• The Journal of Information Systems
• /
• v.27 no.1
• /
• pp.193-224
• /
• 2018

Purpose Targeting Korean companies listed on Korean securities markets (i.e., KOSPI and KOSDAQ markets), this study aims to shed lights the effects of personal information security breaches on stock prices of information security companies. Interestingly, this study is, to the best of our knowledge, the first to examine the information transfer effect on personal information security breaches of companies. Design / Methodology /Approach To examine the information transfer effect of personal information security breaches, our study employs the event study commonly used in financial studies. To this end, we investigate a variety of events of personal information security breaches of companies listed on the KOPSI stock market and the KOSDAQ market. We collect the total samples of one hundred and twelve with forty seven of events of personal information security breaches by thirty companies and sixty five of information security companies. Findings The principal findings from the empirical study are as follows. First, for companies of personal information security breaches, our event study presents the significantly negative AAR (averaged abnormal return) value on the event day at the 5 % level and the highly significant negative CAAR(cumulative averaged abnormal return) value on the event day and the day after the event day at the 1 % level. The results suggest that personal information breaches significantly contribute to an decrease in value of the information breached companies. The cross sectional regressions in this study estimate the significantly negative coefficient for the ME/BE variable, the proxy for a growth opportunity at the 5 % level. This suggests a reverse relation between the growth opportunity of companies and their value. As for the various samples of the information security companies categorized by physical security, network and system security, security application software, code authentication, system integration, we find the significantly positive AAR on the day after the event day at the 5% level, only for the network and system security-companies. This addresses that the information transfer effect followed by personal information breaches is uniquely observable for companies categorized into network and system companies. The regressions for the network and system companies estimate the significantly positive coefficient for the NS dummy variable (i.e., the dummy of the network and system security companies) at the standard level. This allows us to identify appropriate times needed to make the information transfer effect realized from personal information breached companies to information security companies.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.12 no.3
• /
• pp.87-109
• /
• 2016

This study intends to present an effective and efficient development plan about the information protection of medical institutions, by establishing the improvement plan about Personal Information Management System(PIMS) appropriate to the characteristics of medical information focusing on medical institutions generating and using domestic medical information, and doing an empirical study on medical information protection plan. For this, in view of the medical characteristics of the existing Information Security Management System(ISMS), the study presented a study model appropriated to medical institutions based on Personal Information Management Systems index specialized for personal information, and through this, presented the vulnerability diagnosis and vulnerability improvement plan. Based on ISMS index, it designed an improvement index of personal information protection management about each index. The study conducted a survey for executives and employees about PIMS. Accordingly, it presented vulnerability diagnosis items of the current management system indexes from the viewpoint of the people who establish and mange the personal information protection about patients' medical information targeting executives and employees who serve at hospitals and can access medical information.

• Journal of Korean Clinical Health Science
• /
• v.2 no.1
• /
• pp.25-34
• /
• 2014

Purpose. The checked of perception for the protection of personal medical information of EMT student and Nursing student. Methods. Nursing students and EMT students 200 questionnaires were collected and Frequency analysis, Chi-square test, one-way ANOVA was performed for using the Windows SPSS(ver. 12.0). Results. Most of the subjects were aware of the protection law of personal information and Infringement of the privacy of personal information will be exposed. also, Education is needed privacy(EMT students $3.84{\pm}0.96$, Nursing students $3.73{\pm}0.99$). EMT($3.99{\pm}1.00$) and Nursing($4.07{\pm}0.94$)students due to exposure to both the patient's personal information privacy was violated would get recognized. Exposure to the computerization of information privacy will be exploited in other agencies(EMT students $3.78{\pm}0.88$, Nursing students $3.95{\pm}0.94$) was called. Conclusions. For the protection of personal health information, education needs to be expanded.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.4
• /
• pp.695-703
• /
• 2014

This paper studies the determinants of willingness to pay (WTP) for preventing personal information infringement. Most of previous studies only estimate the value of the WTP and, unlike them, this paper discusses personal information as an information good. Using a double-bounded dichotomous choice model, this paper empirically analyses the personal characteristics that determine the WTP for the protection of personal information. It contributes to the literature by proposing that gender, working status and communication cost are determinants for the WTP for the protection of personal information.

