KAPIE

lee jewon Professional Engineer

In the context of the public sector’s transition to the National Network Security Framework (N2SF) and the ongoing amendments to the Personal Information Protection Act, this session presents a practitioner’s checklist for securely leveraging AI and cloud services while ensuring the protection of personal data.

The session first introduces the key risks and controls across the Personal Information Lifecycle (Collection ? Storage ? Use ? Provision ? Disposal), and then outlines protection measures along with implementation models (on-premise, API-based, and global services), illustrated through public-sector case studies.

In addition, the session highlights essential checkpoints, including default no-store/no-train settings, data residency, transport security (mTLS and DLP), SLAs for data subject rights requests, and chain-of-deletion practices.

Finally, the session concludes with an actionable checklist and evidence-management guidelines that enable practitioners to immediately apply security practices, conduct self-assessments, and foster continuous improvement within their organizations.