• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• The Korean Journal of Archival Studies
• /
• no.29
• /
• pp.225-268
• /
• 2011

The general public are interested in the politics and form public opinion and keep in check the government for true democracy. The general public have the right to be furnished information from the government. And the government should enact the Freedom of Information Act to provide the public's right to know. At the same time, the government should enact the Data Protection Act to provide the public's right to privacy. There is a friction between the Freedom of Information Act and the Data Protection Act. It's hard to maintain the proper balance between the Freedom of information Act and the Data Protection Act, but many countries try to do so. The UK enacted the Data Protection Act 1998(DPA), which entered into force on 2000, to comply with EU Directive 1995. The Freedom of Information Act 2000(FOI), which came fully into force on 2005, was passed in 2000. The FOI imposes significant duties and responsibilities on public authorities to give access to the information they hold. The purpose of this study is to consider the provisions of the personal data in FOI and DPA. Besides this, it identifies the complaint cases on public authorities about the disclosure and exemption of the personal data in comparison with the acts. If information is the personal data of the person making the request, it will disclose under the DPA. If information is the personal data of a third party, it will disclose under the FOI. These acts interact each other to make up for the weak points in the other to make a proper application of the act on public authorities. This study may have any limitation in making a comparative study of the disclosure and exemption of the personal data in Korea. But it is expected to provide a basis for understanding the disclosure and exemption of the personal data in the UK.

• The Korean Society of Law and Medicine
• /
• v.21 no.2
• /
• pp.75-103
• /
• 2020

There is a growing voice that medical information should be shared because it can prepare for genetic diseases or cancer by analyzing and utilizing medical information in big data or artificial intelligence to develop medical technology and improve patient care. The utilization and protection of patients' personal information are the same as two sides of the same coin. Medical institutions or medical personnel should take extra caution in handling personal information with high environmental distinct characteristics and sensitivity, which is different from general information processors. In general, the patient's personal information is processed by medical personnel or medical institutions through the processes of collection, creation, and destruction. Still, the use of terms related to personal information in the Medical Service Act is jumbled, or the scope of application is unclear, so it relies on the interpretation of precedents. For the medical personnel or the founder of the medical institution, in the case of infringement of Article 24(4), it cannot be regarded that it means only medical treatment information among personal information, whether or not it should be treated the same as the personal information under Article 23, because the sensitive information of patients is recorded, saved, and stored in electronic medical records. Although the prohibition of information leakage under Article 19 of the Medical Service Act has a revision; 'secret' that was learned in business was revised to 'information', but only the name was changed, and the benefit and protection of the law is the same as the 'secret' of the criminal law, such that the patient's right to self-determination of personal information is not protected. The Privacy Law and the Local Health Act consider the benefit and protection of the law in 'information learned in business' as the right to self-determination of personal information and stipulate the same penalties for personal information infringement such as leakage, forgery, alteration, and damage. The privacy regulations of the Medical Service Act require that the terms be adjusted uniformly because the jumbled use of terms can confuse information subjects, information processors, and shows certain limitations on the protection of personal information because the contents or scope of the regulations of the Medical Service Law for special corporations and the Privacy Law may cause confusion in interpretation. The patient's personal information is sensitive and must be safely protected in its use and processing. Personal information must be processed in accordance with the protection principle of Privacy Law, and the rights such as privacy, freedom, personal rights, and the right to self-determination of personal information of patients or guardians, the information subject, must be guaranteed.

• The Korean Society of Law and Medicine
• /
• v.24 no.2
• /
• pp.35-77
• /
• 2023

As the amendment to the Personal Information Protection Act, which newly established the basis for the right to request transmission of personal information, was promulgated through the plenary session of the National Assembly, MyData, which was previously applied only to the financial sector, could spread to all fields. The right to request transmission of personal information is the right of the information subject to be guaranteed for the realization of MyData. However, since the right to request transmission of personal information stipulated in the Personal Information Protection Act is designed to be applied to all fields, not a special field such as the medical field, it has many shortcomings to act as a core basis for implementing MyData in Medicine. Based on this awareness of the problem, this paper compares and analyzes major legal trends related to the right to portability of personal health information at home and abroad, and examines the limitations of Korea's Personal Information Protection Act and Medical Act in realizing Medical MyData. Under the Personal Information Protection Act, the right to request transmission of personal information is insufficient to apply to the medical field, such as the scope of information to be transmitted, the transmission method, and the scope of the person obligated to perform the transmission, etc.. Regulations on the right to access medical information and transmission of medical records under the Medical Act also have limitations in implementing the full function of Medical My Data in that the target information and the leading institution are very limited. In order to overcome these limitations, this paper prepared a separate and independent special law to regulate matters related to the use and protection of personal health information as a measure to improve the legal system that can effectively guarantee the right to portability of personal health information, taking into account the specificity of the medical field. It was proposed to specifically regulate the contents of the movement and transmission system of personal health information.

