AsianLII Home | Databases | WorldLII | Search | Feedback

Selected Statutes of the Republic of Korea
You are here:  AsianLII >> Databases >> Selected Statutes of the Republic of Korea >> Act on the protection of personal information maintained by public institutions

Database Search | Name Search | Noteup | Download | Help

Act on the protection of personal information maintained by public institutions

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

ACT ON THE PROTECTION OF PERSONAL INFORMATION

MAINTAINED BY PUBLIC INSTITUTIONS

Act No. 4734, Jan. 7, 1994

Amended by Act No. 5715, Jan. 29, 1999

Act No. 8387, Apr. 27, 2007

Act No. 8448, May 17, 2007

Act No. 8852, Feb. 29, 2008

Act No. 8871, Feb. 29, 2008

CHAPTER GENERAL PROVISIONS

Article 1 (Purpose)

The purpose of this Act is to secure proper execution of public affairs and to further protect the rights and benefits of all citizens by establishing necessary guidelines concerning protection of private information managed
by such equipment with functions for processing, transmitting and receiving
information as computers or closed-circuit televisions of public institutions.

<Amended by Act No. 8448, May 17, 2007>

Article 2 (Definitions)

The definitions of terms used in this Act shall be as follows: <Amended by Act No. 8448, May 17, 2007>
1. The term public institution means any national administrative agency,
local government, or any other public institutions provided by Pres- idential Decree;
2. The term private information means information concerning a living
person including the full name, resident registration number or images, etc., by which the individual concerned can be identified (including
information by which the individual concerned cannot be identified
but can be identified by simple combination with other information);
3. The term management means to input, store, edit, search, delete or output information, including other similar acts, by using such equip-
ments with functions for processing, transmitting and receiving in-

- 1 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

formation as computers or closed-circuit televisions (hereinafter referred to as computers or such ): Provided, That the functions of
simple operation, such as drawing up documents provided by Pres- idential Decree shall be excluded;
4. The term private information file<.. image removed ..>means the aggregate which is
systematically composed, to be processed by computers or such, of pri-
vate information recorded on such electronic media as magnetic tapes
or discs;
5. The term managed information means private information recorded
on a private information file;
5-2. The term closed-circuit television means any equipment through
which a specific person may receive instantaneous images of a still
or moving object and voices or sound therefrom;
6. The term possession means composing, acquiring, maintaining, or
managing private information files (including cases to consign the
management of private information to another institution or organi-
zation but excluding cases to be consigned from another institution
or organization);
7. The term institution in possession means any institution in charge
of maintaining private information files; and
8. The term subject of information means a person being identified by
the managed information and therefore the subject of the information
concerned.

Article 3 (Relation to other Acts)

(1) With respect to the protection of private information managed by computers or such of public institutions, except as otherwise provided by other Acts, this Act shall apply. <Amended by Act No. 8448, May 17, 2007> (2) With respect to the protection of private information managed by computers or such of a public institution, gathered under the Statistics Act, and gathered or requested to provide for the purpose of information analysis related to national security, this Act shall not apply. <Amended

by Act No. 8387, Apr. 27, 2007; Act No. 8448, May 17, 2007>

Article 3-2 (Principles of Protection of Private Information)

(1) Where collecting private information, the head of a public institution
shall clarify the purpose, collect it lawfully and reasonably within the
minimum scope necessary for the purpose, and not use, other than the
intended purposes.

- 2 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

(2) The head of a public institution shall guarantee managed information
is accurate and kept up-to-date and ensure such information is safely
protected.
(3) The head of a public institution shall clarify responsibilities for manage-
ment of private information.
(4) The head of a public institution shall open to the public such matters
concerning management of private information as collection or use of pri-
vate information, and where managing private information, he/she shall
guarantee rights of the subject of information such as the right to request
to review managed information.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

CHAPTER COLLECTION AND MANAGEMENT OF PRIVATE INFORMATION

Article 4 (Collection of Private Information)

(1) The head of a public institution shall not collect private information that may noticeably infringe on fundamental personal rights of a person such as ideas and belief: Provided, That in cases where the subject of information consents or in cases where the subject of collection is specifi- cally pointed out by other Acts, the same shall not apply.
(2) Where collecting private information, the head of a public institution shall guide the subject of information to easily review details thereof, on legal grounds and the purpose of collection, and the scope of use of private information and rights of the subject of information, via documents (including electronic documents under subparagraph 5 of Article 2 of the Electronic Government Act; hereinafter the same shall apply) or the In- ternet homepage or such: Provided, That this shall not apply to cases of collecting private information to keep private information files falling under any of subparagraphs of Article 6 (3). <NewlyInsertedbyActNo.8448,

