효율적인 웹마케팅 활동을 위한 개인정보 수집방법 연구

박경신 경희대학교 일반대학원 2011 국내박사

With the wide spread of the Internet usage, many firms have shown interests over marketing through the Internet. Since customers’personal information takes a vital role as the basis for an effective marketing strategy, firms are spending great efforts on collecting customers’ personal information. However, customers shun providing their personal information or they do it with a great concern due to the chance of their information being exposed to excessive spam mail or text messages, and being subject to the Internet crime such as phising or pharming. Moreover, customers’distrust and resistance over the Internet advertisement have increased since many of them require customers to enter their personal information in order to view the contents. Therefore, the personal information provided on the Internet often is inferior in both its quality and quantity, and often contains fallacious information. This antinomy raises some interesting questions on whether such imprudent collection of customers’ personal information is advantageous or disadvantageous for the firms. Firms make sizable investments on marketing promotions to collect customer information and to create customer relationships based on mutual trust. However, the imprudent marketing strategy of collecting customers’ personal information may increase customers’distrust over the firm. Then, how could a firm collect accurate customer information without endangering customer-firm relationship? In this research, to provide a clue for such question, I designed a conceptual model showing the influence of customers’ concern and involvement on their information offering, and the offering on their post-involvement behavior. I tested the model and gained empirical results, which follow. First, customers displayed different levels of active offering of their personal information depending on their level of involvement. According to my results, customers showed high active and low passive offering when they had high situational involvement. When they had high enduring involvement, they showed high active offering while there was no significant effect on the passive offering. Second, I was able to confirm that customers were, in fact, concerned about providing their personal information on the Internet. They displayed traits of passive offering or negative effects on active offering over four types of information collection concerns: unauthorized access, error, collection, and second use. Especially, it can be inferred that customers have high concern over their personal information being abused from the result of the high correlation between customer concern, error, and unauthorized access. This result directly reflects the increase in customers’concern of providing personal information due to the recent leak of customer information from several Internet based companies with a large list of members. Third, to review the relationship between offering and post-involvement behavior, customers who made active offering showed high regret while who made passive offering demonstrated high continuous commitment. Fourth, customers showed higher continuous involvement, situational involvement, concern for error, active offering, and regret in commercial transactions than in non-commercial transactions. It can be inferred from this result that commercial transactions bear higher risk of the loss from the partner’s opportunistic behavior than non-commercial transactions. Moreover, we confirmed that customers perceive lower risk and show active offering when providing their personal information to non-commercial websites such as the government sites.

국내 통신사업자의 개인정보 생명주기 분석을 통한 유출방지시스템 구축에 관한 연구

이기혁 건국대학교 대학원 2010 국내박사

Accidents where personal information is leaked as the side effect of the information age has been used in crimes, arising problems in the society. So in this thesis, we developed a personal information leak prevention system based on domestic telecommunications service provider that has the most personal information of their clients. The provided system has been researched to safely protect personal information of the client based on the personal information protection architecture and personal information technical elements by analyzing all process that consists of collection, storage, usage, transmission, destruction. Companies had many different security solutions between heterogeneous devices that have been deployed for every personal information leakage accident. The security logs that occur among heterogeneous devices, To manage the personal information leak in priority, By systematic analysis of the personal life cycle we analyzed each danger elements in an integrated manner, To make it possible to monitor real time and respond quickly In this view, the proposed system monitors the control of database access, the malfunction of the network, the control of inner employees in a integrated way not just determining the danger in a specific location but using information of many areas and determining the danger overall, and it extracts and analyzes the danger elements by monitoring the whole security solution system real time, so we can determine the level of danger instantly. There are 5 parts to the core modules of the proposed system, and in the personal information collection module, it takes part in collecting information of the security violation actions of personal information and network related information and collects and transmits various security logs that occur in security solutions that have been installed for information protection subjects. In the security event collection module, it performs log filtering and contraction of normalized events to effectively manage transmitted security logs. In the danger analysis module, it takes part in analyzing the danger of preprocessed security events, and evaluates the danger level about the danger of leakage that can occur when personal information is leaked in coordination with the importance of leaked personal information that has been detected based on security logs and the pattern analysis about leakage types and the personal information danger scenario. Lastly, the integrated monitoring module and real time alert and reporting module can observe in real time and notify for each personal information life cycle, for control measures, and for danger level way. Proposed system can be taken advantage of not only in the telecommunications company but in other industries and in this thesis it will contribute to the nation’s competitiveness by protecting the people’s personal information.

