• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.169-179
• /
• 2011

Recent personal data breach incidences draw the public's attention to their privacy and personal rights. The new personal data protection law effective in September 2009 imposes additional legal responsibility on personal data controllers and processors. For instance, if a data breach occurs, this new law requires that the processors must notify individuals (data subjects) and data protection authorities of the nature of incidents. This research reviews the U.S. forty six state laws and related acts, and offers a framework for managing incidents. This framework includes five major components: (1) type of personal data required to be reported and notified, (2) the ultimate subject notifying data subjects, (3) event occurrence and notification time phases, (4) notification message details, and (5) direct/indirect communication media. Along with this framework, we also offer directions for effective/manageable guidelines on data breach notification act.

• International Commerce and Information Review
• /
• v.1 no.2
• /
• pp.249-271
• /
• 1999

This article deals with concept and theory of privacy and personal data on the basis of understanding of this matter, Especially concerns the infringement and protection of privacy and personal data that is violated by new media and electronic commercial transaction through case study and research of literature. The article seek to find out the resolution of legal problems on the protection of privacy and personal data. The resolution is in other words, that privacy and personal data protection law shall be established as a part of efforts to protect personal data and to activate electronic commercial transactions.

• Journal of Information Technology Applications and Management
• /
• v.13 no.4
• /
• pp.273-290
• /
• 2006

This study suggests a frequency matrix technique to predict personal credit rate more efficiently using incomplete data sets. At first this study test on multiple discriminant analysis and logistic regression analysis for predicting personal credit rate with incomplete data sets. Missing values are predicted with mean imputation method and regression imputation method here. An artificial neural network and frequency matrix technique are also tested on their performance in predicting personal credit rating. A data set of 8,234 customers in 2004 on personal credit information of Bank A are collected for the test. The performance of frequency matrix technique is compared with that of other methods. The results from the experiments show that the performance of frequency matrix technique is superior to that of all other models such as MDA-mean, Logit-mean, MDA-regression, Logit-regression, and artificial neural networks.

• Journal of Information Technology Services
• /
• v.22 no.6
• /
• pp.1-15
• /
• 2023

This study compares and analyzes the legal systems of Korea, the European Union, China, and the United States based on the disclosure principles and processing policies for personal data processing and provides references for seeking improvements in our legal system. Furthermore, this research aims to suggest institutional implications to overcome data transfer limitations in the upcoming digital economy. Findings on a comparative analysis of the relevant legal systems for disclosing privacy policies in four countries showed that Korea's privacy policy is under the eight principles of privacy proposed by the OECD. However, there are limitations in the current situation where personal information is increasingly transferred overseas due to direct international trade e-commerce. On the other hand, the European Union enacted the General Data Protection Regulation (GDPR) in 2016 and emphasized the transfer of personal information under the Privacy Policy. China also showed differences in the inclusion of required items in its privacy policy based on its values and principles regarding transferring personal information and handling sensitive information. The U.S. CPRA amended §1798.135 of the CCPA to add a section on the processing of sensitive information, requiring companies to disclose how they limit the use of sensitive information and limit the use of such data, thereby strengthening the protection of data providers' rights to sensitive information. Thus, we should review our privacy policies to specify detailed standards for the privacy policy items required by data providers in the era of digital economy and digital commerce. In addition, privacy-related organizations and stakeholders should analyze the legal systems and items related to the principles of personal data disclosure and privacy policies in major countries so that personal data providers can be more conveniently and accurately informed about processing their personal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.287-304
• /
• 2020

There have been a number of legal & policy studies on the affecting factors of big data utilization, but empirical research on the composition factors of personal information regulation or data combination, which acts as a constraint, has been hardly done due to the lack of relevant statistics. Therefore, this study empirically explores the priority of personal information regulation factors and data combination factors that influence big data utilization through Delphi Analysis. As a result of Delphi analysis, personal information regulation factors include in order of the introduction of pseudonymous information, evidence clarity of personal information de-identification, clarity of data combination regulation, clarity of personal information definition, ease of personal information consent, integration of personal information supervisory authority, consistency among personal information protection acts, adequacy punishment intensity in case of violation of law, and proper penalty level when comparing EU GDPR. Next, data combination factors were examined in order of de-identification of data combination, standardization of combined data, responsibility of data combination, type of data combination institute, data combination experience, and technical value of data combination. These findings provide implications for which policy tasks should be prioritized when designing personal information regulations and data combination policies to utilize big data.