May 17, 2007>

Article 4-2 (Installation, etc. of Closed-circuit Televisions)

(1) When necessary for the public interest such as prevention of crimes
or traffic control, the head of a public institution may have closed-circuit
televisions installed, through a prior collection of opinions of relevant
specialists and the interested persons, after undergoing the procedures

- 3 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

prescribed by Presidential Decree, such as a public hearing under sub-
paragraph 6 of Article 2 of the Administrative Procedures Act (herein-
after referred to as public hearing ).
(2) No closed-circuit television installed shall be at will manipulated out
of the scope of the purpose of installation, show other places or use sound
recording function.
(3) When having closed-circuit televisions installed, the head of a public
institution shall take necessary measures, for the subject of information
to recognize them easily, such as installation of a direction board stating
matters falling under each of the following subparagraph:
1. Purpose and places of installation;
2. Scope of recording and time;
3. Responsible manager and contact numbers.
(4) Paragraph (3) may not apply to facilities determined by Presidential
Decree such as nuclear power plants, etc. from among essential national
facilities related to security of the State.
(5) Necessary matters for installation of closed-circuit televisions or
direction boards shall be prescribed by Presidential Decree.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 4-3 (Entrustment of Installation or Management of Closed-Circuit

Televisions)

(1) The head of a public institution may entrust affairs concerning instal-
lation or management of closed-circuit televisions.
(2) Necessary matters for qualification requirements for the trustees
under paragraph (1), procedures of entrustment, etc. shall be prescribed
by Presidential Decree.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 5 (Extent of Possessing Private Information File)

Any public institution may possess as many private information files as necessary to properly execute jurisdictional operations. <Amended by Act

No. 8448, May 17, 2007>

Article 6 (Prior Consultation on Possession or Modification of Private

Information Files)

(1) Where the head of a public institution intends to possess private information files (excluding cases of possessing of information managed and provided by other public institutions), he/she shall consult with the Minister of Public Administration and Security on matters falling under the following subparagraphs. The same shall apply to cases where he/she

- 4 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

intends to modify any matter falling under any of the following subpara-
graphs: <AmendedbyActNo.5715,Jan.29,1999;ActNo.8448,May17,2007;ActNo.

8852, Feb. 29, 2008>

1. Titles of private information files;
2. Purpose of possession of private information files;
3. Title of the institution in possession;
4. The scope of individuals and items recorded on private information
files;
5. Title of the institution, if any, to which collection guidelines for private
information or managed information is normally to be tendered;
6. Expected period of inspection of private information files;
7. The extent of restrictions on the inspection of managed information
and its reasons;
8. Other matters prescribed by Presidential Decree.
(2) Where the head of a public institution, other than the head of a central
administrative, intends to have consultation under paragraph (1), he/she
shall submit relevant documents via the relevant central administrative
agencies. <Newly Inserted by Act No. 8448, May 17, 2007>
(3) The guidelines of paragraph (1) shall not be applicable to private
information files prescribed by any of the following subparagraphs:

<Amended by Act No. 8448, May 17, 2007>

1. Recorded private information files on matters pertaining to national security, diplomatic secrets, or other matters of vital national interest;
2. Recorded private information files on matters pertaining to an in- vestigation of crimes, introduction and maintenance of prosecution, the execution of a sentence, handling of a rectification, handling of the public security, or immigration control;
3. Recorded private information files on matters pertaining to an in- vestigation of infringement on taxes under the Punishment of Tax
Evaders Act and an investigation of infringement on customs duties under the Customs Act;
4. and 5. Deleted; <by Act No. 8448, May 17, 2007>
6. Private information files used solely for internal operations of the
institution in possession;
7. Deleted; <by Act No. 8448, May 17, 2007>
8. Other private information files equivalent thereto and prescribed by
Presidential Decree.