환자 개인정보보호에 관한 간호사의 지식, 인식 및 실천

김수연 전북대학교 일반대학원 2012 국내석사

Purpose: This study was aimed to describe the nurses’ knowledge, awareness and performance level of the patient’s personal information protection and to find out the related factors associated with the nurses’ performance for protecting the patient’s personal information. Methods: A cross-sectional survey was used and the data were collected in 2012. Participants were 420 professional nurses who had worked in the general units of seven medical hospitals in South Korea. A questionnaire was distributed to nurse managers of seven hospitals, who distributed it to 420 nurses, 351 of whom responded (response rate 83.6%). Nine were discarded due to incomplete responses, leaving 342 for data analysis. Data were analyzed using the SPSS 18.0 Window program. Results: The levels of nurses’ knowledge, awareness and performance about patient’s personal information protection were not high - moderate or less. Among subjects’ characteristics, age, education level, and clinical experience year were statistically significantly related to nurses’ performance for patients’ personal information protection. Among organizations’ characteristics, one variable ‘whether it has a shredder or not’ was statistically significantly related. Also, there was a statistically significant positive relationship between nurses’ awareness about patients’ personal information protection and nurses’ performance for. In addition, the nurses’ performance score for protecting patients’ personal information was higher for people who had heard about the Personal Information Protection Law or attended education programs related to personal information protection than people who hadn't, with statistical significance (p<.05). Conclusion: To increase nurses’ performance for patient’s personal information protection, we need to enhance nurses’ awareness about patient’s personal information protection. For this, nurses’ self studies and organizational education programs related to personal information protection will be needed. Also organizational support, such as shredder equipment, making a related rule, and so forth, should be provided. These findings can be used in developing effective action strategies for nurses and medical organizations to protect patients’ personal information. Further research is required to identify other factors related to the nurses’ performance for patients’ personal information protection.

개인정보 유출방지를 위한 개인정보보호 통합시스템 설계

정수호 충북대학교 2018 국내석사

제4차 산업혁명에 따라 빅 데이터, IoT, AI 기술 등이 발전하여 우리 사회에 영향을 미치고 있다. 대량의 정보를 습득하기가 쉬워졌으며 공공기관, 민간기업 등 각 기관은 대량의 개인정보를 쉽게 취득할 수 있다. 이 때문에 개인정보 관리 부주의, 해킹 등에 따라 개인정보 유출 사고가 빈번하게 발생하고 있다. 우리나라는 「개인정보보호법」, 「개인정보 안전성 확보조치 기준」 등 법령을 마련하여 개인정보를 보호하려 노력해왔다. 실제로 정부, 공공기관, 민간기업은 법령을 준수하기 위해 DB 암호화, DB 접근제어 등 다양한 개인정보보호 솔루션을 도입하여 운영하고 있다. 하지만 제한된 인력으로 다양한 개인정보보호 솔루션을 효율적으로 운영하기 힘든 실정이다. 본 논문에서는 효율적으로 운영하기 힘든 분산된 개인정보보호 솔루션을 통합 운영할 수 있도록 하고자 개인정보보호 통합시스템을 설계하여 제안하였다. 구체적인 설계 내용은 다음과 같다. 주요기능으로 개인정보보호 솔루션 관리, 통합 모니터링, 개인정보 유출 사고 징후 탐지, 소명관리로 4개로 구성하였다. 개인정보보호 솔루션 관리는 분산되어 있는 각각의 개인정보보호 솔루션을 통합하여 관리하는 기능이며, 통합 모니터링은 각각의 개인정보보호 솔루션의 데이터, 로그 등을 분석해 실시간으로 개인정보 유출사고를 탐지·차단 할 수 있도록 화면으로 도식화해주는 기능이다. 개인정보 유출 사고 징후 탐지는 각각의 개인정보보호 솔루션의 로그 간에 상관관계 등을 분석하는 기능이며 소명관리는 개인정보 유출사고 의심 행위 발생 시 행위자에게 소명을 요청하여 관리하는 기능이다. 구성은 Agent, Manager, Log/Data Collection, Log Analysis. Log/Data DB, Manager DB, 개인정보보호 솔루션 영역 7개로 구성하였다. 그리고 앞서 발생한 개인정보 유출 사고 시나리오에 적용하여 개인정보보호 통합시스템을 이용한 효과적인 개인정보보호 가능성을 검증하였다. 본 논문에서 제안한 개인정보보호 통합시스템을 공공기관, 민간기업 등 각 기관에서 운영을 한다면 담당자 부주의로 인한 개인정보 유출/노출사고는 현저히 줄어 들 것이고 해킹으로 개인정보 유출사고가 발생하더라도 전 구간 모니터링 및 로깅으로 신속하게 사후 조치를 할 수 있을 것이라 기대된다. Today, as IT technology such as Big Data, AI, IoT develops, companies can collect and accumulate a lot of information. Specially, companies store a large amount of personal information because their personal information is easy to acquire and handle by using IT technology. As a result, personal information leakage accidents caused by hacking, intentions or mistakes of dispatch and full-time employees are serious problems in our society. The government and related organizations are guiding the public institutions and private enterprise to handle personal information safely by using「Personal Information Protection Act」and so on. Accordingly, They are trying to protect personal information safely by building various personal information protection solutions such as DB Encryption and DB Access Control, DRM and so on. Despite these efforts, personal information leakage accidents occur frequently every year. In this thesis, we consider that it is difficult to operate the system with a limited number of personal information protection solutions. we plan to organize and integrate personal information protection solutions in an organic way and contribute to the prevention of personal information leakage accident through the design of Integrated Privacy Protection System

