Journal of Convergence for Information Technology (융합정보논문지)

Convergence Society for SMB (중소기업융합학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Developing the Compliance for Infringement Response and Risk Management of Personal Information to Realize the Safe Artificial Intelligence Services in Artificial Intelligence Society

지능정보사회의 안전한 인공지능 서비스 구현을 위한 개인정보 침해대응 및 위기관리 컴플라이언스 개발에 관한 연구

  • Shin, Young-Jin (Division of AI Software Engineering-Information Security, PaiChai University)
  • 신영진 (배재대학교 AI소프트웨어공학부 정보보안학)
  • Received : 2022.04.17
  • Accepted : 2022.05.20
  • Published : 2022.05.28
Download PDF
⟨ Previous Next ⟩

Abstract

This study tried to suggest crisis management compliance to prevent personal information infringement accidents that may occur in the process because the data including personal information is being processed in the artificial intelligence (AI) service process. To this end, first, the AI service provision process is divided into 3 processes such as service planning/data design and collection process, data pre-processing and purification process, and algorithm development and utilization process. And 3 processes are subdivided into 9 stages following to personal information processing stages to infringe personal information. All processes were investigated with literature and experts' Delphi. Second, the investigated personal information infringement factors were selected through FGI, Delphi, etc. for experts. Third, a survey was conducted with experts on the severity and possibility of each personal information infringement factor, and the validity and adequacy of the 94 responses were verified. Fourth, to present appropriate risk management compliance for personal information infringement factors in AI services, a method for calculating the risk level of personal information infringement is prepared by utilizing the asset value of personal information, personal information infringement factors, and the possibility of infringement accidents. Through this, the countermeasures for personal information infringement incidents were suggested according to the scored risk level.

본 연구는 인공지능 서비스과정에서 개인정보를 포함한 데이터가 처리되고 있고, 그 과정에서 발생 가능한 개인정보 침해사고를 방지하기 위한 해결방안으로 개인정보 침해요인에 대응하는 위기관리 컴플라이언스를 마련하고자 한다. 이를 위해 먼저, 문헌조사 및 전문가 Delphi를 거쳐 처리과정을 범주화를 하였는데, 인공지능서비스 제공과정을 서비스기획·데이터 설계 및 수집과정, 데이터 전처리 및 정제과정, 알고리즘 개발 및 활용과정으로 구분하고, 3개 과정을 9단계의 개인정보처리단계로 다시 세분화하여 개인정보 침해요인을 구성하였다. 둘째, 조사한 개인정보 침해요인을 전문가 대상의 FGI, Delphi 등을 통해 선정하였다. 셋째, 각 개인정보 침해요인에 대한 심각도 및 발생가능성에 대해 전문가대상으로 설문조사하였으며, 94명의 응답결과에 대해 타당성 및 적정성을 검증하였다. 넷째, 인공지능 서비스에서의 개인정보 침해요인에 대한 적절한 위기관리 컴플라이언스를 제시하기 위해, 개인정보의 자산가치, 개인정보 침해요인, 개인정보침해사고 발생가능성을 활용하여 개인정보 침해위험도 산정방식을 마련하였으며, 이를 통해 점수등급에 따라 위험정도에 따른 개인정보 침해사고 대응방안을 제시하였다.

Keywords

Acknowledgement

This work was supported by the Ministry of Education of the Republic of Korea and the National Research Foundation of Korea(NRF-2021S1A5A2A01069913)

