• Title/Summary/Keyword: personal data

Search Result 5,556, Processing Time 0.03 seconds

MyData Personal Data Store Model(PDS) to Enhance Information Security for Guarantee the Self-determination rights

  • Min, Seong-hyun;Son, Kyung-ho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.2
    • /
    • pp.587-608
    • /
    • 2022
  • The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

Framework for assessing responsiveness to personal data breaches based on Capture-the-Flag

  • Oh, Sangik;Kim, Byung-Gyu;Park, Namje
    • Journal of Multimedia Information System
    • /
    • v.7 no.3
    • /
    • pp.215-220
    • /
    • 2020
  • Many state agencies and companies collect personal data for the purpose of providing public services and marketing activities and use it for the benefit and results of the organization. In order to prevent the spread of COVID-19 recently, personal data is being collected to understand the movements of individuals. However, due to the lack of technical and administrative measures and internal controls on collected personal information, errors and leakage of personal data have become a major social issue, and the government is aware of the importance of personal data and is promoting the protection of personal information. However, theory-based training and document-based intrusion prevention training are not effective in improving the capabilities of the privacy officer. This study analyzes the processing steps and types of accidents of personal data managed by the organization and describes measures against personal data leakage and misuse in advance. In particular, using Capture the Flag (CTF) scenarios, an evaluation platform design is proposed to respond to personal data breaches. This design was proposed as a troubleshooting method to apply ISMS-P and ISO29151 indicators to reflect the factors and solutions to personal data operational defects and to make objective measurements.

Research on a Model that reflects requests to suspend processing personal data in real time (개인정보 처리정지 요청을 실시간 반영하는 모델 연구)

  • Younhee Hong;Sang-Soo Ye
    • Journal of Platform Technology
    • /
    • v.12 no.1
    • /
    • pp.141-150
    • /
    • 2024
  • The importance of personal data protection is increasingly emphasized both at home and abroad, and while overseas countries are applying various policies and dynamic management technologies, there are some gaps between compliance with laws and regulations and the application of technologies in Korea, and there are few user interfaces that provide convenient ways for data subjects to stop processing personal data. This study first analyzes the need for dynamic personal information consent management technology, the current state of the industry, and the prospects for its development. Next, this study proposes a basic model for dynamic management of personal information consent that maximizes the data subject's right to personal data self-determination while strictly complying with personal data protection laws in Republic of Korea. In particular, this study analyzes the basis of domestic laws and regulations related to the suspension of personal data processing, designs a basic model of personal data consent dynamic management interface, and presents its effectiveness. Based on the results of this study, we expect that the proposed dynamic management model for personal data use consent can be used in various ways for various websites and applications in the future.

  • PDF

The Personal Data Protection Mechanism in the European Union

  • Syroid, Tetiana L.;Kaganovska, Tetiana Y.;Shamraieva, Valentyna M.;Perederiі, Оlexander S.;Titov, Ievgen B.;Varunts, Larysa D.
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.5
    • /
    • pp.113-120
    • /
    • 2021
  • The adoption of the General Data Protection Regulation (EU) 2016/679 transformed approaches and concepts to the implementation of the personal data protection mechanism in the European Union. Within the EU, almost all countries have adapted a new protection mechanism, which requires a study of the specifics of its use. The article intends to assess the legal provisions of the current mechanism of personal data protection in the EU. The author studied the mechanism of personal data protection under the General Data Protection Regulation (EU) 2016/679 (GDPR) based on the concept of contextual integrity and analysis of EU legislation on personal data protection. The scientific publications for 2016-2020 were reviewed for the formation of ideas of a new personal data protection mechanism in the EU, informative and transparent analysis of legal provisions. The article notes that the personal data privacy and protection is increasing, there is an ongoing unification of the legal status of personal data protection and the formation of a digital market for dissemination, exchange, control, and supervision of data. Cross-border cooperation is part of the personal data protection mechanism. The author proved that the GDPR has changed approach to personal data protection: the emphasis is now shifting to the formation of a digital market, where the EU's role in ensuring regulation is crucial. The article identifies the emergence of a new protectionist legal system and strengthening of legal provisions regarding privacy. This legal system needs unification and harmonization in accordance with national legislation, is territorially fragmented and differentiated within the EU.