(A) study on analysis of personal information risk sing importance-performance analysis

정수진 高麗大學校 情報保護大學院 2016 국내석사

For newly incoming technologies owing to the advancements in information and communications technology, the new form of information occurs due to the combination form of personal information. In turn, personal information which is combination with existing personal information is on the increase. It is difficult to equalize the method in order to analysis the degree of risk for personal information because it is qualitative method which is defined on the current Personal Information Protection Law. This dissertation presents the model to assess the degree of risk by using the IPA(Importance-Performance Analysis) after measuring the importance and the weighted value for the personal information based on the existing the method of risk assessment. Through the model suggested in this dissertation, the subjective judgement can be excluded, the combination of personal information can be assessed and the standard criteria which is used as the objective indicators from the quantitative degree of risk can be suggested.

A Study on Removal Request of Exposed Personal Information

Jung, Bo Reum 고려대학교 정보보호대학원 2016 국내석사

Although online search engine service provide a convenient means to search for information on the World Wide Web, it also poses a risk of disclosing privacy. Regardless of such risk, most of users are neither aware of their personal information being exposed on search results nor how to redress the issue by requesting removal of information. According to the 2015 parliamentary inspection of government offices, many government agencies were criticized for mishandling of personal information and its leakage on online search engine such as Google. Considering the fact that the personal information leakage via online search engine has drawn the attention at the government level, the online search engine and privacy issue needs to be rectified. This paper, by examining current online search engines, studies the degree of personal information exposure on online search results and its underlying issues. Lastly, based on research result, the paper provides a sound policy and direction to the removal of exposed personal information with respect to search engine service provider and user respectively.