References

  1. Personal Information Protection Committee. (2021. 5. 31). Artificial Intelligence (AI) Personal Information Protection Self-Checklist.
  2. The legislative power plant. (2018). Overseas discussions on AI privacy issues(Online). http://blog.naver.com/PostView.nhn?blogId=legislationpp&logNo=221408527453
  3. K. W. Kug. (2019. 3. 2). Application examples by Artificial intelligence technology and industry, Weekly trend, 15-27.
  4. R. Goosen, A. Rontojannis, S. Deutscher, J. Rogg, W. Bohmayr & D. Mkrtchian. (2018. 11. 13). Artificial Intelligence Is a Threat to Cybersecurity. It's Also a Solution. Technology & Digital BCG(Online). https://www.bcg.com/publications/2018/artificial-intelligence-threat-cybersecurity-solution.aspx
  5. National Information Society Agency. (2017). Korea AI Company Status Survey Report, 1-119.
  6. D. H. Kim. (2021. 5. 23). AI guidelines' from around the world will compete.. A small step domestically. News Tomato(Online). http://m.gobest.news.dreamwiz.com/NEWSAXmV7Is1a3AFLjqbk89k
  7. UK Biometrics and Forensics Ethics Group. (2019). Ethical issues arising from the police use of live facial recognition technology. Interim report of the Biometrics and Forensics Ethics Group Facial Recognition Working Group.
  8. Australian Government, Department of Industry, Science, Energy, and Resource. (2019). Artificial Intelligence: Australia's Ethics Framework, A Discussion Paper, 1-76.
  9. J. L. Kim. (2018). Relation between Artificial Intelligence and Information Security. Communications of the Korean Institute of Information Scientists and Engineers. 36(2), 14-17. https://doi.org/10.5573/ieie.2018.55.10.14
  10. D. S. Choi. (2016). Artificial Intelligence and Fintech Security. Review of KIIC, 26(2), 35-38.
  11. D. S. Choi. (2017). Artificial Intelligence and Security. The Journal of The Korean Institute of Communication Sciences, 34(10), 31-37.
  12. E. J. Hong, S. J. Lee, D. W. Hong & C. H. Seo. (2019). Analysis of privacy issues and countermeasures in neural network learning, Journal of Digital Convergence. 17(7), 285-292. https://doi.org/10.14400/JDC.2019.17.7.285
  13. S. H. Park & D. S. Choi. (2017). Artificial Intelligence and Security Issues, Review of KIISC, 27(3), 27-32.
  14. C. H. Park & D. W. Hong. (2019). Differential Privacy Technology Resistant to the Model Inversion Attack in AI Environments. Journal of the Korea Institute of Information Security & Cryptology, 29(6), 589-598. DOI : 10.13089/JKIISC.2019.29.3.589
  15. L.Floridi et al. (2018). AI4People-An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations. Minds and Machines. 28, 689-707. DOI : 10.1007/s11023-018-9482-5
  16. Y. J. Shin. (2021). The Improvement Plan for Personal Information Protection for Artificial Intelligence (AI) Service in South Korea. Journal of Convergence for Information Technology. 11(3), 20-33. DOI : 10.22156/CS4SMB.2021.11.03.020
  17. Y. J. Shin. (2021). A Study on the Application of Responsibility and Principle for Personal Information Protection in AI Services. Korea Criminal Intelligence Review, 7(1), 45-74. https://doi.org/10.33563/KSCIA.2021.7.1.3
  18. G. B. Song & J. K. Lee. (2020). Discussions on the Commercialization of AI and the Protection of Personal Information - Focusing on Image Data and Profiling -. Korean Security Journal, 65, 453-476. https://doi.org/10.36623/KSSR.2020.65.19
  19. J. H. Kim et al. (2016). A study on the protection of personal information in the field of artificial intelligence and robotics, Personal Information Protection Committee.
  20. Korea Internet & Security Agency. (2020). A Study on Improvement Plans for Personal Information Protection Policy for Fostering the Artificial Intelligence Industry. Service Proposal Request Form.
  21. Personal Information Protection Committee & Korea Internet & Security Agency. (2021). Artificial Intelligence and Personal Information Protection. The 6th Pseudonym Information Expert Training Materials.
  22. National Information Society Agency. (2018). Threats, and countermeasures against the exploitation of artificial intelligence. NIA Special Report.
  23. M. Comiter. (2019). Attacking Artificial Intelligence. Harvard Kennedy School Belfer Center for Science and International Affairs, 2019-08.
  24. Ministry of Science, Technology, and Information & National Information Society Agency. (2021). A guide to building datasets for artificial intelligence learning.
  25. Personal Information Protection Commission. (2015). Analysis of personal information infringement factors in the Internet of Things era and investigation of actual cases. Personal Information Protection Committee.
  26. H. J. Shim. (2018). The Paradox of Artificial Intelligence (AI) and Privacy: Focusing on AI Voice Assistants. KISDI Premium Report.
  27. B. G. Lee. (2021). The final report on the development of AI dysfunction prevention technology by deceptive attacks. Information and Communication Planning and Evaluation Institute, Ministry of Science and ICT
  28. D. H. Kim, S. W. Yoon & Y. P. Lee. (2013). Security for IoT Service. The Journal of The Korean Institute of Communication Sciences. 30(8), 53-59
  29. J. H. Jeon. (2015). Analysis on the Security threat factors of the Internet of Things. Convergence security journal. 15(7), 47-53.
  30. Y. J. Shin. (2020). A Study on Developing and Applying Framework and Assessment Standard of Its Conformity of Personal Information Protection for IoT Service Subject. Journal of Korean Association of Regional information Society, 23(2), 83-117 https://doi.org/10.22896/KARIS.2020.23.2.004
  31. S. J. Sohn & S. J. Ahn. (2021). A Study on the Artificial Intelligence Ethical Principle Classification Model. Proceeding of the Korean Association of Computer Education. 25(2), 111-114.
  32. Korea Internet & Security Agency. (2021). Main contents of EU artificial intelligence (AI) regulation and protection of personal information. Monthly trend analysis of personal information protection. 5, 1-15.
  33. K. J. Choi. (2015). A Study for Developmental Change of Personal Information Protection Law System in the Age of Big Data and Internet of Things (IoT). Chung_Ang Law Review, 17(4), 7-50. https://doi.org/10.21759/CAULAW.2015.17.4.7
  34. Y. D. Kim and W. C. Jang. (2016). Direction of Improvement of Privacy Protection Regulation for Promoting Artificial Intelligence Industry. Journal of Law and Economic Regulation, 9(2), 161-176
  35. C. H. Lim, J. Y. Kim & J. H. Choi. (2009). Profiling of Cyber-crime by Psychological View, Journal of the Korea Institute of Information Security and Cryptology, 19(4), 115-124. https://doi.org/10.13089/JKIISC.2009.19.4.115
  36. EU. (2016). General Data Protection Regulation (GDPR).
  37. Personal Information Protection Commission & Korea Internet & Security Agency. (2020). Personal Information Impact Assessment Performance Guide.
  38. Cyber Security Strategic Headquarters. (2018). Severity evaluation criteria (draft) for critical infrastructure service failures due to cyber attacks(Online). https://www.nisc.go.jp/conference/cs/ciip/dai14/pdf/14shiryou 12-2 .pdf
  39. Korea Internet & Security Agency. (2021). Main contents of EU artificial intelligence (AI) regulation and protection of personal information. Personal Information Protection Monthly Trend Analysis, 5, 1-15