A Study on Notification Method of Personal Information Usage History using MyData Model (마이데이터 모델을 활용한 개인정보 이용내역 통지 방안 연구)

  • Kim, Taekyung;Jung, Sungmin
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.18 no.1
    • /
    • pp.37-45
    • /
    • 2022
  • With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

A Study on Personal Information Control and Security in Printed Matter (출력물에서의 개인 정보 제어 및 보안에 관한 연구)

  • Baek, Jong-Kyung;Park, Jea-Pyo
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.14 no.5
    • /
    • pp.2415-2421
    • /
    • 2013
  • Widespread personal data utilization has led personal data protection to its importance at core, and serious data spill has increased constantly as a result. Though various types of protection systems for data spill have been suggested, all these met failures in detection of personal data when printed out or preventing fatal data exposure without any protections when data spill happens. I propose API-Hook method which detects and controls personal data within printouts, and prevents data leakage through masking on the printed-out data. Also, it is verified if security is guaranteed on the documents containing personal data when implementing. In order to obtain security, it is essential to put more weights on the balance with availability than confidentiality.

Exploratory Study on the Media Coverage Trends of Personal Information Issues for Corporate Sustainable Management

  • Dabin Lee;Yeji Choi;Jaewook Byun;Hangbae Chang
    • Journal of Internet Computing and Services
    • /
    • v.25 no.4
    • /
    • pp.87-96
    • /
    • 2024
  • Information power has been a major criterion for wealth disparity in human history, and since the advent of the Fourth Industrial Revolution, referred to as the data economy era, personal information has also gained economic value. Additionally, companies collect and analyze customer information to use as a marketing tool, providing personalized services, making the collection of quality customer information crucial to a company's success. However, as the amount of data held by companies increases, crimes of stealing personal information for financial gain have surged, making corporate customer information a target for criminals. The leakage of personal information and its circumstances lead to a decline in corporate trust from the customer's perspective, threatening corporate sustainability with falling stock prices and decreased sales. Therefore, companies find themselves in a paradoxical situation where the utilization of personal information is increasing while the risk of personal information leakage is also growing. This study used the news big data analysis system, BIG KINDS, to analyze major keywords before and after media coverage on personal information leaks, examining domestic media coverage trends. Through this, we identified the impact of personal information leakage on corporate sustainability and analyzed the connection between personal information protection and sustainable corporate management. The results derived from this study are expected to serve as foundational data for companies seeking ways to enhance sustainable management while increasing the utilization of personal information.

A Strategy Study on Sensitive Information Filtering for Personal Information Protect in Big Data Analyze

  • Koo, Gun-Seo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.22 no.12
    • /
    • pp.101-108
    • /
    • 2017
  • The study proposed a system that filters the data that is entered when analyzing big data such as SNS and BLOG. Personal information includes impersonal personal information, but there is also personal information that distinguishes it from personal information, such as religious institution, personal feelings, thoughts, or beliefs. Define these personally identifiable information as sensitive information. In order to prevent this, Article 23 of the Privacy Act has clauses on the collection and utilization of the information. The proposed system structure is divided into two stages, including Big Data Processing Processes and Sensitive Information Filtering Processes, and Big Data processing is analyzed and applied in Big Data collection in four stages. Big Data Processing Processes include data collection and storage, vocabulary analysis and parsing and semantics. Sensitive Information Filtering Processes includes sensitive information questionnaires, establishing sensitive information DB, qualifying information, filtering sensitive information, and reliability analysis. As a result, the number of Big Data performed in the experiment was carried out at 84.13%, until 7553 of 8978 was produced to create the Ontology Generation. There is considerable significan ce to the point that Performing a sensitive information cut phase was carried out by 98%.

A Study on Legal Protection, Inspection and Delivery of the Copies of Health & Medical Data (보건의료정보의 법적 보호와 열람.교부)

  • Jeong, Yong-Yeub
    • The Korean Society of Law and Medicine
    • /
    • v.13 no.1
    • /
    • pp.359-395
    • /
    • 2012
  • In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

  • PDF

Trends in Personal Data Storage Technologies for the Data Economy (데이터 경제를 위한 개인 데이터 저장 기술 동향)

  • Jung, H.Y.;Lee, S.Y.
    • Electronics and Telecommunications Trends
    • /
    • v.37 no.5
    • /
    • pp.54-61
    • /
    • 2022
  • Data are an essential resource for artificial intelligence-based services. It is considered a vital resource in the 4th industrial revolution era based on artificial intelligence. However, it is well-known that only a few giant platforms that provide most of the current online services tend to monopolize personal data. Therefore, some governments have started enforcing personal data protection and mobility regulations to address this problem. Additionally, there are some notable activities from a technical perspective, and Web 3.0 is one of these. Web 3.0 focuses on distributed architecture to protect people's data sovereignty. An important technical challenge of Web 3.0 is how to facilitate the personal data storage technology to provide valuable data for new data-based services while providing data for producers' sovereignty. This study reviews some currently proposed personal data storage technologies. Furthermore, we discuss the domestic countermeasures from MyData perspective, which is a typical project for data-based businesses in Korea.