個人情報의 保護에 관한 公法的 硏究 : 個人情報保護機構의 改善方案을 中心으로

성민경 延世大學校 法務大學院 2006 국내석사

오늘날 통신과학기술과 인터넷의 보급으로 인한 디지털 정보혁명은 누구나 언제 어디에서나 손쉽게 유용한 정보를 수집,이용할 수 있게 함으로써 모든 생활영역에서 다양한 변화와 함께 우리에게 수많은 혜택을 안겨주었다.그러나 한편으로는 정보의 무제한적이며 빠른 유통과 수집,처리,통합으로 인해 정보의 오남용의 문제가 심각해지고 있다. 특히 개인정보에 있어 무분별한 이용과 관리는 개인의 프라이버시에 상당한 위험을 초래하고 있다.본 연구는 이러한 개인정보의 오남용을 방지하며 나아가 개인의 프라이버시침해를 최대한 보호하기 위해 관련 법제와 이를 운영할 개인정보보호기관의 개선 방안을 모색해 보았다.제1장에서는 본 연구의 목적과 범위 그리고 연구방법에 대해 간략히 설명하였다.제2장에서는 개인정보보호의 공법적 기초로서 개인정보가 무엇이며 그 보호의 중요성 및 필요성에 대해 논의 하였다.그리고 개인정보보호를 위한 기본권으로서 자신에 관한 정보가 언제 누구에게 어느 범위까지 알려지고 이용되도록 할 것인지를 정보주체가 스스로 통제하고 결정할 수 있는 권리인 개인정보통제권에 대해서 자세히 알아보았다.제3장에서는 국제사회에 있어서 개인정보보호를 위한 노력으로서 3가지 규범을 소개해 보았다. 우선 OECD의 개인정보보호 8원칙과 UN의 개인정보 가이드라인등 국제기구의 개인정보보호를 위한 동향과 유럽연합의 개인정보보호지침을 꼼꼼히 살펴보았다. 이는 과거 많은 국가의 개인정보보호를 위한 규범의 기본적인 방향을 제시 하였으며 지금까지도 여러 각국의 규범에 많은 영향을 주기 때문이다.이어서 독일, 영국, 프랑스, 캐나다, 미국, 일본 등 주요 국가의 개인정보보호정책과 법률을 검토해 보았다. 이상 6개국은 개인정보보호에 관한 사회적 문화적 인식과 법률체계가 어느 나라 보다 앞서 있으며 그에 대한 노력 또한 우리에게 좋은 본보기가 될 수 있기에 이상 6개국의 법제와 우리법제의 비교법적 검토가 필요하기 때문이다.다음으로 우리나라의 개인정보보호관련 법제에 대해 살펴보았다.우리의 경우 공공부문과 민간부분을 따로 규정한 이원적 법률체계로 인한 개인정보보호 공백의 발생 문제와 각각의 개별법으로 규정된 개인정보보호 범위의 혼란으로 야기된 문제가 적지 않다. 따라서 그에 따른 개선방안으로 개인정보보호관련 법률을 통합 정비하여 제정한다면 보호원칙의 통일성 제고와 함께 일관된 정책수립이 가능하여 보다 확실하게 보호의 공백을 메울 수 있을 것이다.제4장에서는 개인정보보호를 위한 법률과 정책 등을 가장 효과적으로 운용하기 위해서는 개인정보의 오남용의 사전예방과 사후구제를 담당할 적절한 기구가 필요할 것이다. 따라서 개인정보보호기관에 대해 알아보았다우선 제3장에서와 같이 주요선진국의 개인정보보호기관의 특징과 운영 실태를 면밀히 살펴보고 이어서 우리나라의 개인정보보호관련 기관을 살펴보았다.그 비교를 통해 도출된 문제점은 우리의 개인정보보호기관이 공공부문과 민간부문으로, 다시 개별법상으로 산재되어 있기 때문에 보호의 공백이 발생하며 기관의 독립성이 확보되지 못하기 때문에 나타나는 권한과 기능의 약화로 인해 보호목적을 충분히 달성하지 못하는데 있다.제5장은 본 연구의 핵심이라 할 수 있는 개인정보보호기관의 개선방안에 대한 논의를 그 중심으로 하였다.우선 개인정보관련 정부부처로부터 독립되어있어야만 그 보호와 감독에 공정을 기할 수 있을 것이다. 한편 독립성의 최대보장을 위해서는 완전한 독립기구 형태가 바람직할 것이나 보호감독기능의 실효성 문제도 간과할 수 없는바 그 독립성과 실효성의 적절한 조화와 절충이 필요할 것이다.다음으로 공공부문과 민간부문으로 나누어진 기관의 통합에 관한 논의로써 단일기구로 통합된다면 역시 통합 제정된 법률을 효율적으로 운영할 수 있을 뿐만 아니라 정보주체가 자신의 정보가 어디에서 어떻게 처리되는지 쉽게 알 수 있고 보호에 대한 강한 믿음을 가질 수 있으며 권리침해시 단일 창구를 통해 권리구제를 쉽고 빠르게 받을 수도 있을 것이다.마지막으로 개인정보보호기구의 위상을 독립의 문제와 연결하여 논의 하고 이어 조직의 형태와 위원의 구성방식과 임명방식 그리고 임기에 대해 간단히 검토해 보았다.또한 개인정보보호기구가 갖추어야 할 세부적인 기능과 권한을 사전예방적 차원과 사후구제적인 차원으로 나누어 그 강화방안에 대해 살펴보았다.이상 개인정보의 보호를 위하여 관련 법률을 보다 실효성 있게 정비하고 이를 효과적으로 집행,운영하며 개인정보의 감독과 보호기능을 충실히 이행 할 수 있는 독립적, 통합적이며 체계 일관적인, 또한 강력한 권한을 가진 개인정보보호기구의 필요성이 절실하다. Today, thanks to the development of communication science and technology and the spread of the Internet, people can access and use information easily at any time and in any place, and this has brought various changes and benefit to every area of people’s life. However, as an infinite volume of information is distributed, collected, processed and integrated speedily, the abuse and misuse of information is emerging as a serious problem. In particular, the indiscreet use and management of personal information is exposing individuals’ privacy to high risk.Thus, in order to prevent the abuse and misuse of personal information and to protect individuals’ privacy to the maximum, the present study considered how to improve relevant that execute the laws.Chapter I briefly described the objectives, the scope and the methods of this research.Chapter II discussed the concept of personal information and the importance and necessity of its protection as the ground of public law for personal information protection. In addition, it examined the right to control personal information as a basic right for personal information protection, with which the subject of information can control and decide when, to whom and to what extent his/her information will be disclosed and used.Chapter III introduced three standards in international society, which were established as efforts to protect personal information.First, we closely examined the trends of personal information protection by international organizations including The OECD’s Eight Principles of F.I.P and The Guidelines for the Regulations of Computerized Personal Data Files in