• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.47-49
• /
• 2021

According to the revision of the Data 3 Act in 2020, personal information of medical data can be processed anonymously for statistical purposes, research, and public interest record keeping. However, unidentified data can be re-identified using genetic information, credit information, etc., and personal health information can be abused as sensitive information. In this paper, we derive the need for homomorphic encryption to protect the privacy of personal information separated by sensitive information.

• Journal of Information Management
• /
• v.36 no.1
• /
• pp.125-154
• /
• 2005

Due to the development of Internet and the collection and usage of the individual information, the infringements of the personal data have been increased rapidly. Regarding the personal data protection in the medical industry, it is clearly described in 'Act on Promotion of Information and Communication Network Utilization and information Protection, etc.'. the law is ratified on the basis of the service provider, therefore, it has its own limitation to be applied to medical industry. Therefore, this paper is to set the security standard and to discuss the range of legal application and considerations on its basis for the domestic medical institution at the electronic medical record system. We exemplify specific applicable content of the electronic signature in the electronic medical record also, present a security assessment item in electronic medical system and set the criteria for the security standard in the medical industry.

• Journal of the Korean Society of Radiology
• /
• v.16 no.5
• /
• pp.627-637
• /
• 2022

The purpose of this study is to comply with the operation and management of medical image information in PACS, the necessity of anonymizing the patient's personal information and the management status of the medical image information related to the personal The purpose of this study was to raise, discuss, and suggest the need for unification and coherence of the law by studying the content of the issues related to information related laws. In order to utilize information related to medical image information, it is necessary to unify the "Medical Act" or the "Bioethics Act" for clear legal application and consider the legal system's consistency. Since there is a possibility of conflict due to issues that are not yet established, systematic coherence of the law is required to find the basic common denominator for the utilization and use of medical image information and to harmonize the law. In addition, the necessity of enacting the "Medical Information Protection Act" that can be practically applied and easily practiced by medical personnel and managers in the clinical field so that sensitive matters of medical image information and personal information can be protected and managed in a specific and systematic way.

• The Journal of Society for e-Business Studies
• /
• v.25 no.1
• /
• pp.123-134
• /
• 2020

Although the rights of data subjects are defined through laws such as the Personal Information Protection Act, the consent process for collecting personal information by financial institutions is only formal and does not guarantee the right of self-determination of personal information. Therefore, it is necessary to analyze the problem by information provision items of the current model, and to improve by changing the structure such as replacing the current method provided with the text with pictures and videos, and mandatory to provide the information subjects with personal information flow related images from the signing up stage. The improvement model is presented as a way to add a procedure to the current model. The effect was verified through a survey. It is hoped that the proposed model is actually reflected through the review to create an environment that can be a true meaning agreement that reflects the information subject's right to self-determination.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.11
• /
• pp.195-200
• /
• 2020

Korea enacted the Protection of Public Interest Reporters Act in March 2011 to protect whistleblowers from acts of infringement of public interest in the private sector. Most acts of infringement of the public interest are carried out secretly within the organization, which is known to the outside world by reports from members of the organization who are well aware of the problems within the organization. However, whistleblowers are at a disadvantage due to reporting and are reluctant to report. In addition, measures are needed to strengthen institutional mechanisms such as confidentiality, protection of personal information, responsibility, and prohibition of disadvantageous measures to effectively protect reporters due to lack of practical protective measures. Therefore, practical protection measures for whistleblowers are needed in line with the purpose of protecting whistleblowers, and measures to expand the corresponding compensation system will also be needed. Therefore, in this study, we would like to review the main contents of the current system for protecting whistleblowers in Korea and suggest reasonable improvement measures for protecting whistleblowers.

• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.67-75
• /
• 2021

As pass the three revised bills, the Personal Information Protection Act was revised to have a larger application for personal information. For an industrial development through an efficient and secure usage of personal information, there is a need to revise the existing anonymity processing method. This paper modifies the Zero Knowledge Proofs algorithm among the anonymity processing methods to modify the anonymity process calculations by taking into account the reliability of the used service company. More detail, the formula of ZKP (Zero Knowledge Proof) used by ZK-SNAKE is used to modify the personal information for pseudonymization processing. The core function of the proposed algorithm is the addition of user variables and adjustment of the difficulty level according to the reliability of the data user organization and the scope of use. Through Setup_p, the additional variable γ can be selectively applied according to the reliability of the user institution, and the degree of agreement of Witness is adjusted according to the reliability of the institution entered through Prove_p. The difficulty of the verification process is adjusted by considering the reliability of the institution entered through Verify_p. SimProve, a simulator, also refers to the scope of use and the reliability of the input authority. With this suggestion, it is possible to increase reliability and security of anonymity processing and distribution of personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.2
• /
• pp.591-608
• /
• 2023

