Improvement of Existing Internet Network Blocking Measures
In the future, it will be possible to analyze and utilize personal information using artificial intelligence (AI) and cloud technologies.
On the 12th, the Personal Information Protection Commission announced the "Improvement Plan for Internet Network Blocking Measures on Personal Information Processing Systems."
If appropriate protective measures such as data pseudonymization and encryption are applied in personal information processing systems to prevent personal information leakage and block illegal access, technologies like AI and cloud can be utilized. The use of external analysis tools such as Software as a Service (SaaS) for marketing data analysis and research and development will also become possible.
Until now, it was mandatory to block internet network access on computers used by personal information handlers accessing personal information processing systems. Going forward, personal information processors will be able to design the level of internet network blocking themselves based on risk analysis according to their internal management plans.
However, to minimize threats, three major improvement directions were presented: ▲differentiated application of blocking levels according to risk, ▲prevention of protection level degradation through strengthening the responsibility of personal information processors, and ▲enhancement of support for personal information processors.
First, through risk analysis of computers subject to blocking, handler computers will be classified into three levels, and blocking levels will be applied differentially. Personal information processors will be allowed to relax restrictions by permitting limited internet network access under equivalent protective measures for low-risk and medium-risk computers, in addition to internet network blocking, based on risk classification through internal management plans. High-risk computers, such as those with access rights to personal information databases (DB), will maintain the mandatory internet network blocking measures as before.
Personal information processors must prevent degradation of protection levels by strengthening their responsibilities. The Personal Information Protection Commission encourages processors to devise appropriate security measures by analyzing the status and location of computers and handlers, as well as the sensitivity of the personal information handled. Furthermore, it plans to recommend regular inspections to verify whether established security measures are properly operated and to conduct periodic re-evaluations and supplementary actions for any necessary improvements.
Lastly, support for personal information processors will be strengthened. A dedicated technical support team will be formed to provide customized one-stop support services such as status diagnosis and consultation for personal information processors wishing to apply equivalent protective measures. The team will also pre-review whether the protective measures to be applied by businesses correspond to internet network blocking measures, thereby eliminating uncertainties for personal information processors.
Ko Hak-su, Chairman of the Personal Information Protection Commission, stated, "With the improvement of the internet network blocking measure system, it is expected that analysis tools necessary in the field, such as AI and cloud, can be safely utilized." He emphasized, "However, personal information processors must make special efforts to ensure that this does not lead to a decline in personal information protection levels."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
