• Title/Summary/Keyword: Privacy Compliance

Search Result 36, Processing Time 0.019 seconds

A Study on Privacy Compliance Indicators Based on Privacy Act's Penalty Provisions (개인정보보호법 벌칙조항에 근거한 개인정보보호 이행 점검 지표 연구)

  • Son, Tae-Hyeon;Park, Jeong-Seon
    • Proceedings of the Safety Management and Science Conference
    • /
    • 2013.11a
    • /
    • pp.569-578
    • /
    • 2013
  • This paper which took effect in September 2011 to comply with the Privacy Act were studied in terms of the provisions for penalties. Article 70 to 75 of Privacy Act in was considered with mandatory provisions of items, and for the compliance required actions was developed and item indexing according to collection, use, offer, charge, destroying of life cycle of personal information.

  • PDF

An Empirical Study of B2C Logistics Services Users' Privacy Risk, Privacy Trust, Privacy Concern, and Willingness to Comply with Information Protection Policy: Cognitive Valence Theory Approach (B2C 물류서비스 이용자의 프라이버시 위험, 프라이버시 신뢰, 프라이버시 우려, 정보보호정책 준수의지에 대한 실증연구: 인지밸런스이론 접근)

  • Se Hun Lim;Dan J. Kim
    • Information Systems Review
    • /
    • v.22 no.2
    • /
    • pp.101-120
    • /
    • 2020
  • This study investigates the effects of privacy psychological characteristics of B2C logistics services users on their willingness to comply with their logistics companies' information protection policy. Using cognitive valence theory as a theoretical framework, this study proposes a research model to examine the relationships between users' logistics security knowledge, privacy trust, privacy risk, privacy concern, and their willingness of information protection policy compliance. To test the proposed model, we conducted a survey from actual users of logistics services and collected valid 151 samples. We analyzed the data using a structural equation modeling software. The empirical results show that logistics security knowledge positively affects privacy trust; privacy concern positively influences privacy risk; privacy trust, privacy risk, and privacy concern positively influence behavioral willingness of compliance. However, logistics security knowledge does not affect behavioral willingness of compliance. The results of the study provide several contributions to the literature of B2C logistics services domain and managerial implications to logistics services companies.

Compliance and Implications for Public Officials in Charge of Personal Information Protection by Policy Trends (개인정보보호 정책 동향에 따른 공공기관 담당자를 위한 업무 수행 준수사항 및 시사점)

  • Ju, Gwang-il;Choi, Seon-Hui;Park, Hark-Soo
    • The Journal of the Korea Contents Association
    • /
    • v.17 no.4
    • /
    • pp.461-467
    • /
    • 2017
  • Privacy laws are widely enforced throughout the general public and private sector, and the Ministry of Government Administration and Home Affairs is stepping up its annual level of protection and management levels annually. However, in actual field, it has limits to follow the laws that are amended to comply with the privacy laws of the public sector. Therefore, this study should examine the trends of privacy protection and examine items that require adherence to privacy practices in public institutions. In addition, it is hoped to draw implications for the problems arising from the task itself, as well as providing implications for the issues that are closely related to the public in the privacy of the privacy policies.

A Study on Information Security Management of Hospital Web Sites (의료기관 종별 웹 사이트 정보보안 관리 실태 연구)

  • Kim, Jong-Min;Ryu, Hwang-Gun
    • The Korean Journal of Health Service Management
    • /
    • v.9 no.2
    • /
    • pp.23-32
    • /
    • 2015
  • In this paper, we evaluated web security vulnerability and privacy information management of hospital web sites which are registered at the Korea Hospital Association. Vulnerability Scanner (WVS) based on the OWASP Top 10 was used to evaluate the web security vulnerability of the web sites. And to evaluate the privacy information management, we used ten rules which were based on guidelines for protecting privacy information on web sites. From the results of the evaluation, we discovered tertiary hospitals had relatively excellent web security compared to other type of hospitals. But all the hospital types had not only high level vulnerabilities but also the other level of vulnerabilities. Additionally, 97% of the hospital web sites had a certain level of vulnerability, so a security inspection is needed to secure the web sites. We discovered a few SQL Injection and XSS vulnerabilities in the web sites of tertiary hospitals. However, these are very critical vulnerabilities, so all hospital types have to be inspected to protect their web sites against attacks from hacker. On the other hand, the inspection results of the tertiary hospitals for privacy information management had a better compliance rate than that of the other hospital types.

Research on the evaluation model for the impact of AI services

  • Soonduck Yoo
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.15 no.3
    • /
    • pp.191-202
    • /
    • 2023
  • This study aims to propose a framework for evaluating the impact of artificial intelligence (AI) services, based on the concept of AI service impact. It also suggests a model for evaluating this impact and identifies relevant factors and measurement approaches for each item of the model. The study classifies the impact of AI services into five categories: ethics, safety and reliability, compliance, user rights, and environmental friendliness. It discusses these five categories from a broad perspective and provides 21 detailed factors for evaluating each category. In terms of ethics, the study introduces three additional factors-accessibility, openness, and fairness-to the ten items initially developed by KISDI. In the safety and reliability category, the study excludes factors such as dependability, policy, compliance, and awareness improvement as they can be better addressed from a technical perspective. The compliance category includes factors such as human rights protection, privacy protection, non-infringement, publicness, accountability, safety, transparency, policy compliance, and explainability.For the user rights category, the study excludes factors such as publicness, data management, policy compliance, awareness improvement, recoverability, openness, and accuracy. The environmental friendliness category encompasses diversity, publicness, dependability, transparency, awareness improvement, recoverability, and openness.This study lays the foundation for further related research and contributes to the establishment of relevant policies by establishing a model for evaluating the impact of AI services. Future research is required to assess the validity of the developed indicators and provide specific evaluation items for practical use, based on expert evaluations.