- 5 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

(4) Where other Acts prescribe that the head of a relevant central admin-
istrative shall determine the standards of public institutions possession of private information files, notwithstanding paragraph (1), consultation
on the standards of possession thereof may substitute such consultation as set forth in paragraph (1). In such cases, consultation with the Minister
of Public Administration and Security shall be conducted by the head
of the relevant central administrative. <NewlyInsertedbyActNo. 8448, May

17, 2007; Act No. 8852, Feb. 29, 2008>

(5) Where the Minister of Public Administration and Security conducts
consultation in accordance with paragraph (1) or (4), he/she may request the Deliberation Committee on the Protection of Private Information
Maintained by Public Institutions under Article 20 to deliberate on matters consulted, if he/she finds it necessary to protect private information. <Newly

Inserted by Act No. 8448, May 17, 2007; Act No. 8852, Feb. 29, 2008>

Article 7 (Public Announcement of Private Information Files)

The Minister of Public Administration and Security shall make a public announcement of matters consulted under Article 6 (1) or (4), at least once a year on the Official Gazette or the Internet homepage, prescribed by Presidential Decree. <Amended by Act No. 8852, Feb. 29, 2008>

[This Article Wholly Amended by Act No. 8448, May 17, 2007]

Article 7-2 (Policies on Protection of Private Information)

(1) The head of an institution in possession shall make policies on protec- tion of private information including matters falling under the following subparagraphs:
1. Matters referred to in each subparagraph of Article 6 (1): Provided,
That this shall not apply to matters regarding private information files
under subparagraphs of Article 6 (3);
2. Full names, departments, positions, phone numbers and other contact numbers of officials in charge of management of private information
under Article 20-2;
3. Matters regarding the protection of private information collected through Internet homepages such as information files of connection
to Internet homepages;
4. Other necessary matters for protection of private information.
(2) Where the head of an institution in possession has determined policies
on protection of private information under paragraph (1), he/she shall

- 6 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

publish the details on the Official Gazette or the Internet homepage.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 8 (Preparations for Private Information File Register)

The head of an institution in possession, excluding the private information files falling under any subparagraph of Article 6 (3), shall prepare a register stating the matters under subparagraphs of Article 6 (1) by private in- formation file possessed by the relevant institution (hereinafter referred to as private information file register ) and open it for the public.

[This Article Wholly Amended by Act No. 8448, May 17, 2007]

Article 9 (Securing Safety, etc. of Private Information)

(1) The head of a public institution shall devise measures to secure safety against loss, theft, leakage, forgery or impairment, when managing pri- vate information, or transmitting or receiving private information files via an information and communication network under subparagraph 7 of Article 2 of the Electronic Government Act (hereinafter referred to as in- formation and communication network ). <Amended by Act No. 8448, May 17,

2007>

(2) The head of a public institution may entrust other public institutions or relevant specialized organizations with affairs regarding management of private information, and in such cases, he/she shall take necessary mea- sures to secure safety against loss, theft, leakage, forgery or impairment of private information. <Newly Inserted by Act No. 8448, May 17, 2007>
(3) Necessary matters for methods, procedures of entrustment, etc. under paragraph (2) shall be determined by Presidential Decree. <NewlyInserted

by Act No. 8448, May 17, 2007>

(4) Where the head of a public institution intends to entrust affairs regarding
management of private information pursuant to paragraph (2), he/she
shall make a prior notice of the fact on the Official Gazette or the Internet
homepage. <Amended by Act No. 8448, May 17, 2007>
(5) With respect to a person consigned to manage private information from
a public institution, the conditions set forth in paragraph (1) shall apply

mutatis mutandis.

Article 9-2 (Personal Identity Confirmation on Internet)

(1) The head of a public institution shall take necessary measures to secure safety against forgery, leakage or theft or impairment of private informa- tion such as the resident registration number or full name during proc- essing personal identity confirmation on the Internet.

- 7 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

(2) The Minister of Public Administration and Security may take various
measures such as reforming relevant Acts and subordinate statutes, making
plans or establishing necessary facilities or systems, to support necessary
measures to secure safety set forth in paragraph (1). <Amended by Act No.