U.N. as well as The Guideline on Personal Information Protection in E.U. Until now, these standards suggested to many countries the basic directions of personal information protection and affected their relevant regulations.In addition, this chapter studied policies and laws related to personal information protection in major countries including Germany, the U.K. France, Canada, the U.S. and Japan. As the six countries are world leaders in social and cultural consciousness and legal systems related to personal information protection and their efforts present desirable models, we need to compare our legal system with theirs.Next, this chapter analyzed the legal system for personal information protection in Korea. Not a few problems have been caused by the vacuum of personal information protection resulting from the dual legal system that separates public sectors from private sectors and by confusion in the scope of personal information protection stipulated differently by individual laws. These problems may be solved by unifying and improving laws related to personal information protection, which will improve the integrity of protection principles, enable the making of consistent policies and fill vacuums in protection.Chapter IV examined organizations for personal information protection because an appropriate authority in charge of prevention of and relief from the abuse and misuse of personal information is required for the effective execution of laws and policies for personal information protection. First, a close examination was made on the characteristics and operation of personal information protection authorities in major developed countries as discussed in Chapter III, and Korean authorities related to personal information protection were examined.Problems derived from the comparison were vacuums in protection because personal information protection authorities in Korea are divided into public and private sectors and again into individual laws and the too weak authorities and functions of authorities for attaining the goals of protection due to lack of independency.Chapter V discussed how to improve personal information protection authority, which is the core of this research.First, the authorities can carry out fair protection and supervision when they are independent from governmental agencies related to personal information. In addition, although a wholly independent organization is desirable to guarantee the utmost independency, but because the effectiveness of the protecting and supervising functions cannot be neglected, it is necessary to make a harmony and compromise between independency and effectiveness.Secondly, in the discussion on the integration of authorities divided into public and private sectors, if they are integrated into a single institution, the resultant integrated law can also be applied efficiently and the subjects of information can know easily where and how their information is processed and be confident in information protection. Furthermore, through the single channel, the victims of privacy violation can be relieved more easily and quickly.Finally, this chapter discussed the standing of the integrated authority in connection with independency, and considered its organization, the composition of the committee members, the method of appointing the members and their term of service. In addition, it discussed detailed functions and rights required to the personal information protection authority and how to strengthen them from the perspectives of prevention and post relief.As discussed above, it is keenly required to improve laws for the protection of personal information to be more effective, to execute and operate the laws more efficiently, and to organize an independent personal information protection institution with integrated powerful authority for the faithful performance of its functions to supervise and protect personal information.

