• Journal of Digital Convergence
• /
• v.12 no.7
• /
• pp.133-145
• /
• 2014

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

• The Journal of Society for e-Business Studies
• /
• v.24 no.1
• /
• pp.121-137
• /
• 2019

De-identification is a method by which the remaining information can not be referred to a specific individual by removing the personal information from the data set. As a result, de-identification can lower the exposure risk of personal information that may occur in the process of collecting, processing, storing and distributing information. Although there have been many studies in de-identification algorithms, protection models, and etc., most of them are limited to structured data, and there are relatively few considerations on de-identification of unstructured data. Especially, in the medical field where the unstructured text is frequently used, many people simply remove all personally identifiable information in order to lower the exposure risk of personal information, while admitting the fact that the data utility is lowered accordingly. This study proposes a new method to perform de-identification by applying the k-anonymity protection model targeting unstructured text in the medical field in which de-identification is mandatory because privacy protection issues are more critical in comparison to other fields. Also, the goal of this study is to propose a new utility metric so that people can comprehend de-identified data set utility intuitively. Therefore, if the result of this research is applied to various industrial fields where unstructured text is used, we expect that we can increase the utility of the unstructured text which contains personal information.

• Korea Journal of Hospital Management
• /
• v.27 no.2
• /
• pp.16-33
• /
• 2022

Purposes: Prompt evaluation of routes and contact tracing are very important for epidemiological investigations of coronavirus disease 2019 (COVID-19). To ensure better adoption of contact tracing apps, it is necessary to understand users' expectations, preferences, and concerns. This study aimed to identify main reasons why people use the apps, appropriate services, and basis for voluntary app services that can improve app participation rates and data sharing. Methodology/Approach: This study conducted an online survey from November 11 to December 6, 2020, and received a total of 1,048 survey responses. This study analyzed the questionnaire survey findings of 883 respondents in areas with many confirmed cases of COVID-19. This study used a multiple regression analysis. Findings: Respondents who had experience of using related apps showed a high intention to use contact-tracing apps. Participants wished for the contact tracking apps to be provided by the government or public health centers (74%) and preferred free apps (93.88%). The factors affecting the participants' intention to use these apps were their preventive value, performance expectancy, perceived risk, facilitative ability, and effort expectancy. The results highlighted the need to ensure voluntary participation to address participants' concerns regarding privacy protection and personal information exposure. Practical Implications: The results can be used to accurately identify user needs and appropriate services and thereby improve the development of contact tracking apps. The findings provide the basis for voluntary app that can enhance app participation rates and data sharing. The results will also serve as the basis for developing trusted apps that can facilitate epidemiological investigations.

• The Korean Journal of Air & Space Law and Policy
• /
• v.33 no.2
• /
• pp.367-418
• /
• 2018

Just as safety is the most important thing in aviation, safety is the most important in the operation of unmanned aircraft (RPA), and safety operation is the most important in the legal responsibility of the operator of the unmanned aircraft. In this thesis, the legal responsibility of the operator of the unmanned aircraft, focusing on the responsibility of the operator of the unmanned aircraft, was discussed in depth with the issue of insurance, which compensates for damages in the event of an accident First of all, the legal responsibility of the operator of the unmanned aircraft was reviewed for the most basic : definition, scope and qualification of the operator of the unmanned aircraft, and the liability of the operator of the Convention On International Civil Aviation, the ICAO Annex, the RPAS Manual, the Rome Convention, other major international treaties and Domestic law such as the Aviation Safety Act. The ICAO requires that unmanned aircraft be operated in such a manner as to minimize hazards to persons, property or other aircraft as a major principle of the operation of unmanned aircraft, which is ultimately equivalent to manned aircraft Considering that most accidents involving unmanned aircrafts fall to the ground, causing damage to third parties' lives or property, this thesis focused on the responsibility of operators under the international treaty, and the responsibility of third parties for air transport by Domestic Commercial Act, as well as the liability for compensation. In relation to the Rome Convention, the Rome Convention 1952 detailed the responsibilities of the operator. Although it has yet to come into effect regarding liability, some EU countries are following the limit of responsibility under the Rome Convention 2009. Korea has yet to sign any Rome Convention, but Commercial Act Part VI Carriage by Air is modeled on the Rome Convention 1978 in terms of compensation. This thesis also looked at security-related responsibilities and the responsibility for privacy infringement. which are most problematic due to the legal responsibilities of operating unmanned aircraft. Concerning insurance, this thesis looked at the trends of mandatory aviation insurance coverage around the world and the corresponding regulatory status of major countries to see the applicability of unmanned aircraft. It also looked at the current clauses of the Domestic Aviation Business Act that make insurance mandatory, and the ultra-light flight equipment insurance policy and problems. In sum, the operator of an unmanned aircraft will be legally responsible for operating the unmanned aircraft safely so that it does not pose a risk to people, property or other aircraft, and there will be adequate compensation in the event of an accident, and legal systems such as insurance systems should be prepared to do so.