8852, Feb. 29, 2008>

(3) When promoting various measures under paragraph (2), the Minister
of Public Administration and Security may request the head of a relevant
public institution for cooperation, and the head of the relevant public
institution, in receipt of such request shall comply with it, unless special
circumstances exist to the contrary. <Amended by Act No. 8852, Feb. 29, 2008>

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 10 (Restrictions on Use of or Tender of Managed Information) (1) The head of the institution in possession shall not allow managed information to be used or provided for purposes other than those of pro- cessing private information files concerned, except for allowing persons inside or outside the institution to use or providing it pursuant to other Acts. <Amended by Act No. 8448, May 17, 2007>

(2) Where allowing managed information to be used or provided cor-
responding to the purpose of possession, the head of the institution in
possession shall restrict the scope of use or provision to a minimum necessary
to perform their duties. <Newly Inserted by Act No. 8448, May 17, 2007>
(3) The head of the institution in possession, in cases falling under any
of the following subparagraphs, despite the guidelines of paragraph (1),
may allow managed information to be used or provided for purposes other than those of possession of private information files: Provided, That even
in cases falling under any of the following subparagraphs, when it is deemed the rights and benefits of the subject of information or a third party could be unreasonably infringed on, the same shall not apply: <AmendedbyAct

No. 5715, Jan. 29, 1999; Act No. 8448, May 17, 2007>

1. Where the subject of information consents to use or tender information or where information is tendered to the subject of information;
2. Where other institutions cannot perform competent duties prescribed in other Acts, if the institution in possession does not allow to use or tender managed information for purposes other than the purpose of possession and undergo deliberation by the Deliberation Committee on the Protection of Private Information Maintained by Public Institu- tions under Article 20;

- 8 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

3. Where information is tendered to foreign governments or international
organizations for the purpose of fulfilling treaties and other interna-
tional agreements;
4. Where information is tendered in a form by which a certain person
cannot be identified for purposes of preparing statistical data and
conducting scientific research ;
5. Where allowing to use or tendering information to other parties than
the subject of information is deemed to be clearly beneficial to the
subject of information in cases where the subject of information or his/
her legal representative is unable to express his/her opinion or gaining
his/her consent is impossible due to the obscurity of his/her address;
6. Where it is necessary for presenting and maintaining an investigation
or prosecution of crimes;
7. Where it is necessary for execution of judicial operations of a court;
8. Deleted. <by Act No. 8448, May 17, 2007>
(4) When allowing to use or tendering managed information to a person
who is not the subject of information as set forth in paragraph (3) 2 through
7, the head of the institution in possession, in regards to the recipient
of the managed information, shall restrict the purpose or measure for use
as well as other necessary matters or request for devising of necessary measures
to secure the safety of the managed information, and the information
recipients who receive such request shall take measures to secure security
of the managed information. <Amended by Act No. 8448, May 17, 2007>
(5) Any recipient who has been tendered managed information from the
institution in possession shall not allow to use or tender such information
to a third party without consent of the institution in possession. <Amended

by Act No. 8448, May 17, 2007>

(6) Where allowing to use or tendering information for other purposes than the purpose for possession pursuant to paragraph (3) 2 through 5 or 7, the head of the institution in possession shall announce necessary matters regarding the legal grounds, purposes, and scope of allowance to use or tender on the Official Gazette or the Internet homepage for the subject of information to review. <Amended by Act No. 8448, May 17, 2007>

Article 10-2 (Destruction of Private Information Files)

(1) Where possession of private information files becomes unnecessary including cases where the purpose of possession of such information is achieved, the head of the institution in possession shall destruct such

- 9 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

private information files immediately: Provided, That this shall not apply
to cases where other Acts prescribe such files shall be preserved.
(2) Where destructing private information files pursuant to paragraph (1),
the head of the institution in possession shall announce the fact on the
Official Gazette or the Internet homepage: Provided, That this shall not
apply to cases where destructed private information files fall under any
of subparagraphs of Article 6 (3).
(3) Necessary matters for methods, procedures, etc. of destruction of pri-
vate information files shall be prescribed by Presidential Decree.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 11 (Duties of Person Handling Private Information)

Any person who is, or used to be an employee of the public institution in charge of management of private information or entrusted with duties of management of private information by a public institution and engages or has engaged in such job, shall not use information obtained in performing his/her duty for improper use such as leaking, managing without autho- rization or tendering such information for another person to use.

CHAPTER INSPECTION AND CORREC- TION, ETC. OF MANAGED INFORMATION

Article 12 (Inspection of Managed Information)

(1) The subject of information may request an inspection (including the accept of copies in form of the document; hereinafter the same shall apply) in writing, to the extent of what already has been recorded on the private information file register, of the managed information concerning himself/ herself to the head of the institution in possession. <Amended by Act No.

