Data De-identification Framework  

作　　者：Junhyoung Oh Kyungho Lee 

机构地区：[1]Center for Information Security Technologies,Korea University,Seoul,02841,Korea [2]School of Cybersecurity,Korea University,Seoul,02841,Korea

出　　处：《Computers, Materials & Continua》2023年第2期3579-3606,共28页计算机、材料和连续体（英文）

摘　　要：As technology develops,the amount of information being used has increased a lot.Every company learns big data to provide customized services with its customers.Accordingly,collecting and analyzing data of the data subject has become one of the core competencies of the companies.However,when collecting and using it,the authority of the data subject may be violated.The data often identifies its subject by itself,and even if it is not a personal information that infringes on an individual’s authority,the moment it is connected,it becomes important and sensitive personal information that we have never thought of.Therefore,recent privacy regulations such as GDPR(GeneralData ProtectionRegulation)are changing to guarantee more rights of the data subjects.To use data effectively without infringing on the rights of the data subject,the concept of de-identification has been created.Researchers and companies can make personal information less identifiable through appropriate de-identification/pseudonymization and use the data for the purpose of statistical research.De-identification/pseudonymization techniques have been studied a lot,but it is difficult for companies and researchers to know how to de-identify/pseudonymize data.It is difficult to clearly understand how and to what extent each organization should take deidentification measures.Currently,each organization does not systematically analyze and conduct the situation but only takes minimal action while looking at the guidelines distributed by each country.We solved this problem from the perspective of risk management.Several steps are required to secure the dataset starting from pre-processing to releasing the dataset.We can analyze the dataset,analyze the risk,evaluate the risk,and treat the risk appropriately.The outcomes of each step can then be used to take appropriate action on the dataset to eliminate or reduce its risk.Then,we can release the dataset under its own purpose.These series of processes were reconstructed to fit the current situation by analyzin

关 键 词：PRIVACY de-identification ANONYMIZATION pseudonymization information security 

分 类 号：TP311.13[自动化与计算机技术—计算机软件与理论]