As members of POSTECH, we all have identity cards that prove that we are part of the Postechian community. Some obvious uses of these smart cards are access to enter certain buildings, attendance, and e-cash. Though these may seem harmless, these records can become use to other organizations. For example, whenever we enter a certain building in POSTECH, we need to use our identity cards as a ticket to enter. Though this is used for the purpose of giving access to certain buildings, in a sense, it is also a form of GPS. Whenever we check in with our identity cards, it records information such as its number, time, and location. From the instance people write applications to POSTECH, whether they are students, staffs, or faculty members, their personnel data becomes part of the POSTECH life cycle. Then how are these personal information managed? The security on personal information can be seen from the perspectives: regulation and technology.
Once Postechians enter the life cycle, their data is stored and accessible. Obviously, personal data such as cellphone numbers, home addresses, and resident registration number are not publicized. There are, however, cases in which staffs need to gain access for business work. In this case, those with authority to Postechians’ personal information are also under supervision. For the majority of cases, POSTECH follows the regulations on the national law for dealing with personal information. Though rare, if there’s a case in which an organization asks for personal information, such as the location of a particular person at a particular time, POSTECH gains consent before handing it over. Depending on the data, the duration in which the information is stored is different. For example, a school register record is only disposed of when the person the information pertains to is dead.
On the technology side, POSTECH mainly uses SAP, an enterprise resource planning (ERP) software. Every Postechian’s information is stored in its database. Though there are firewalls that protect the personal information, in case someone does retrieve it, the information has encryptions to protect it. At the moment, the most problematic issue is that there are cases in which resident registration numbers are revealed through websites. Because research labs’ and departments’ websites are not regulated by the Information Technology Service team, at the moment it is out of the team’s reach to protect the personal information. Most often, information is revealed by uploading documents with important information. In 2012, there were 11 cases in which personal information was exposed, and in 2013, seven. To prevent this more funding and time are necessary. Moreover, this requires great caution from the administrators of websites.
On the safe side, it is noted that hackers do not usually try to invade universities’ security programs. They are less likely to be targets of invasion. However, for stronger security, there needs to be more funding, time, and manpower.