개인정보보호책임자의 개인적·조직적 특성이 조직의 개인정보보호 성과에 미치는 영향 연구

강은성 연세대학교 정보대학원 2017 국내석사

As social concerns regarding personal information protection have risen and regulations strengthened, designation of Chief Privacy Officer (CPO) became a legal obligation for organizations managing personal information. However, most CPOs in Korea today cannot fully focus on personal information protection: they are also responsible for other tasks. Therefore, personal information managing organizations must be very careful when considering the qualifications of CPOs and their working environments to protect personal information and prevent personal information incidents. So information managing organizations very careful about qualification of CPO's and their working environment to protect personal information and to prevent personal information incidents. This study explores personal and organizational characteristics of CPOs which make an impact on organizational performance regarding personal information protection. Meanwhile, there have been studies which investigate the relation between personal characteristics including demographic characteristics like age and education, functional background like marketing, research & development, and organizational performance, the relation between organizational characteristics including organizational structure, report line, and centralized decision-making and organizational performance. Based on existing research, this study tries to examine the relation between authority centralization about which develops CPO's centralized decision-making and organizational performance of personal information protection, and also between CPO's information security related experience and organizational performance of personal information protection. As a result the former turned to be significant positive and the latter insignificant. 사회적으로 개인정보보호에 관한 관심이 커지고 규제가 강화되면서 개인정보처리 사업자는 개인정보보호책임자를 선임해야 할 법적 의무가 생겼다. 하지만 업무의 중요성에 비해 현장에서 개인정보보호책임자를 전담하는 인력은 매우 드물다. 따라서 사업자들은 어떤 인력을 선임하고, 어떤 업무 환경을 만들어줘야 개인정보 사고가 발생하지 않고 개인정보를 잘 보호할 수 있을지 늘 고민하게 된다. 이 연구는 개인정보보호책임자의 어떠한 개인적•조직적 특성이 조직의 개인정보보호 성과에 영향을 미치는지 알아보려는 시도이다. 그 동안 나이나 교육수준 등 인구통계학적 특성, 마케팅이나 연구개발과 같은 기능적인 백그라운드 등 조직 리더의 개인적 특성과 조직의 성과의 관계, 그리고 조직의 구조, 보고 라인, 의사결정의 집중도 등 조직의 특성과 조직 성과의 관계를 규명하려는 연구가 있어 왔다. 이 연구에서는 기존의 연구 위에서 조직적 특성 중 하나인 의사결정의 집중도를 개인정보보호조직에 적합하게 구성한 개인정보보호책임자의 권한 집중도와 조직의 개인정보보호 성과의 관계, 그리고 개인적 특성으로서는 개인정보보호책임자의 정보보호 관련 경험도와 조직의 개인정보보호 성과의 관계를 살펴보고자 하였다. 그 결과 전자는 정(+)의 유의적 관계가 있음이 나타났고, 후자는 유의적 관계가 나타나지 않았다.