8448, May 17, 2007>

(2) When the head of the institution in possession receives an inspection request referred to in paragraph (1), excluding cases falling under any of subparagraphs of Article 13, he/she shall allow the applicant to inspect the managed information within ten days after the date of receipt of the official request. Where justifiable grounds not to allow the inspection within ten days exist, the applicant may be notified of such grounds, and the inspection may be delayed, but when the justifiable ground is extinguished, the inspection shall be allowed without delay. <Amended by Act No. 5715, Jan.

- 10 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

29, 1999; Act No. 8448, May 17, 2007>

Article 13 (Restrictions on Inspection of Managed Information)

The head of the institution in possession, when allowing the applicant to inspect the managed information, in cases falling under any of the following subparagraphs, may restrict the inspection of the managed information concerned as provided in Article 12: <AmendedbyActNo.5715,

Jan. 29, 1999; Act No. 8448, May 17, 2007>

1. In cases where it seriously interferes with execution of the operations concerned falling under any of the following items:
(a) Operations pertaining to the levy, collection, or reimbursement of
taxes;
(b) Operations of various schools under the Elementary and Secondary
Education Act and the Higher Education Act or lifelong education
institutions under the Lifelong Education Act pertaining to the
evaluation of merit or the selection of students for admission;
(c) Operations pertaining to evaluation and judgment on academic
background, skills, and examinations related to employment, judg-
ment on qualifications, assessment of compensation or payment,
etc.;
(d) Operations pertaining to an inspection and investigation of other
Acts;
(e) Deleted; <by Act No. 5715, Jan. 29, 1999>
(f) Other operations equivalent to items (a) through (d), and prescribed
by Presidential Decree;
2. In cases where it is feared to harm a persons life or inflict physical
harm or when there is fear of unjust infringement on property and
other benefits of a person;
3. Deleted. <by Act No. 5715, Jan. 29, 1999>

Article 14 (Correction or Deletion of Managed Information)

(1) The subject of information to inspect the managed information regarding himself/herself under Article 12, may make a written request to the head of the institution in possession (excluding institutions possessing managed information that has been tendered from another institution; hereafter in this Article the same shall apply) for correction or deletion of the managed information concerned: Provided,That in cases where other Acts prescribe such information to be the subject of collection, request for deletion shall not be made. <Amended by Act No. 8448, May 17, 2007>

- 11 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

(2) In relation to requests for correction or deletion of the contents of
managed information provided by paragraph (1), the head of the institution
in possession, excluding special procedure guidelines of other Acts, shall,
without delay, investigate and take necessary measures and notify results
to the concerned person who made such request. <Amended by Act No. 8448,

May 17, 2007>

(3) When deemed necessary for investigation prescribed in paragraph (2), the head of the institution in possession may require the applicant concerned to present evidence necessary for confirmation of matters of correction or deletion request. <Amended by Act No. 8448, May 17, 2007>

Article 15 (Request for Appeal)

(1) Where any persons whose rights and interest have been infringed on due to the act or omission of the head of public institution regarding requests prescribed in Articles 12 (1) and 14 (1), they may request an administrative appeal under the Administrative Appeals Act or file a lawsuit under the Administrative Litigation Act.
(2) Where requesting an administrative appeal pursuant to paragraph (1),
the head of the relevant central administrative agency shall become a
supervisory administrative agency for the act or omission of the head of
a public institution, other than the State administrative agencies or local
governments. <Amended by Act No. 8871, Feb. 29, 2008>

[This Article Wholly Amended by Act No. 8448, May 17, 2007]

Article 16 (Request by Proxy)

The request pertaining to Articles 12 (1) and 14 (1), may be made by proxy under conditions prescribed by Presidential Decree.

CHAPTER SUPPLEMENTARY PROVISIONS

Article 17 (Handling Fees, etc.)

Any person requesting an inspection, correction or deletion under Articles
12 (1) and 14 (1), shall pay the handling and postage fees (it shall
be limited to cases of requesting mailing of transcripts of the managed
information) prescribed by Presidential Decree. <Amended by Act No. 8448,

May 17, 2007>

Article 18 (Request for Submission of Data, etc.)

