• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1437-1446
• /
• 2019

As a result of various personal information leakage incidents, the government implemented enhanced privacy protection measures, and financial companies are making efforts to periodically check whether personal information is misused according to government measures, but the problem of misuse of personal information is still not improved. The purpose of this study is to analyze the results of field experiments using the monitoring system for misuse of personal information and to suggest ways to improve the misuse problem. Based on the specific deterrence theory, this study examined the effects of misuse prevention according to the method of dealing with misusers, and analyzed the relationship between the duties of misusers and their years of service and misuse. It is expected that the analysis results of this study will be used for effective policy establishment.

• Asia pacific journal of information systems
• /
• v.19 no.4
• /
• pp.29-45
• /
• 2009

In the information age, cheap price of information processing and advances in personalization technology have allowed companies to enhance the relationships with their existing customers and to expand their customer base by effectively attracting new customers. However, most customers are reluctant to provide their personal information to companies. This study explores the tension between companies' desire to collect personal information to offer personalized services and their customers' privacy concerns. The psychological reactance theory suggests that when individuals feel that their behavioral choice is threatened or restricted, they are motivated to restore their freedom. Therefore, despite the expected benefits from personalized services, customers may perceive the services to be restrictive of their freedom to choose. This adverse effect may undermine the relationships between companies and their customers. We conducted experiments to explore the dynamic roles of transactional and environmental factors in motivating customers to provide personal information. We revisited online privacy issues from the perspective of psychological reactance. For the experiments, we created an online shop and randomly assigned the participants to one of the two experimental conditions-high and low levels of information requirements. The results of the experiment indicate that threatening the free choice serves as a transactional cost in online profiling. On the other hand, the expected benefits of personalization services have positive correlations with customers' willingness to provide personal information. This study explains privacy based on transactional and environmental factors. Our findings also indicate that the environmental factors such as the Internet privacy risk and trust propensity do not significantly affect the willingness to provide personal information when firms required much personal information. Implications and contributions are discussed.

• Journal of Advanced Navigation Technology
• /
• v.14 no.4
• /
• pp.504-511
• /
• 2010

The personal bio-information supplied from the PHD(Personal Health Device) for personal health management is very sensitive in relation to a personal living body in an aspect of privacy protection. On the assumption thai the information is about a patient, it is more serious problem if it is revealed to a third party. However. the established ISO (International Organizations for Standardization) standard protocol[1] in October 2009 has just considered a transmission part for mutual exchange of bio-information between individuals, but has never actually considered security elements. Accordingly, this paper is to show all sorts of security threats according to personal health management in the u-health environment and security requirements newly.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.18 no.2
• /
• pp.239-251
• /
• 2014

The personal cloud is a service which approaches the personal contents scattering to all terminals and online space at the personal information-oriented age in which the person's digital device including the Smart-phone, MID, PC, IPTV and etc, increases and the personal online service including the blog, E-mail, UCC, social network service and ect, rapidly increasing for the cloud computing regardless of the terminal anywhere independently and can provide the high vale added personalization service through the analysis of the contents and processing. The future of the personal cloud market is prospected through the service and technology which enhances the understanding about the cloud computing, that is the next generation IT paradigm which the world IT companies pay attention to, and is provided and business strategy analysis of the security and normalizing and related companies.

• International Journal of Knowledge Content Development & Technology
• /
• v.2 no.2
• /
• pp.17-29
• /
• 2012

All academic information on the web or elsewhere has its creator, that is, a subject who has created the information. The subject can be an individual, a group, or an institution, and can be a nation depending on the nature of the relevant information. Most information is composed of a title, an author, and contents. An essay which is under the academic information category has metadata including a title, an author, keyword, abstract, data about publication, place of publication, ISSN, and the like. A patent has metadata including the title, an applicant, an inventor, an attorney, IPC, number of application, and claims of the invention. Most web-based academic information services enable users to search the information by processing the meta-information. An important element is to search information by using the author field which corresponds to a personal name. This study suggests a method of efficient indexing and using the adjacent operation result ranking algorithm to which phrase search-based boosting elements are applied, and thus improving the accuracy of the search results of personal names. It also describes a method for providing the results of searching co-authors and related researchers in searching personal names. This method can be effectively applied to providing accurate and additional search results in the academic information services.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.8 no.8
• /
• pp.1161-1170
• /
• 2013

Currently in 2013, a law that was drawn as a result of social agreement for personal information protection was enacted, and through several amendments, definite policy of written law and guideline were presented for definitive information protection in various fields of social business including IT field. Based on a series of social issues about the importance of personal information, a new access paradigm to personal information appeared. And from macroscopic access method called information protection, the necessity of technical access method came to the fore. Of course, it seems somewhat irrational to restrict all data in the form of personal information to a certain category of information until now. But in the deluge of information based on IT field, it is true that the part of checking the flow of personal information and selecting as security target has been standardized. But still there are cases in which it is difficult to routinely apply the five standardized flows of personal information Life-Cycle-collect, process, provide, store, and destroy-to information that all companies and organizations have. Therefore, the researcher proposes the standardized methodology by proposing the access control methodology for dualised hierarchical personal information Life-Cycle. The results of this research aim to provide practical data which makes optimal access control to personal information Life-Cycle possible.

• Smart Media Journal
• /
• v.11 no.10
• /
• pp.76-88
• /
• 2022

Personal information leakage is very harmful as it can lead to additional attacks using leaked information as well as privacy invasion, and it is primarily caused by hacking server databases of institutions that collect and store personal information. We propose a scheme that allows a service-requesting user to authorize a secure delegated transfer of his personal information to the service provider via a reliable authority and enables only the two parties of the service to retrieve the provided information stored on a blockchain ensuring data confidentiality. It thus eliminates the necessity of storing customer information in the service provider's own database. As a result, the service provider can serve customers without requiring membership registration or storing personal information in the database, so that information leakage through the server database can be completely blocked. In addition, the scheme is free from the risk of information leakage and subsequent attacks through smartphones because it does not require a user's smartphone to store any authentication credential or personal information of its owner.

• Journal of Digital Convergence
• /
• v.12 no.8
• /
• pp.187-196
• /
• 2014

Most Consumers don't pay attention the process of giving consent for the provision of personal information. The terms of giving consent of personal information provision including 3rd party provision related contents. Although personal information leakage were related 3rd party sharing, consumers can't recognize the details. Therefore, this study focused on the perception of 3rd party provision of personal information. Consumers recognized 3rd party as who are related the service offer or not. Consumers want to know the cases of personal information sharing to the 3rd party, and if the business operators got benefit to share personal information with 3rd party, consumers want to know the facts. To understand the terms easily, the format have to be revised and to be standardized. Standardization of consent forms is very important for consumers to understand the difficult documents and the development of the business system to collect and use consumer's personal information to guarantee the right to self-determination of personal information.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.4
• /
• pp.145-151
• /
• 2015

Since we use internet every day, the internet privacy has become important. We need to find out what kinds of personal information is exposed to the internet and to eliminate the exposed information. However, it is not efficient to search the personal information using only fragmentary clues in web search engines because the ranking results are not relevant to the exposure degree of personal information. In this paper, we introduced a personal information retrieval system and proposed a process to remove private data from the web easily. We also compared our proposed method with previous methods by evaluating the search performance.