• Journal of Korean society of Dental Hygiene
• /
• v.22 no.5
• /
• pp.443-450
• /
• 2022

Objectives: This study was conducted to investigate the effect of professional self-concept and ethical awareness of dental hygiene (department) students attending a university located in Gwangju and Jeollanam-do on patients' willingness to protect personal information. Methods: Professional self-concept, ethical disposition, and patients' personal information protection intention according to general characteristics were analyzed using t-tests and one-way ANOVA. After confirming the correlation through Pearson's correlation analysis, the effect on the patient's personal information protection intention was confirmed using multiple regression analysis. Results: Professional self-concept, ethical disposition, and the patients' willingness to protect personal information all showed positive correlations. The higher the communication skills of professional self-concept and the higher the idealism of ethical orientation, the higher the patients' willingness to protect personal information. Conclusions: This study, ascertained the effect of dental hygiene students' professional self-concept and ethical consciousness on patients' personal information protection practices. The results suggest that it is necessary to develop an educational program that can enhance the practice of dental hygienists to protect patients' personal information, and to develop and conduct continuous policy development and research.

• Journal of Digital Convergence
• /
• v.19 no.10
• /
• pp.49-61
• /
• 2021

In a disaster situation such as COVID-19, our society has experienced the spread of the damage due to confirmed patients who have a negative or uncooperative attitude toward the disclosure of personal information. Accordingly, this study aims to find a policy direction that can improve the awareness of the disclosure of personal information about confirmed COVID-19 patients. This study classified the concept of acceptability into personal and social acceptability, and statistically verified their relationship with influential factors. In this study, 594 cases of data collected through an online survey were used. The analysis results show that the greater the trust in the government's personal information management capability, the lower the perception of the risks associated with the disclosure of personal information, and the lower the awareness of the risk, the higher the personal and social acceptability of the personal information disclosure of COVID-19 confirmed patients. In addition, the greater the recognition of the utility of personal information disclosure, the higher the perception of personal and social acceptability of the personal information disclosure. It is expected that the analysis results and discussions of this study will be useful information for policy development to create a more mature social atmosphere to reduce the public's reluctance to disclose information not only in COVID-19 but also in new disaster situations in the future.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.103-110
• /
• 2008

Due to the development of the e-commerce, the shopping mall such as auction collects and manages the personal information of the customers for efficient service. However, because of the leakage of the Personal information in auction, the image of the companies as well as the information subjects is damaged. Even though the organizations and the companies store the personal information as common sentences and protect using role based access control technique, the personal information can be leaked easily in case of getting the authority of the database administrator. And also the role based access control technique is not appropriate for protecting the sensitive information of the information subject. In this paper, we encrypted the sensitive information assigned by the information subject and then stored them into the database. We propose the personal policy based access control technique which controls the access to the information strictly according to the personal policy of the information subject. Through the proposed method we complemented the problems that the role based access control has and also we constructed the database safe from the database administrator. Finally, we get the control authority about the information of the information subject.

• Journal of the Korea Society of Computer and Information
• /
• v.20 no.7
• /
• pp.109-114
• /
• 2015

With the realization that the police's personal information gathering activities can violate the authority to decide one's information guaranteed by the Constitution, many people are interested in the legal terms of the police's information gathering and handling. The police's personal information gathering activities imply both the purpose of public welfare and order and the risk of violation of basic rights of citizens, their effective balance is critical. In this respect, this study reviews the principle of proportion as a principle of control of personal information gathering and handling (police intelligence activities) by state to discuss its implications on legislation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.263-277
• /
• 2020

Children's use of the Internet is growing. Each company collects children's personal information. However, it is also difficult for children to recognize the concept of personal information. In this study, based on the analysis of newspaper children's personal information leakage, we investigated the occurrence of personal information leakage in children through ground theory, one of qualitative research methods used in the social science field. The ground theory is thought to be able to derive a causal relationship by identifying the leakage of children's personal information. As a result of the study, it was collected through the consent of the legal representative, but depending on the situation, the consent process was not performed. Even with the consent, it was found that due to insufficient measure to protect personal information, various situation(criminal damage, anxiety, embarrassment, anger, etc.) occurred the legal representative. As a result, children's personal information collection providers paid fines according to the situation.

• Journal of Internet Computing and Services
• /
• v.20 no.6
• /
• pp.119-127
• /
• 2019

This paper proposes a new authentication model to solve the problem of personal information takeover and personal information theft by service providers using centralized servers for user authentication and management of personal information. The centralization issue is resolved by providing user authentication and information storage space through a decentralize platform, blockchain, and ensuring confidentiality of information through user-specific symmetric key encryption. The proposed model was implemented using the public-blockchain Ethereum and the web-based wallet extension MetaMask, and users access the Ethereum main network through the MetaMask on their browser and store their encrypted personal information in the Smart Contract. In the future, users will provide their personal information to the service provider through their Ethereum Account for the use of the new service, which will provide user authentication and personal information without subscription or a new authentication process. Service providers can reduce the costs of storing personal information and separate authentication methods, and prevent problems caused by personal information leakage.