differences in these regulations were necessary to protect the rights and interests of data subjects and to properly handle personal information of personal information controllers. Therefore, based on the results of the comparative analysis of this study and suggestions on improvement direction of the law related to personal information protection, it is expected that it will contribute to the overall inspection and improvement of the law related to personal information protection in South Korea.