• The Journal of Society for e-Business Studies
• /
• v.22 no.4
• /
• pp.21-38
• /
• 2017

It is actively opening the market to fintech companies through open platforms, such as financial institutions and public institutions. In this thesis, we will look at the conceptual differences between the "provision of third-party information" and "entrustment" of information protection related laws, such as the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Data Protection Etc (Network Utilization Protection Act). In addition, the legal obligation to provide information regarding the legal rights of information is considered to be relevant, whereas the legal obligation of the private information provided by the company is excessively mitigated, whereas the legal obligation of the company to provide information is excessively mitigated. In addition, I suggest self-diagnosis checklist to help fintech companies improve their privacy levels. It was found that the level of information protection was relatively insufficient compared to the consignees based on the results of a survey conducted for 31 fintech companies. Aggressive use of the checklist is suggested to raise the level of information protection for those companies.

• The Korean Society of Law and Medicine
• /
• v.20 no.2
• /
• pp.261-285
• /
• 2019

The essential policy of suicide prevention is to continuously manage and treat suicide attempted people through data base related to suicide retry rate and follow-up study report. In Korea, only few people are allowed to follow-up by the Personal Information Protection Act. As a result, the research participation rate and the service participation rate are rather low, so that the research participants is limited to a part of the suicide attempted people. Therefore, the policy proposals to be improved in the Ministry of Health and Welfare Act were examined comparatively in order to increase the practical utilization of the suicide prevention about Article 14 and Article 20 of the Suicide Prevention Act. As a criterion for policy improvement, measures for non-discrimination of information to be considered in terms of technical and ethical dimensions and non-profit research and medical information for medical purposes were suggested. In addition to the severity of the suicide, the suicide risk was assessed and the criteria for the objective assessment of the follow-up observation were considered in consideration of the severity of the suicide.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.8
• /
• pp.159-172
• /
• 2020

Social networking services (SNS) are developing significantly with the Internet and smartphones. It's a friendly social media, but if you think deeply about it, you'll find that it has a variety of faces. It is a communication tool between users, a medium for delivering information, an infrastructure for providing applications, and a community where people with common interests gather. In recent years, business tools, shopping and payment methods are also being swallowed. The influence of the spread of SNS on the real world is also expanding, and the work being dealt with from a sociological perspective is also increasing. Also, if you pay attention to the technical aspects of SNS, it is composed of various technical elements, such as infrastructure that handles large-scale access, user interface that supports comfortable use, and big data analysis to understand people's behavior more deeply. However, I usually use it as usual. However, if you look through SNS, you can see that the situation is surprisingly profound and multifaceted. This study began by looking at the history and current status of SNS and attempted to find its status through comparison with other media. From the point of view of relationship with society, it can be a risk and legal issue when using SNS, such as crimes using bad social media or social media. It is also necessary to comment on the activities on SNS or the guidelines established by the operators. Therefore, various legal issues on SNS will be discussed. Also, as an example of using SNS, I will introduce an example of using SNS in disaster response. From a more technical point of view, you will receive commentary on SNS's network-based technology and SNS's information use, and these articles will help you understand and use SNS safely and help you further utilize or develop SNS.

