• International Journal of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.244-259
• /
• 2021

The economic value of personal information has its importance as an objective measure of valuation in commercial, legal, and policy areas. Until recently, however, personal information subjects have not properly recognized the economic value of personal information, which has led to the inability to exercise the right to self-determination of personal information by unconsciously agreeing to the terms and conditions of personal information service without recognizing the value of personal information provided to the service provider when subscribing to a specific service. Therefore, we will examine the methodologies for calculating the economic value of personal information and the practical guarantee of the right to self-determination of personal information and analyze the economic value of personal information through a survey. Also, we would like to propose various ways for the subject of personal information with limited cognitive resources to visually accept the economic value of personal information required by the terms and conditions and suggest the optimal visualization of personal information economic value to exercise the right to self-determination of personal information. To do so, in this paper, we have conducted two survey experiments to estimate the economic value of personal information. Based on the price of personal information by category retrieved from surveys, we have visualized the price of personal information in various forms and asked respondents to choose the optimal infographic that best represents the value of personal information visually. As a result, we have proposed an optimal usage of the infographic to 'nudge' information subjects about their right to self-determination of personal information, therefore opening the possibility of diminishing privacy paradox.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.19 no.3
• /
• pp.37-44
• /
• 2023

In the future society, a means to verify the identity of the information owner is required at the beginning of most services that the information owner encounters, and the emergence and gradual spread of digital identification that proves the identity of the information owner is essential. In addition, as the utilization value of personal information increases, discussions on how to provide personal information are active. Therefore, there is a need for a personal information management method necessary for building a hyper-connected society that is safe from various hacking, forgery, alteration, and theft by allowing the owner to directly manage and provide personal information management. In this study, a decentralized identity information management model that overcomes the problems and limitations of the centralized identity management method of personal information and manages and selectively provides personal information by the information owner himself and implemented a smart personal information provision system(SPIPS: Smart Personal Information Provision System) using a smartphone.

• Journal of Information Processing Systems
• /
• v.6 no.2
• /
• pp.185-196
• /
• 2010

This paper proposes a personal information protection model that allows a user to regulate his or her own personal information and privacy protection policies to receive services provided by a service provider without having to reveal personal information in a way that the user is opposed to. When the user needs to receive a service that requires personal information, the user will only reveal personal information that they find acceptable and for uses that they agree with. Users receive desired services from the service provider only when there is agreement between the user's and the service provider's security policies. Moreover, the proposed model utilizes a mobile agent that is transmitted from the user's personal space, providing the user with complete control over their privacy protection. In addition, the mobile agent is itself a self-destructing program that eliminates the possibility of personal information being leaked. The mobile agent described in this paper allows users to truly control access to their personal information.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.2
• /
• pp.587-608
• /
• 2022

The European Union recently established the General Data Protection Regulation (GDPR) for secure data use and personal information protection. Inspired by this, South Korea revised their Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Use and Protection Act, collectively known as the "Three Data Bills," which prescribe safe personal information use based on pseudonymous data processing. Based on these bills, the personal data store (PDS) has received attention because it utilizes the MyData service, which actively manages and controls personal information based on the approval of individuals, and it practically ensures their rights to informational self-determination. Various types of PDS models have been developed by several countries (e.g., the US, Europe, and Japan) and global platform firms. The South Korean government has now initiated MyData service projects for personal information use in the financial field, focusing on personal credit information management. There is also a need to verify the efficacy of this service in diverse fields (e.g., medical). However, despite the increased attention, existing MyData models and frameworks do not satisfy security requirements of ensured traceability, transparency, and distributed authentication for personal information use. This study analyzes primary PDS models and compares them to an internationally standardized framework for personal information security with guidelines on MyData so that a proper PDS model can be proposed for South Korea.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.18 no.1
• /
• pp.37-45
• /
• 2022

With the development of the 4th industry, big data using AI is being used in many areas of our lives, and the importance of data is increasing accordingly. In particular, as various services using personal information appear and hacking attacks that exploit them appear in various ways, the importance of personal information management is increasing. Personal information must be managed safely even when collecting, retaining, using, providing, and destroying personal information, and the rights of information subjects must be protected. In this paper, an analysis was performed on the notification of usage history during the protection of the rights of information subjects using the MyData model. According to the Personal Information Protection Act, users must be periodically notified of the use of personal information, so we notify each individual of the use of personal information through e-mail or SNS once a year. It is difficult to understand and manage which company use my personal information. Therefore, in this paper, a personal information usage history notification system model was proposed, and as a result of performance analysis, it is possible to provide the controllability, availability, integrity, source authentication, and personal information self-determination rights.

