• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.127-142
• /
• 2013

Since Personal Information Protection Act came into effect on September 2011, PIA(Privacy Impact Assessment) of public institutions has become obliged. Therefore, an increasing demand for PIA professionals is being expected. In domestic, however, no specialized certificates exist and therefore similar certificates have become a requirement for PIA professionals. Henceforth, however, the system based on these similar certificates is to be an obstacle to advancing PIA. Therefore, this study analyzes the sufficiency of current similar certificates compared with the PIA qualification requirements. And then, analyzes the validity of allowance as similar certificates by using this outcome of the validity. As this comparison draws a clear gap between PIA qualification and similar certificates, this paper suggest three suggestions to improve current qualification. Three suggestions are expected to contribute a qualitative improvement of the PIA industry.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.4
• /
• pp.973-983
• /
• 2016

It's been almost 6 years since PIA was implemented based on legislation. So I analyzed problems of PIA from the perspective of ITSM 3 elements. I mainly took account of quality improvement of the report when I assessed systems processing personal informations. So, I propose in terms of logical validity improvement of assessment report. The improvements on 4 different outputs for each phase are many cases that I assessed systems processing personal informations. And I propose improvements on qualified assessors having capability of GRC and on process for managing the assessment system. To settle down PIA system as the reasonable and effective assessment system even after 2016, the statutory deadline for completion of PIA, assessors and appointed assessment firms and authorities should cooperate to complete the assessment system.

• Proceedings of the Korea Information Assurance Society Conference
• /
• 2004.05a
• /
• pp.153-160
• /
• 2004

전자정부가 출범하면서 국민의 편익과 업무의 효율을 가져오는 혁신적인 계기가 되었다. 그러나 전자정부 서비스 실현을 위한 11개의 국책사업 중 교육행정정보시스템(NEIS)의 문제로 인해 개인정보보호에 대해 사회적인 관심을 가지게 되었다. 이에 대한 해결방안으로 미국과 캐나다에서 실시하는 프라이버시 영향 평가(Privacy Impact Assessment)를 도입하여 위험분석 방법과 통합한 새로운 PIA모델을 제시한다. 또한 외국의 PIA 적용사례(Canada PIA report)를 통해 PIA를 실시해야 하는 이유에 대해 기술하고자 한다.

• The Journal of the Korea Contents Association
• /
• v.11 no.3
• /
• pp.84-99
• /
• 2011

As the integrated and large-scale information is extended due to an advanced information system, a possibility of leaking out privacy increases as the time passes by. As a result, the necessity of using a privacy impact assessment (PIA) is emphasized because it can analyze and minimize the element of invasion of privacy. However, an essential audit for personal information protection is not fulfilled because most of the information system audit supervises over physical, managerial, and technical security items of system architecture area so that general items are the only things being checked. Consequently, this paper proposes that in order to minimize the invasion of personal information, the privacy impact assessment should be done. It also presents a procedure and method of personal information protection audit according to the result of the assessment. After applying the suggested method to two projects, it was confirmed that the improvements for protecting personal information were drawn from this paper.

• Journal of the Korea Society of Computer and Information
• /
• v.29 no.6
• /
• pp.61-67
• /
• 2024

In this paper, we presented a strengthening plan to prevent personal information leakage incidents by securing legal compliance for personal information impact assessment and suggesting measures to strengthen privacy during personal information impact assessment. Recently, as various services based on big data have been created, efforts are being made to protect personal information, focusing on the EU's GDPR and Korea's Personal Information Protection Act. In this society, companies entrust processing of personal information to provide customized services based on the latest technology, but at this time, the problem of personal information leakage through consignees is seriously occurring. Therefore, the use of personal information by trustees.

• Informatization Policy
• /
• v.22 no.1
• /
• pp.47-72
• /
• 2015

According to the progress of national informatization throughout the world, infringement and threaten of privacy are happening in a variety of fields, so government is providing information security policy. In particular, South Korea has enhanced personal impact assessment based on the law of personal information protection law(2011). But it is not enough to effect the necessary cost calculation standards and changeable factors to effect PIA. That is, the budgets for PIA was calculated lower than the basic budget suggested by Ministry of Government Administration Home affairs(2011). Therefore, this study reviewed the cost calculation basis based on the literature review, cost basis of similar systems, and reports of PIA and obtained to the standard with Delphi analysis. As a result, the standards of PIA is consisted to the primary labors and is utilized to how the weights by division of target system, construction and operating costs of target system, type of target systems, etc. Thus, the results of this study tried to contribute to ensure the reliability of PIA as well as the transparency of the budget for privacy in public sector.

• Convergence Security Journal
• /
• v.15 no.4
• /
• pp.57-63
• /
• 2015

Development of IT technology, the rapid computerization of society has accelerated the digitization of the world's information. Then, the activation of the e-commerce is the collection of a number of sensitive information, storage, operational increased rapidly. Currently, the public sector, financial sector, the private sector has utilized a number of privacy. Accidents caused by leakage of information is a tendency to increase day by day. For a review of the problems of security and protection for such sensitive information, the need for easier support system it is required. This thesis suggests E-PIAMS(Enterprise-Privacy Impact Assessment Management System) applicable effectively in private sectors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.227-235
• /
• 2016

As various measures of law observance obligations such as mandatory obligation of privacy impact assessment (PIA) for public institutions and authorization of information security management system (ISMS) are put into practice, increase in demand for information security consulting and securement of information security consultants are emerging as a major issue. The purpose of this study is to empirically investigate what core competencies information security consultants should possess and how much they actually possess them. By analyzing the differences in perception between practitioners and managers on core competencies, this study understands difference of views between the two groups and suggests ideas for cultivation of information security consultants.

• Journal of Digital Convergence
• /
• v.12 no.12
• /
• pp.13-22
• /
• 2014

The right to be forgotten is a world-wide issue after the decision of the European Court of Justice which accepted that right. This essay discusses about the guide lines for protecting the right to delete, a category of the right to be forgotten. I classified those guide lines as follows : (1) sensitiveness of the personal information, (2) offensiveness to reasonable and ordinary people, (3) intention of writing the article, (4) value of historical record, (5) importance of privacy comparing with right to know with time flow, (6) public figure, (7) article based on fact or opinion. To effectively protect right to be forgotten and delete, we have to consider Privacy Impact Assessment, using blind system, unification of multiple institutions, and reforming press arbitration system.