• Journal of the Korean Society for information Management
• /
• v.34 no.3
• /
• pp.7-21
• /
• 2017

This study analyzed the methods for representing and linking personal information in the linked data of National Library of Korea and provided suggestions for expanding the scope of identifying and linking of the personal information. As a result, the personal information as a subject has been dealt with a concept, where the personal information as a contributor has been linked with a vocabulary of personal name. In addition, there have not been assured of including additional information except existing authority data in the process of building the linked data. Therefore, this study suggested that linking personal information as a subject and personal information as a contributor was essential for the quality of linked data. In addition, we proposed to provide additional information related to the person in linked data for expanding the scope of access points in information discovery.

• The Journal of Korea Institute of Information, Electronics, and Communication Technology
• /
• v.15 no.2
• /
• pp.134-143
• /
• 2022

'Data' is the key component that leads Digital Healthcare. Most of the Healthcare Data is personal information of data subject and includes Sensitive Information. It is very important for companies to use data lawfully and safely during the lifecycle of data collection, use, provision, and destruction. However, small and medium-sized enterprises(SMEs), ventures, and startups, which account for 78% of the Healthcare Services Industry, have had difficulties in performing tasks related to personal information protection. The personal Information Protection Act's requirements depending on the purpose of using Personal Information are different. Also, the requirements for each personal information lifecycle are varied. Therefore, this study suggests six purposes for companies to use healthcare data. It examines the considerations during the lifecycle in which personal information is collected to be destroyed.

• Journal of Convergence for Information Technology
• /
• v.8 no.1
• /
• pp.179-185
• /
• 2018

Big Data is strictly positioning one of method to deal with problems faced with mankind, not an icon of revolution in future anymore. Application of Big Data and protection of personal information have contradictoriness. When we weight more to usage of Big Data, someone's privacy is necessarily invaded. otherwise, we care more about keeping safe of individual information, only low-level of research using Big Data can be used to accomplish public purpose. In this study, we propose a method to anonymize Big Data collected in order to investigate the problems of personal information infringement and utilize Big Data and protect personal. This will solve the problem of personal information infringement as well as utilizing Big Data.

• Journal of Information Technology Applications and Management
• /
• v.29 no.3
• /
• pp.57-74
• /
• 2022

Recently, big data services have been used in various fields. In this situation, this research studied the intention to provide personal information from users, which is necessary to provide useful big data services. A survey was conducted on college students and ordinary people who have understood big data services. And path analysis was performed through Amos' structural equation. As a result of the study, it was found that privacy risks, trust in service providers, individual innovativeness, service incentives, social influence, and service design are major variables influencing the intention to provide personal information. And it was found that trust in service providers plays a mediating role in influencing the intention to provide personal information. In addition, big data services were classified into types for information acquisition and types related to purchase. Accordingly, it was further analyzed whether major variables differ in the path affecting the intention to provide personal information, and new implications were found. Companies that actually develop and provide big data services should establish different strategies by reflecting research results depending on the type of big data service provided.

• Convergence Security Journal
• /
• v.19 no.1
• /
• pp.41-48
• /
• 2019

In the era of Internet of Things and Artificial Intelligence, it has become essential to digitize mass data, which leads 'data-driven economy'. Digitalized personal data can be easily collected, stored, duplicated and analyzed. As ICT technology is evolving the concept of traditional personal data has changed. The United States, the European Union, Japan, Korea and many countries have introduced new concept of personal data into law such as de-identification, anonymization, and pseudonymization to protect and utilize digitalized personal information. These concepts are distinguishable depending on countries. Therefore, this study will be done by researching and analyzing personal data related policies of several countries. Based on this study, this paper will suggest policy on di-identification to draw the right balance between personal data protection and use, which contributes to the development of digital economy.