• Journal of Information Technology Applications and Management
• /
• v.24 no.1
• /
• pp.81-91
• /
• 2017

In Korea, "Act on the Development of Cloud Computing and Protection of its Users" has been enforced since September 28, 2015. Many countries implemented 'Cloud First' policies and global companies such as Amazon, Microsoft, IBM started cloud services in Korea. Under these circumstance, the Act was established for developing the cloud computing industry. The Act includes clauses for encouraging the use of private cloud computing by public organizations, supporting small- and medium-size cloud service providers, and utilizing secure cloud computing services by users. However, some terms appear to be similar but have different meanings from "Act on Promotion of Information and Communications Network Utilization and Information Protection, etc." and "Personal Information Protection Act". This generated some confusion and conflicts in relation to providing user information to a 3rd party and notifying the intrusion in the Cloud Computing Act. This paper discusses these issues and suggestions for revision of the Cloud Computing Act.

• Convergence Security Journal
• /
• v.20 no.2
• /
• pp.59-68
• /
• 2020

In January 2020, the National Assembly passed the revisions of three bills which ease regulations on the use of personal information. The revised laws include the launch of an independent supervisory body, the arrangement of redundant regulations, and regulations for the development of the data economy. This paper analyzes the content and meaning of each law of the Three Revised Bills that Ease Regulations on the Use of Personal Information. And the future challenges outline three aspects: the establishment of a system to ensure the right to informational self-determination of privacy concerns, the establishment of a certification system and the presentation of reasonable guidelines, and the expectation of professional performance by the Personal Information Protection Commission.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.19 no.1
• /
• pp.639-643
• /
• 2018

Laws concerning the protection of personal information have been enacted and revised as the legislation on personal information protection on the basis of the Act on the Protection of Personal Information Maintained by Public Institutions. Nevertheless, there have been continuing threats resulting from the fact that restrictions on security subject to laws remain unclear. By proposing protected access utilizing a unique identification key of enterprises, regarding the personal information of various internal and external clients held by international manufacturing companies and attempting to make policy aspect and management access at the same time, there is a change of gradual decline in cloud personnel information management service, which is the domestic ISP service for personnel management as the technology facilitated to reduce the burden on personnel and cost for the protection of personal information and the market is also changing to the direction for companies to directly operate. Therefore, this study intends to examine the convenience of integrated management for ensuring security, while confirming the gap on flexibility and safety on management point regarding the human resources of international manufacturing companies arising from its interactions.

• Journal of Korean Society of Archives and Records Management
• /
• v.17 no.1
• /
• pp.193-216
• /
• 2017

The purpose of this study is to understand issues related to the Personal Information Act recently emerging in the field of oral history, and to prepare countermeasures for oral history academics and archives. The Personal Information Act is intended to protect the confidentiality and freedom of the constitutional privacy, and to assure the right to self-determination of information, thereby realizing the dignity and value of the individual. Oral history is intended for living persons; therefore, strict ethical standards are needed to protect the morality of the person behind the sound recordings and appears as the subject of oral history. However, if the uniform application of the Personal Information Act is made, it is a requirement to make the process of consenting and notifying excessively complex and almost impossible to realize, making collection and service of oral history resource improbable. The mechanical and strict application of the Personal Information Act does not come into being because it has the aspect of undermining the inherent intrinsic value of oral history resources and making it difficult to maintain the authenticity of the records. To solve these problems, it is necessary to revise Article 58 (4) of the Personal Information Act of Korea. In addition, it is necessary to establish a guideline for the establishment of independent ethical standards of oral history itself, especially for the protection of the moral rights of third parties.

• KIPS Transactions on Computer and Communication Systems
• /
• v.12 no.11
• /
• pp.329-336
• /
• 2023

This paper analyzes the Personal Information Protection Act and related legal guides revised in 2023, proposes a framework for a consignment contract through the items necessary in the consignment relationship for personal information work, and inspects the status of personal information protection for consignees that are absent in Korea. By proposing common items that must be included, we prevent the occurrence of personal information leakage incidents by strengthening the basic personal information protection capabilities of trustees handling personal information work and alleviating the burden of essential personal information protection inspections. I want to do it.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.05a
• /
• pp.9-11
• /
• 2022

In order to sustain and revitalize the fourth industrial revolution and data economy, the world's first 'data basic law' has been enacted and implemented in Korea.,However, the law prioritizes the activation of data industry and the activation of data production, distribution and use that deals with the protection of data assets, so it can be applied and interpreted more than the Personal Information Protection Act or the Copyright Act.,In this paper, the main contents of the data basic law are examined and the personal information issue is considered.