개인정보 유출통지제도의 효과적인 운영 및 개선방안Reform Proposals for Effective Operations of Korea's Data Breach Notification Law
- Other Titles
- Reform Proposals for Effective Operations of Korea's Data Breach Notification Law
- Authors
- 이대희
- Issue Date
- 2014
- Publisher
- 한국경영법률학회
- Keywords
- personal information; data; breach; notification; personal information controller; subject of personal information; element of harm; encryption exemption; publicly available information; technological protection measure; 개인정보 유출통지; 데이터; 개인정보처리자; 피해발생의 가능성; 공공정보; 암호화; 기술적 보호조치; 통지의무
- Citation
- 경영법률, v.24, no.3, pp.461 - 499
- Indexed
- KCI
- Journal Title
- 경영법률
- Volume
- 24
- Number
- 3
- Start Page
- 461
- End Page
- 499
- URI
- https://scholar.korea.ac.kr/handle/2021.sw.korea/100239
- ISSN
- 1229-3261
- Abstract
- Under data breach notification law, person or business who owns or licenses data that includes personal information is required to notify the data subject of the breach of the security system of personal information. Since the enactment of California's data breach notification law in 2003, other forty five states of the United States have legislated notification law. Korea adopted data breach notification law under which a personal information controller is supposed to notify the subject of the breach. While Korea's legislation is expected to improve practices of personal information protection, it would be more effective with some amendments. This paper suggests some proposals to improve the operation of data breach notification in Korea. First, publicly available information that is lawfully made available to the general public from government needs to be excluded from the scope of personal information, although its definition is flexible enough to cover new types of sensitive personal information. Second, encryption exemption is necessary so that the controller may not be required to notify the breach if data which includes personal information has been encrypted. It will create incentives to adopt encryption, improving practices of protection, and would alleviate burden on the controller. Third, Korea's legislation should require, in addition to the acquisition of personal information by a third party, an additional element of harm to trigger notification. This additional element will limit unnecessary notification of breach, preventing the subject from becoming desensitized to notification with over-notification.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > School of Law > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.