정보 제공 경험이 개인정보위험 인식에 미치는 영향에 관한 연구 : 전자상거래 이용 경험을 중심으로

이아라 서울대학교 대학원 2020 국내석사

With the development of information and communication technology (ICT), the boundary between online and offline has been disappearing and the base of daily life has been shift to the digital. In order to experience diverse services, providing personal information becomes necessary and the government and private companies provide customized services with utilizing the citizens’ personal information. As data and its utilization increase, the convenience of daily life also has been enhanced and familiar. However, the value of personal information increase, simultaneously, the users’ anxiety over leakage on their information also rises. In this respect, this paper attempts to empirically verify the influence of providing personal information on the risk perception of personal information and tries to figure out if the information provision types make any difference on its relationship. E-commerce experience is selected in this paper because it is a typical form of personal information providing experience. The analysis is conducted with the raw data of Korea Media Panel Survey from 2016 to 2019 done by the Korea Institute for Information and Communication Policy. The results show that it is statistically significant that individuals who experienced E-commerce are more aware of personal information risk than individuals who are not. Thus, more diverse use of E-commerce enhances the recognition of personal information risk. After examining that the activity of providing personal information could increase the recognition of personal information risk when using E-commerce, this research analyzed which type of E-commerce affects the recognition of personal information risk the most by multiple regression model. For the analysis, personal information risk awareness was set as a dependent variable and TV home shopping experience, domestic online shopping experience, overseas direct purchase experience, and personal transaction use experience were selected as independent variables. The positive linear relationship is detected only in TV home shopping experience variable. This study utilizes panel data to examine changes in the perception of individuals and the results show that few variables are verified statistically. There are no statistically significant variables except TV home shopping but some implications were found in the regression coefficients. Given that the regression coefficients of domestic online shopping malls, overseas direct purchases, and transactions between individuals all have (+) values, it is believed that individuals with experience in using E-commerce, although they have not been statistically verified, are more likely to be aware of personal information risks than individuals who have not. To sum up, user needs to recognize the value of personal information and to be wary of indiscreet use, and the government needs to provide educations and policies to protect personal information. However, excessively comprehensive regulations on the collection and processing of personal information to protect personal information may retrogress the trend of the big data era. Therefore, selective and careful approach on the regulations to protect personal information should be needed. In addition, excessive emphasis on personal information protection for individuals with vague apprehensions that personal information could be violated could undermine the Internet's essential meaning of spreading and sharing free information. Therefore, efforts should be made to find a proper balance so that information can be used well at the national level while enhancing the value of personal information and improving awareness through information protection education. 정보통신기술(ICT)이 발전하면서 세상은 온라인과 오프라인의 경계가 없어지고 삶은 디지털 기반으로 옮겨가고 있다. 다양한 서비스를 경험하기 위해 개인정보를 제공하는 것이 필수적이고 기업과 정부는 개인이 제공한 정보를 토대로 개인에게 맞춤화된 서비스를 제공한다. 이처럼 데이터 수집과 이용이 증가함에 따라 일상에서 주는 편리함이 늘어났고 어느새 익숙해져 왔다. 그러나 개인정보의 경제적 가치가 커짐과 동시에 개인정보 유출에 대한 불안감도 높아지고 있다. 이 논문에서는 개인정보 제공 경험이 개인정보위험 인식에 어떠한 영향을 미치는지에 대해 통계적으로 유의미한지 알아보고 정보 제공 유형에 따라 차이가 존재하는가를 통해 이들의 관계를 규명하고자 하였다. 이는 개인정보 제공 경험의 대표적인 형태인 전자상거래로 살펴보았다. 정보통신정책연구원의 2016년부터 2019년까지 4개년의 한국미디어패널조사 원자료(raw data)를 이용하여 다중회귀모형을 통해 분석해보았다. 분석 결과, 전자상거래를 이용한 경험한 개인이 그렇지 않은 개인보다 개인정보위험 인식이 통계적으로 유의미하게 더 높은 상태에 있었고 전자상거래를 다양하게 이용할수록 개인정보위험 인식을 높게 느끼는 것을 확인하였다. 전자상거래를 사용하면서 개인정보를 제공하는 행동이 개인정보위험 인식을 더 높인다는 것을 확인한 이후에는 어떤 유형의 전자상거래를 사용하는 것이 개인정보위험 인식에 더 영향을 미치는지에 대해 분석해보고자 다중회귀분석을 통해 검증해보았다. 개인정보위험 인식을 종속변수로 설정하고 TV홈쇼핑 이용 경험, 국내 온라인 쇼핑몰 이용 경험, 해외직접구매 이용 경험, 개인 간 거래 이용 경험을 독립변수로 검증을 수행한 결과 TV홈쇼핑 이용 경험에서만 양의 선형관계를 확인할 수 있었다. 본 연구는 패널데이터를 사용하여 연구대상인 개인의 인식 변화를 살펴보았는데 일부 변수들이 통계적으로 상당히 유의미하게 검증되었음을 확인할 수 있었다. TV홈쇼핑을 제외한 나머지 변수에서 통계적으로 유의미하게 검증된 변수는 없었지만, 회귀계수에서는 어느 정도 시사점을 발견할 수 있었다. 국내 온라인 쇼핑몰과 해외직접구매, 개인 간 거래의 회귀계수가 모두(+)의 값을 가지는 점을 볼 때, 비록 통계적으로 유의미하게 검증되지는 않았으나 각각의 전자상거래를 이용해본 경험이 있는 개인이 그렇지 않은 개인에 비해 개인정보위험 인식이 높을 가능성이 충분히 존재할 수 있다고 판단된다. 연구결과를 종합해볼 때, 정책적으로는 개인이 개인정보에 대한 가치를 인지하고 무분별한 활용을 경계하는 태도가 필요하며 정부는 개인정보를 보호할 수 있는 교육 및 정책이 필요하다. 그러나 개인정보를 보호하기 위해 개인정보를 수집 및 처리하는 것을 지나치게 포괄적으로 규제하는 것은 오히려 빅데이터 시대의 흐름에 역행하는 행동일 수 있다. 따라서 개인정보를 보호하기 위한 규제는 선택적인 규제의 모습을 지향해야 한다. 또한 개인정보가 침해될 수 있다는 막연한 불안감이 있는 개인들에게 개인정보보호를 지나치게 강조하는 것은 자유로운 정보의 확산과 공유라는 인터넷의 본질적 의미를 훼손시킬 수 있다. 따라서 개인정보의 가치를 높여주고 정보보호 교육을 통해 인식을 향상시켜 주면서 동시에 국가적인 차원에서 정보를 잘 활용할 수 있도록 적절한 균형점을 찾는 노력이 필요하다고 생각된다.