• Korean Security Journal
• /
• no.57
• /
• pp.85-110
• /
• 2018

The bodyguard is continuously training basic physical training and security art martial to protect the privacy of security target, prepare and deal with external contingencies and threats. Currently, university students majoring in security are required to take a judo class, one of their security art martial, which can use a technology to catch, crush and repress opponent. Therefore, this study identified the effects of systematic training on body composition, Performance fitness, growth hormones, and IGF-1 among male university students through a 10-week judo training program so that it was committed to providing objective data to enhance the value of judo as a security art martial and as a result, we have a conclusion as follows: After 10 weeks of judo training, muscle mass increased significantly, and body fat rate and BMI decreased significantly. The muscular strength and power of Performance fitness were shown to increase significantly, and growth hormones were shown to increase significantly. In total, the above results showed that for judo training university students, overall body composition improved positively, the muscular strength and power of active physical fitness improved, and growth hormones increased. Thus, the increase in muscle strength and growth hormones through judo training will encourage fat breakdown due to the development of the body's muscles and increase bone density in the spine, thereby reducing the risk of fractures and preventing injury to the trainees who are performing a security art martial. It will also greatly help your health by preventing obesity, cardiovascular and metabolic diseases, which eventually will enhance your bodyguard function and prolong your life as a bodyguard.

• Journal of Korean Society of Archives and Records Management
• /
• v.19 no.2
• /
• pp.147-172
• /
• 2019

With the provision of the original text information disclosure service, the time spent on determining the disclosure of the original text information decreased, and the number of original text information disclosure significantly increased. In public institutions, the risk of the exposure of personal information also increased. In this study, the status of personal information protection in the original text information disclosure service was investigated. Moreover, the causes of the exposure of personal information were analyzed, and improvements were proposed. The survey presented the following results. First, 13% of the original text information collected contains personal information, which is the nondisclosure information. Second, among the original text information that includes personal information, the original text information, including the personal information of the public official, was the most important. In particular, many records about vacation and medical leaves were found. Third, there were many cases in which information about the individual of the representative was exposed in the agency that deals mainly with the contract work. Fourth, a large volume of personal information was not detected by filtering personal information. Upon analyzing the cause of the exposure of personal information, the following improvements are suggested. First, privacy guidelines should be redesigned. Second, the person in charge of the task of deciding whether or not to disclose original text information should be trained further. Third, the excessive disclosure of information based on the government's quantitative performance should be eased. Fourth, the filtering function of the personal information of the original text information disclosure system should be improved.

• Informatization Policy
• /
• v.28 no.4
• /
• pp.54-75
• /
• 2021

The right to data portability needs to be introduced to strengthen the self-control of data subjects and promote personal data use. However, the right to data portability constitutes a high risk of invasion of privacy of data subjects and may infringe on the property rights of data controllers, so careful and thorough design is warranted. The right to data portability can intensify the concentration and monopoly of personal data, result in problems of overseas transfer of personal data held by public institutions, and enrich only the profits of giant platforms by burdening the data subject with high transfer cost. By contrast, SMEs are more likely to endure a personal data deprivation. From the proposed amendment to the Personal Data Protection Act are raised various legal issues such as. i) Whether to include inferred/derived data, personal data held by public institutions, activity data, sensitive data, and personal data of third parties within the scope of data portability; ii) whether SMEs are included in the data porting organization; iii) whether to exclude SMEs or large platforms from the scope of the data receiving organization; iv) Whether to allow the right to transmit to other data controllers, v) Whether to allow the overseas transfer of personal data held by public institutions, vi) How to safely exercise the right to data portability, vii) the scope of responsibility and immunity of a data porting organization, etc. The purpose of this paper is to propose the direction for legislative action based on various legal issues related to data portability.