Research on the Development of SLA Indicators for Personal Information Protection of Public IT Maintenance Business (공공정보화분야 유지관리사업의 개인정보보호를 위한 SLA 지표 개발에 대한 연구)

  • Lee, Kyung-Hwan;Ryu, Gab-Sang
    • Journal of the Korea Convergence Society
    • /
    • v.11 no.6
    • /
    • pp.37-42
    • /
    • 2020
  • In the field of public informatization maintenance business, the attacks of external illegal users such as unauthorized leakage, destruction, and alteration due to intentional or inadequate management of personal information are increasing. In order to prevent such security incidents in advance, it is necessary to develop and quantitatively manage SLA indicators. This study presents the privacy SLA indicators and suggests specific methods such as information collection method and timing of the privacy SLA indicators. In order to confirm the validity and reliability of the proposed SLA indicators, an online survey was conducted with a group of experts. As a result, it was evaluated that compliance rate of personal information destruction and compliance rate of personal information protection system would be effective when applied to new and revised SLA indicators in terms of importance and validity. In the future, using SLA indicators for personal information protection as a standard for public information maintenance will contribute to improving SW quality and securing safety.

A Preliminary Research on the Impact of Perception of Personal Information Leakage Incidents on the Behavior of Individual Information Management in the Mobile Banking Contexts (모바일 뱅킹 이용자의 개인정보 유출사고 인지가 개인정보관리 준수행동에 미치는 영향에 대한 사전 연구)

  • Kim, Jungduk;Lim, Se-Hun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.735-744
    • /
    • 2016
  • Recently, personal information leakage incidents with increased usage of mobile services are increasing. Personal information leakage incidents can have a significant impact on an individual's mobile banking services. Accordingly, we examine relationships among individual's psychological characteristics, intention and behavior regarding compliance in an individual's perception on personal information leakage incidents in mobile banking contexts. In this study, for explaining our research model and understanding with personal psychology and behavior in mobile banking contexts, we adopted two theories, theory of interpersonal behavior and stimulus-response theory. We collected the 55 data using online surveyor and then analyzed structural equation model in order to find causal relationships among research variables. The results of this study should be useful to the mobile banking services companies in promoting service users to follow the information privacy policies.

Study on Digital Investigation Model for Privacy Acts in Korea (개인정보보호법 기반 디지털 포렌식 수사 모델 연구)

  • Lee, Chang-Hoon
    • Journal of Advanced Navigation Technology
    • /
    • v.15 no.6
    • /
    • pp.1212-1219
    • /
    • 2011
  • As recently Privacy Acts in Korea enforced in domestic companies' personal information management needs of a growing obligation for the safety measures and the right of personal information collection, use, limitations, management, and destroyed specifically for handling personal information. Such this regulations should be required technical and policy supports. Accordingly, for the enterprise incident has occurred, the personal information management system behave correctly operating to verify that the safety measures taken, and be determined by the specific preparation to be done. So the first, preparation phase corresponds to the upcoming digital forensic investigation model. On the other hand, the response team also carried these measures out correctly, it needs to be done to check the compliance of Privacy Act. Thus a digital forensics investigation model is strictly related with the implementation of the Privacy Acts and improve the coping strategies are needed. In this paper, we suggest a digital forensic investigation model corresponding to Privacy Act.

Analyzing Assessment Factors to Develop a Privacy Impact Assessment Pre-Diagnostic Tool (개인정보 영향평가 사전진단도구 개발을 위한 평가 요소 분석)

  • Young-Ae Jung
    • Journal of Platform Technology
    • /
    • v.12 no.1
    • /
    • pp.151-163
    • /
    • 2024
  • The Privacy Impact Assessment, PIPA in Korea refers to the process of analyzing risk factors and identifying improvements that must be carried out by organizations that operate personal information files as stipulated in Article 33 of the Personal Information Protection Act, PIPA and Article 35 of the Enforcement Decree of the PIPA. There are two main limitations of the PIA in Korea. The first limitation is that the targets of the PIA are limited to public institutions and organizations that are legally equivalent to public institutions, and the second limitation is that only organizations with adequate manpower, facilities, and other necessary requirements which are regulated upon the Enforcement Decree of the PIPA can conduct a PIA. This paper proposes to develop a preliminary diagnostic tool that can be performed by private companies, small and medium-sized venture companies, and small businesses in the era of rapidly developing data in recent years and presents an analysis of specific assessment factors. The results of this study are provided in the form of a self-checklist, which is expected to serve as a pre-diagnostic tool for the PIA that can be easily accessed by the general public. It is also expected to contribute to strengthening privacy protection and achieving legal compliance at the national level.

  • PDF

An Empirical Study on the factors for Information Protection Policy of Employee's Compliance Intention (정보보호정책 준수의도에 미치는 요인에 관한 경험적 연구)

  • Kwon, Jang-Kee;Lee, Joon-Taik
    • Journal of Convergence Society for SMB
    • /
    • v.4 no.3
    • /
    • pp.7-13
    • /
    • 2014
  • In recent years, according to the increasing of information security compliance, information security management system's requirements is not a matter of choice but an essential problem. In this respect, this research have an invention to survey what it will affect employees in compliance with the privacy policy antecedents and how to apply this information for the future, and to suggest ways to improve the employees' information security policy compliance intentions. In this paper, To investigate the factors affecting the degree of information security policy compliance using the structural equation of least squares (PLS Partial Least Square) in the confumatory level (confirmatory), the factor analysis of the primary factor analysis and secondary last. The results is that almost of influencing factors affect to the compliance with information security policies directly, but not affect self-efficacy.

  • PDF