의료종사자의 환자 개인정보 보호에 대한 인식과 태도

박하 경북대학교 보건대학원 2013 국내석사

This study is done to investigate the understanding and attitude of medical practitioners toward protecting client's personal information. The survey is done from March 4th to March 3th, 2013 on 524 medical practitioners in 3 general hospitals located in Andong City, Kyungsangpook-do. According to the survey, 55.7% agreed that the name of the client can be exposed. However, 68.7% answered social security number should not be exposed, 57.1% answered the address and 55.9% answered the phone number should not be exposed. 93.7% said they don't agree on making inquiries on client's personal information through the phone and 90.1% said it should not be allowed to talk about the details of client's personal information in public. 75.6% answered that they received a training on protecting client's personal information and 16.6% answered that they received a formal objection or a claim by the exposure of client's personal information. * A thesis submitted to the Committee of the Graduate School of Public Health, Kyungpook National University in partial fulfillment of the requirements for the degree of Master of Public Health in June 2013. As a result of investigating the attitude on exposing client's personal information in hospitals, 38.0% said that they announce the case of the client with rare medical case in conferences or journals, 46.0% said they provide the information if the prosecution, police or the court requests for it, 37.0% said that the expose the information when it is requested by the government for making policies or performing an assessment, and 53.1% said that they expose the information when it is used for evaluating the cost of medical insurance. 90.8% said the client has the right to expose the medical record, 73.1% said legal guardian is responsible for it (if the client is underaged). However, 38.0% said the doctors are not authorized to expose the medical record and 56.1% said the nurses are not authorized. 88.8% said the doctors are allowed read client's medical record, 78.7% said the nurses, 21.3% said the nurse's assistant, 25.4% said medical technician and 15.6% said the administrative personnel are allowed to read medical records. As computerization of information in the hospital gets developed, 40.8% disagreed that personal information is less protected than the record written in paper and 51.2% answered that they don't give client's personal information to the other people. 74.8% agreed that the client should agree on transfer of personal information between different medical institutions. 78.8% said that they use their own ID when accessing medical information system, 67.2% said they always log out after using medical information system, 43.3% said that they change their password regularly, 66.0% said that they try not to expose the ID and password to the others and 72.9% said it is wrong to access the system using their coworker's ID as a result of investigating the survey on authority and responsibility upon using computerized system for personal medical information. 69.8% said they understand that they are differently authorized for using the data depending on personal task, and 72.9% said that they agree on limiting the authority for accessing client's medical information to protect client's personal information. 46.6% said that they use shredder when discarding client's information printed out in the paper and 56.7% said they check the document proving the family relationship before issuing certificates on personal record. Through this study, the understanding and attitude of medical practitioners on protecting client's personal information are shown. Also, it is realized how important the client's personal information is and why it should be protected. Thus, medical institutions should establish the system that can provide the detailed training and reinforce the ethics on protecting personal information as well as regulate the access of the people who does not have an authority to access the medical information while strengthening systematic security of medical information. In addition to that, regulation and instructions on acceptance range for opening medical information and measures should be made in order for medical practitioners to grasp the policy and instructions precisely and carry out the task in the hospital.