Academic & Social Efforts for

Privacy Protection in Korea

Tai M ChungSungkyunkwan University

tmchung@skku.edu

CONTENTS

2 Research Efforts for Privacy Protection

4 How we make the Privacy Safe?

1 Privacy Related Incidents & Damage

3 Activities & Groups for Privacy Protection

Notable Privacy Related Incidents

• 12million Privacy data are leaked by KT hacking incident using vulnerable homepage

• More than 100 million customer information are leaked from Credit Card Corporations

• Credit card information is exposed by malicious codes in POS devices

• 11 thousand customer information are leaked from SC bank

2013

2014.01

2014.04

2014.06

2015.01

• Patient Information are leaked due to improper operation by entrusted company

• 1.9 million customer data are leaked from online community site - ppomppu

2015.09

Privacy Data is Critical?

Cash Service

Reissue digital certificate

Leaked financial info

Impersonation by forged Digital

Certificate

Save Medical Records

Acquire othermedical records

Physical,Economical crime

Extract medical records by hacking

Forge Caller ID

Leaked Info

Call the target

Request money transfer

Research for Privacy in Academia

Research Activities for legal issues and policies in

Universities and research firms

System/

Model

51%Developme

nt

28%

Law/

Policy

19%

Survey/

Analysis

2%

# of Thesis

Laws

38%

Policies

35%

Social

12%

Tech.

9%

Etc

6%

Privacy related research in

Korean universities

출처 : 자체조사 출처 : RISS, DB pia

Research Activities for Technical issues and solutions in

Universities and research firms

Reseach Issues for Privacy in Korea

한국 대학에서는 법안 및 정책 관련개인정보보호 연구가 다수 진행 중

시스템/모델

51%

기술개발

28%

법안/정책

19%

조사/분석

2%

국내 논문 수

법안

38%

정책

35%

사회

12%

기술

9%

기타

6%

한국 대학의 개인정보보호 관련 연구

분야

최근 3년간의 국내 연구논문은시스템/모델 제안 및 연구가 가장 많음

출처 : 자체조사 출처 : RISS, DB pia

Classificatio

nTitle Summary

PolicyA study on the user information sharing form and ethical issues of Big Data Era

Analysis of personal information exposure based on big data

PolicyThe advent of big data environment and schemes of personal information security

Consideration privacy issues through big data

PolicyPerceived risks and privacy concerns in IoT environment: The moderating effect of security technologies and government support

Study on schemes of privacy protection in IoTenvironment

SocietyThe effect and causality of personal information securitymeasures: Empirical analysis and its implications for policies of personal information security by corporations and persons

A research on fundamental security schemes of the personal information

SocietyInfluencing factors on the acceptance of advertising of smartphone users: The dilemma between personalized service and the privacy security

Analysis of decision factors necessary to the personal information exposures and security

LegislationA study of multidimensional realization range of forgetting right in context social norms: One - focused on the comparison and the US -EU legal, technical, comparison of the services market

A study of right to be forgotten security

LegislationA study of agree of the information subject and fundamental rights guaranteed in the personal information security law

A study of ways to improve proceedings of personal information agreement for personal information self-determination guaranteed

TechnologySolution of the paradox about privacy information – Modeling of SNS users as active agents

A study of privacy control schemes as aspect of an active actor

Technology

A study on the privacy security through the acquisition prohibition of resident registration number(RRN) and application of identification means: Focusing on online and offline personal information collecting forms in the private sector

Study on the security and appropriate use cases of RRN

Education A research on education system of information security in Korea Research on education system for information security

Privacy Protection & Technologies

Increase services using IoT

• User friendly

• Smart home, Smart Car, etc

incidents due to IoT deployment

• SPAM , DDoS through IoT devices

• Over fee payment because of manipulated

IoT device by hacker

Value creation from Big Data

• Personalized & customized services

• Risk analysis based on privacy data

More victim from Big Data

• Exposed privacy

• Secondary damage by exposed privacy data

Service Increase with Cloud Computing

• Continuous business environment

• No place restrictions - convenient

More Victims from Cloud Computing

• Data loss by out of storage business

• Paralyzed service by cloud server attack

Privacy Related Groups in Korea

Conference

Forum

Korea Internet & Security Agency

Korea Chief Privacy Officers’ FORUM

Financial Security Institute

Korea Internet & Security Agency

Korea Internet & Security AgencyPersonal Information Protection Commission

Network Security Conference

Privacy Global Edge

Financial Information Security Conference

Personal Information Security Forum

Asia Pacific Privacy Authorities

Various Efforts for Privacy Protection

• U-PRIVACY SAFER(easycerti), Privacy-i(Somansa), V3 365 Clinic (AhnLab) are the solutions for privacy protection by industry

• CPO Forum & OPA • Privacy Information Portal

• Universities• Research Organization• Government

We all Need to Focus on !!!

Industries

산학협력을 통한 새로운개인정보 기술의 연구개발

Organizations

Inter-national

Research for New technology

Security tech. for new environments

Practice in Daily Life

Culture of Security

What Could be the Future of Privacy?

Questions & AnswersQuestions & Answers