With the emergence of advanced encryption technologies such as Quantum Cryptography and Full Disk Encryption, an era of strengthening information security has begun. Users respond positively to the advancement of privacy-enhancing technology, on the other hand, investigative agencies have difficulty unveiling the actual truth as they fail to decrypt devices. In particular, unlike past ciphers, encryption methods using biometric information such as fingerprints, iris, and faces have become common and have faced technical limitations in collecting digital evidence. Accordingly, normative solutions have emerged as a major issue. The United States enacted the CLOUD Act with the legal mechanism of 'Contempt of court' and in 2016, the United Kingdom substantiated the Compelled Decryption through the Investigatory Powers Act (IPA). However, it is difficult to enforce Compelled Decryption on individuals in Korea because Korean is highly sensitive to personal information. Therefore, in this paper, we sought a method of introducing a Compelled Decryption that does not contradict the people's legal sentiment through a perception survey of 95 people on the Compelled Decryption. We tried to compare and review the Budapest Convention with major overseas laws such as the United States and the United Kingdom, and to suggest a direction of legislation acceptable to the people in ways to minimize infringement of privacy. We hope that this study will be an effective legal response plan for law enforcement agencies that can normatively overcome the technical limitations of decoding.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.397-409
• /
• 2014

According to the Personal Information Protection Act(PIPA) which is legislated in March 2011, the individual or company that handles personal information, called Personal information processor, should encrypt some kinds of personal information kept in his Database. For convenience sake we call it DB Encryption in this paper. Law enforcement and the implementation agency accordingly are being strengthen the supervision that the status of DB Encryption is being properly applied and implemented as the PIPA. However, the process of DB Encryption is very complicate and difficult as well as there are many factors to consider in reality. For example, there are so many considerations and requirements in the process of DB Encryption like pre-analysis and design, real application and test, etc.. And also there are surely points to be considered in related system components, business process and time and costs. Like this, although there are plenty of factors significantly associated with DB Encryption, yet more concrete and realistic validation entry seems somewhat lacking. In this paper, we propose a realistic DB Encryption Assurance Framework that it is acceptable and resonable in the performance of the PIPA duty (the aspect of the individual or company) and standard direction of inspection and verification of DB Encryption (the aspect of law enforcement).

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.34
• /
• pp.77-108
• /
• 2007

The traditional name given to the insurance of third party liabilities and certain contractual liabilities which arise in connection with the operation of ships is protection and indemnity(P & I) insurance. P & I insurance is very different from traditional hull and machinery insurance in that shipowners' hull and machinery insurance is designed primarily to protect the assured against losses to his vessel, whereas P & I insurance seeks to indemnify an shipowner in respect of the discharge of legal liabilities he has incurred in operating his own vessels. This study is to examine the background of establishment of British P & I clubs md, therefore, the identity of P & I insurance. The present British P & I clubs are the remote descendants of the many small and local hull mutual insurance clubs that were formed by British shipowners in the end of 18th century. At that time, British shipowners were dissatified with the state of marine insurance market and, therefore, established clubs together in mutual hull insurance clubs. After the removal of the company monopoly in 1824, greater competition had a good effect on the rates, terms of cover and service offered by the commercial marine insurance market and by Lloyd's underwriters, and the hull clubs became less necessary and went into decline. The burden of British shipowners on liabilities to third parties was steadily increased after the middle of the 19th century, but the amount insured under hull policy was limited in the insured value of the ship. Eventually, the first protection club, that is, the Shipowners' Mutual Protection Society was formed in 1855. It was designed to like past mutual hull clubs, but to cover liabilities for loss of life and personal injury and also the collision risks excluded from the current marine policies, particularly the excess above the limits in hull policies. In 1870, the risks of liability for loss of or damage to cargo carried on board the insured ship was first awarded by the British shipowners. After 1874, many protection clubs formed indemnity club to cover the risk of liability for loss or damage to cargo. As mentioned above, British P & I clubs have been steadily changed according to the response of shipowners under the rapidly changing law of British shipowners' liability, and so on in the future.

• The Korean Society of Law and Medicine
• /
• v.17 no.2
• /
• pp.315-346
• /
• 2016

With the development of big data processing technology, the potential value of healthcare big data has attracted much attention. In order to realize these potential values, various research using the healthcare big data are essential. However, the big data regulatory system centered on the Personal Information Protection Act does not take into account the aspect of big data as an economic material and causes many obstacles to utilize it as a research purpose. The regulatory system of healthcare information, centered on the primary purpose of patient treatment, should be improved in a way that is compatible with the development of technology and easy to use for public interest. To this end, it is necessary to examine the trends of overseas legal system reflecting the concerns about the balance of protection and utilization of personal information. Based on the implications of the overseas legal system, we can derive improvement points in the following directions from our legal system. First, a legal system that specializes in healthcare information and encompasses protection and utilization is needed. De-identification, which is an exception to the Privacy Act, should also clearly define its level. It is necessary to establish a legal basis for linking healthcare big data to create synergy effects in research. It is also necessary to examine the introduction of the opt-out system on the basis of the discussion on the foreign debate and social consensus. But most importantly, it is the people's trust in these systems.