(1) The Minister of Public Administration and Security may, if deemed necessary for the enforcement of this Act, request the submission of data

- 12 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

related to the management of the private information to the head of a
public institution, and order public officials under his/her control to in-
vestigate actual conditions. <AmendedbyActNo.5715,Jan.29,1999;ActNo.8852,

Feb. 29, 2008>

(2) Any public official who performs investigation under paragraph (1) shall carry identification indicating his/her authority and produce it to the persons concerned. <Newly Inserted by Act No. 8448, May 17, 2007>

Article 18-2 (Reporting Infringement on Private Information)

(1) Where the head of a public institution collects or manages private infor- mation or possesses private information files, any person whose rights on his/her private information or interest was infringed on may report such infringement to the Minister of Public Administration and Security.

<Amended by Act No. 8852, Feb. 29, 2008>

(2) The Minister of Public Administration and Security may confirm the
reported infringement and notify the head of a relevant public institution
of the result of confirmation. <Amended by Act No. 8852, Feb. 29, 2008>
(3) The head of a public institution who received such notice under para-
graph (2) shall immediately notify the Minister of Government Admin-
istration and Home Affairs of the result of measures, and the Minister
of Public Administration and Security shall notify the reporter under
paragraph (1) of the result of measures notified. <AmendedbyActNo.8852,

Feb. 29, 2008>

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 19 (Presentation of Advice and Recommendations)

Where deemed necessary to achieve the purpose of this Act, the Minister of Public Administration and Security may present advice or recommen- dations to the head of the public institution on matters pertaining to the protection of private information. <AmendedbyActNo.5715,Jan.29,1999;Act No. 8852, Feb. 29, 2008>

Article 20 (Deliberation Committee on Protection of Private Information

Maintained by Public Institutions)

(1) For deliberation of matters pertaining to the protection of private information managed by computers or such of a public institution, the Deliberation Committee on the Protection of Private Information Maintained by Public Institutions (hereinafter referred to as the Committee ) shall be established under the command of the Prime Minister. <AmendedbyAct No. 8448, May 17, 2007>

- 13 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

(2) The Committee shall deliberate on matters falling under the follow-
ing subparagraphs: <Amended by Act No. 8448, May 17, 2007>
1. Matters concerning improvement of policies or systems on protection
of private information;
2. Matters concerning coordination of opinions among public institutions
in regards to use or tender of managed information;
3. Matters for which deliberation is requested under Article 6 (5);
4. Matters concerning use or tender of managed information under Article
10 (3) 2;
5. Other matters prescribed by Presidential Decree concerning the pro-
tection of private information.
(3) The Committee shall be comprised of not more than ten members,
including one chairperson. <Newly Inserted by Act No. 8448, May 17, 2007>
(4) The Vice-Minister of Public Administration and Security shall be the
chairperson and the Prime Minister shall designate or commission the
members, with recommendation by the chairperson, from among the
employees of public institutions and any persons of profound knowledge
and experiences in private information. <NewlyInsertedbyActNo.8448,May

17, 2007; Act No. 8852, Feb. 29, 2008>

(5) Term of office of a member shall be 2 years: Provided, That any mem-
ber who belongs to a public institution shall hold his/her office while
he/she is employed in the public institution. <NewlyInsertedbyActNo.8448,

May 17, 2007>

(6) Other necessary matters pertaining to organization and operations of the Committee shall be prescribed by Presidential Decree. <Amended

by Act No. 8448, May 17, 2007>

Article 20-2 (Designation of Officials in Charge of Private Information

Management)

(1) The head of a public institution shall designate officials in charge
of private information management to protect and manage private infor-
mation under his/her management.
(2) Necessary matters for qualification, designation and administration
of officials in charge of private information management shall be pre-
scribed by Presidential Decree.

[This Article Newly Inserted by Act No. 8448, May 17, 2007]

Article 21 (Guidance and Supervision on other Public Institutions than

State or Local Governments)

- 14 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

When necessary for protection of private information managed by computers
or such, the head of the central administrative agency concerned may present
advice or guidance and inspections, in matters pertaining to protection
of private information, to the State administrative agencies, local
governments, and other public institutions. <Amended by Act No. 8448, May

17, 2007>

Article 22 (Protection of Private Information of Individuals and Orga- nizations, other than Public Institutions)

