• The Korean Society of Law and Medicine
• /
• v.22 no.3
• /
• pp.31-55
• /
• 2021

The Personal Information Protection Act, one of the revised 3 Data Laws, established a special cases concerning pseudonymous data. As a result, a personal information controller may process pseudonymized information without the consent of data subjects for statistical purposes, scientific research purposes, and archiving purposes in the public interest, etc. In addition, as a follow-up to the revised Personal Information Protection Act, a 'Guidelines for Utilization of Healthcare Data' was prepared, which deals with the pseudonymization in the medical sector. The guidelines are meaningful in that they provide practical criteria for accomplices by defining specific interpretations and examples that take into account the characteristics of healthcare data. However, the guidelines need to clarify the purpose of using pseudonymous data and strengthen the fairness of the composition of the data deliberation committee. The guidelines also require establishing a healthcare data compensation framework and strengthening the protection of rights for vulnerable subjects. In addition, the guidelines need to be adjusted for inconsistency with the Bioethics and Safety Act and the Medical Service Act. It is expected that this study will contribute to the creation of a safe environment for the utilization of healthcare data as well as the improvement of related laws and systems.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.23 no.3
• /
• pp.48-66
• /
• 2024

According to the three amended Laws of the Data Economy and the Data Industry Act of Korea, systems for pseudonymous data integration and Data Safe Zones have been operated separately by selected agencies, eventually causing a burden of use in SMEs, startups, and general users because of complicated and ineffective procedures. An over-stringent pseudonymization policy to prevent data breaches has also compromised data quality. Such trials should be improved to ensure the convenience of use and data quality. This paper proposes a prototype system of the Integrated Data Safe Zone based on redesigned and optimized pseudonymization workflows. Conventional workflows of pseudonymization were redesigned by applying the amended guidelines and selectively revising existing guidelines for business process redesign. The proposed prototype has been shown quantitatively to outperform the conventional one: 6-fold increase in time efficiency, 1.28-fold in cost reduction, and 1.3-fold improvement in data quality.

• Informatization Policy
• /
• v.30 no.2
• /
• pp.46-67
• /
• 2023

There are criticisms that, despite the proactive government policy on open government data (hereinafter "open data"), certain highly demanded data remains restricted due to legal constraints. In this study, we aim to analyze the factors that limit the opening and utilization of open data, focusing on cases wherein requests for open data provision have been denied. We will explore possible approaches that are in harmony with the Open Data Law while examining the constitutional value of open data, considering the foundational Open Data Charter that underpins the government's data policy. We will also examine cases wherein requests for data provision have been denied for institutional reasons, with nearly half of these cases involving open data that includes personal information. It is necessary to explore the potential for improvement in these cases. Furthermore, considering the recent amendment to the Personal Information Protection Act, which allows for the processing of pseudonymous information without the consent of the data subject for limited purposes, it is an opportune time to consider the need for amending the Open Data Law to facilitate broader access and utilization of open data for the nation. Lastly, we will propose institutional improvement directions aligned with the opening and utilization of open data by examining the constraints of and need for improvement in the selected target laws.

• Journal of Information Science Theory and Practice
• /
• v.2 no.3
• /
• pp.18-28
• /
• 2014

Reddit is a large user generated content (USG) website in which users form common interest groups and submit links to external content or text posts of user-created content. The web site operates on a voting system whereby registered users can assign positive or negative ratings to both submitted content and comments made to submitted content. While Reddit is a pseudonymous site, with users creating usernames but providing no biographical data, an informal survey posted to a large shared interest community yielded 734 responses including age and gender of users. This provided a large amount of contextual biographical data with which to analyse user profiles at the first level of Computer Mediated Discourse Analysis (CMDA), articulated by Susan Herring. The results indicate that older Reddit users both formulate more complex writing and enjoy more success when rated by other users. Gender data was incomplete and as such only tentative results could be proposed in that regard.