• Journal of Information Technology Services
• /
• v.19 no.4
• /
• pp.13-30
• /
• 2020

Not only does it cause damage to individuals and businesses due to the occurrence of large-scale personal information leakage accidents, but it also causes many problems socially. Companies are embodying efforts to deal with the threat of personal information leakage. However, it is difficult to obtain detailed information related to personal information leakage accidents, so there are limitations to research activities related to leakage accidents. This study collects information on personal information leakage incidents reported through the media for 15 years from 2005 to 2019, and analyzes how the personal information leakage incidents occurring to companies are related to the characteristics of the company. Through the research results, it is possible to grasp the general characteristics of personal information leakage accidents, and it may be helpful in decision making for prevention and response to personal information leakage accidents.

• Journal of Information Technology Services
• /
• v.13 no.2
• /
• pp.163-172
• /
• 2014

Personal information has been stolen continuously and it is also affected from development of the Internet. So the government requires that companies spend more effort for protecting customers' personal information. The OLAP server also should meet this requirement, but it is hard to satisfy for the authority management. The OLAP server must use personal information to extract required information from database. This thesis suggests a model of separating between general information and personal information, so this model can help to minimize the leakage of personal information. The model is implemented and tested as a prototype. This prototype can prove that the new model is better than the original one. This study presents that the authority management on the separation between personal information and general information helps protect the personal information of customers.

• Smart Media Journal
• /
• v.12 no.9
• /
• pp.95-102
• /
• 2023

As the utilization value of personal information increases, discussions on how to provide personal information are active, but information required by institutions to utilize personal information is being exposed more than necessary. Therefore, personal privacy protection is essential to overcome the problems and limitations of personal information protection. In this study, a decentralized identity information management model that overcomes the problems and limitations of the centralized identity management method of personal information and manages and selectively provides personal information by the information owner himself and demonstrates the excellence of personal information by implementing the Smart Personal Information Provision System (SPIPS) in the PBFT consensus algorithm through experiments.

• Journal of Digital Convergence
• /
• v.19 no.12
• /
• pp.125-132
• /
• 2021

This study analyzed the multi-mediating effects of information security, personal information infringement, personal experience, and information security intention in the relationship between personal information protection and information security attitude. For this purpose, a survey was conducted on 221 students from G University. First, information security, personal information infringement, and information security awareness had a simple mediating effect. Second, information security, personal information infringement, personal experience, and information security consciousness had parallel multi- mediation effects. Third, personal information infringement and information security awareness had a simple mediating effect in the parallel multiple mediation state. Fourth, information security had a simple mediating effect, but it was found that there was no simple mediating effect in the parallel multiple mediation state. This study is meaningful in that it empirically compared the simple and multi-mediation effects.

• Journal of Information Technology Services
• /
• v.15 no.4
• /
• pp.41-62
• /
• 2016

In Internet of Things (IoT) era, more diverse types of information are collected and the environment of information usage, distribution, and processing is changing. Recently, there have been a growing number of cases involving breach and infringement of personal information in IoT services, for examples, including data breach incidents of Web cam service or drone and hacking cases of smart connected car or individual monitoring service. With the evolution of IoT, concerns on personal information protection has become a crucial issue and thus the risk analysis and management method of personal information should be systematically prepared. This study shows risk factors in IoT regarding possible breach of personal information and infringement of privacy. We propose "a risk analysis framework of protecting personal information in IoT environments" consisting of asset (personal information-type and sensitivity) subject to risk, threats of infringement (device, network, and server points), and social impact caused from the privacy incident. To verify this proposed framework, we conducted risk analysis of IoT services (smart communication device, connected car, smart healthcare, smart home, and smart infra) using this framework. Based on the analysis results, we identified the level of risk to personal information in IoT services and suggested measures to protect personal information and appropriately use it.