Individuals and organizations besides public institutions that manage pri-
vate information with the use of computers or such, shall devise measures
to protect private information taking examples of public institutions into
consideration and the head of the central administrative agency, when
deemed necessary, shall present proposals or advice on matters pertain-
ing to the protection of private information of individuals and organiza-
tions other than public institutions. <Amended by Act No. 8448, May 17, 2007>

CHAPTER PENAL PROVISIONS

Article 23 (Penal Provisions)

(1) Any person who changes or alters private information for the purpose of disrupting the operations of private information management of a public institution shall be punished by imprisonment for not more than ten years. (2) Any person who illegally leaks or issues private information without consent and for the purpose of use by others, violating what has been set forth in Article 11, shall be punished by imprisonment for not more than three years or a fine not exceeding ten million won.
(3) Any person who manipulates a camera at will, fixes a camera to show other places or uses sound recording function out of the scope of installation purposes of closed-circuit televisions, in violation of Article 4-2 (2) for illegal purposes or who inspects or is tendered managed information from a public institution by fraud and other illegal means shall be punished by imprisonment for not more than two years or a fine not exceeding seven million won. <Amended by Act No. 8448, May 17, 2007>

Article 24 (Joint Penal Provisions)

Where the representative of a juristic person or the representative, agents or employees of a juristic person or an individual commits offences stipu- lated in Article 23 (2) and (3) on the business of such juristic person

- 15 -

ACT ON THE PROTECTION OF PERSONAL INFORMATION MAINTAINED BY PUBLIC INSTITUTIONS

or individual, not only shall the offender be punished, but the juristic
person or the individual shall also be punished by a fine under the same
Article. <Amended by Act No. 8448, May 17, 2007>

Article 25 (Presumption of Public Officials in Application of Penal Pro- visions)

Under this Act, a person devoted to an institution in charge of possession
of private information or an institution managing private information that
has been consigned, who is not a public official, shall be considered a
public official in the application of Articles 129 through 132 of the Crim-
inal Act.

ADDENDA

(1) (Enforcement Date) This Act shall enter into force one year after the date of its promulgation: Provided, That Articles 12 through 16 shall enter into force one year and six months after the date of its promulgation. (2) (Transitional Measures) The head of a public institution possessing private information files at the time when this Act enters into force, notwithstanding the provisions of Article 6, shall notify the matters pertaining to the private information files within one year and six months after the date of its promulgation, in the case of the head of a central administrative agency to the Minister of Government Administration, and other heads of public institutions to the central administrative agency concerned.

ADDENDA <Act No. 5715, Jan. 29, 1999>

(1) (Enforcement Date) This Act shall enter into force on the date of its promulgation.
(2) (Transitional Measures) The management period of the managed infor-
mation requested for inspection at the time this Act enters into force, to
the head of the institution in charge of possession shall be governed by
the previous provisions, notwithstanding the amended provisions of Article
12 (2).

ADDENDA <Act No. 8387, Apr. 27, 2007>

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promul- gation.

- 16 -

제4편 행정일반 공공기관의 개인정보보호에 관한 법률

Articles 2 through 9 Omitted.

ADDENDA <Act No. 8448, May 17, 2007>

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promul- gation.

Article 2 (Transitional Measures concerning Installation of Closed- Circuit Televisions)

The closed-circuit televisions already installed by public institutions at
the time this Act enters into force shall be regarded legally installed under
this Act. In such cases, the head of a public institution which installs,
operates and manages such closed-circuit televisions shall set up a direction
board under the amended provisions of Article 4-2 (3) within 3 months
from the enforcement date of this Act.

Article 3 (Application Cases concerning Prior Consultation on Posses- sion or Modification of Private Information Files)

(1) The amended provisions of Article 6 (1) shall initially apply to cases
where the head of a public institution intends to newly possess private
information files or to modify matters falling under any of subparagraphs
of Article 6 (1), after this Act enters into force.
(2) The amended provisions of Article 6 (4) shall start applying to cases
where the head of a relevant central administrative agency intends to
set up or modify the standards for possession of private information files
of public institutions after this Act enters into force.

Article 4 Omitted.

ADDENDA <Act No. 8852, Feb. 29, 2008>

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso
Omitted.)

Articles 2 through 7 Omitted.

ADDENDA <Act No. 8871, Feb. 29, 2008>

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Articles 2 through 5 Omitted.

- 17 -

AsianLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.asianlii.org/kr/legis/sta/aotpopimbpi776