• Knowledge Management Research
• /
• v.19 no.4
• /
• pp.187-201
• /
• 2018

This paper explores the potential of Blockchain technology in enabling a panacea for health equity. Since Satoshi Nakamoto first described Blockchain technology in 2008 pseudonymous paper, that distributed ledger system is empowered and ranging from finance to law to another sector and beyond. Also impacting healthcare sector and life science. In other words, there are many usage cases being researched in healthcare and Blockchain has shown its considerable special side in recent years. But this paper aims to the distributed ledger that is the special side of Blockchain technology is potentially can panacea for some global health equity issues such as patient data, counterfeit drug and hospital payment management.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.1
• /
• pp.99-116
• /
• 2023

The importance of data in the era of the 4th industrial revolution, a hyper-connected society based on information technology such as data and AI, is increasing, and the government is actively enacting and revising laws to revitalize the data economy. It is necessary to prevent and improve problems that may set an obstacle to the revitalization of the data industry or setting the wrong direction, such as possibility of conflict between the regulatory law(Personal Information Protection Act) and the Data Activation Act, differences in position by type of specialized agencies, performance scope of Data Specialist Organization and Expert Data Combination Agency, etc. In regard, I would like to analyze the role, current situation, and use cases of Expert Data Combination Agency, listen to field opinions, and derive and introduce measures to expand the role of Expert Data Combination Agency and improve them to vitalize the data economy

• Informatization Policy
• /
• v.26 no.1
• /
• pp.25-45
• /
• 2019

With the advent of the data economy, interest in using big data has increased, but conflicts with protecting personal information have been also steadily raised. In this regard, major countries are accelerating use of big data by exempting de-identified, pseudonymous personal information from protection. However, these policies have been made without the understanding that the economic value of personal information has been actually changing slowly. This paper presents the concept of 'collected information' and defines it as having public interest and therefore, not the exclusive property of the collector of such information. The paper shows the collected information has public interest in terms of personal information protection, connectivity, and universal service and public goods. It also specifies that the 'data governance' cannot be applied to the current data utilization framework that depends upon the holder's consent; rather, it raises the need to improve the practices of information provision consent or provide the beneficiary right of information use to the information holder in order to ensure the proper 'data governance' that will turn market failure into success.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.287-304
• /
• 2020

There have been a number of legal & policy studies on the affecting factors of big data utilization, but empirical research on the composition factors of personal information regulation or data combination, which acts as a constraint, has been hardly done due to the lack of relevant statistics. Therefore, this study empirically explores the priority of personal information regulation factors and data combination factors that influence big data utilization through Delphi Analysis. As a result of Delphi analysis, personal information regulation factors include in order of the introduction of pseudonymous information, evidence clarity of personal information de-identification, clarity of data combination regulation, clarity of personal information definition, ease of personal information consent, integration of personal information supervisory authority, consistency among personal information protection acts, adequacy punishment intensity in case of violation of law, and proper penalty level when comparing EU GDPR. Next, data combination factors were examined in order of de-identification of data combination, standardization of combined data, responsibility of data combination, type of data combination institute, data combination experience, and technical value of data combination. These findings provide implications for which policy tasks should be prioritized when designing personal information regulations and data combination policies to utilize big data.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.22 no.3
• /
• pp.88-103
• /
• 2023

With the recent advancement of 4th Industrial Revolution technology, transportation systems are generating large amounts of mobility data related to the individual movement trajectories of vehicles and people. There are many constraints on utilizing mobility data containing personal information. Thus, in South Korea, the processing and generation of pseudonymized information and the analysis and utilization of this information have been managed in a dual manner by applying separate agencies and technologies through the revision of the Data 3 Act and the enactment of the Data Basic Act. However, this dual approach fails to securely support the entire data lifecycle and suffers from inefficiencies in terms of processing time and cost. Therefore, to compensate for the problems of the existing Expert Data Combination System and Data Safety Zone, this study proposes an Integrated Data Safety Zone Framework that integrates and unifies the process of generating, processing, analyzing, and utilizing mobility data. The integrated process for data processing was redesigned, and common requirements and core technologies were derived. The result is an architecture for a next-generation Integrated Data Safety Zone system that can manage and utilize the entire life cycle of mobility data at one stop.