• 정보보호학회논문지
• /
• 제27권3호
• /
• pp.591-605
• /
• 2017

개인정보자기결정권이란 "자신에 관한 정보가 언제 누구에게 어느 범위까지 알려지고 또 이용되도록 할 것인지를 그 정보주체가 스스로 결정할 수 있는 권리"로서 2005년 헌법재판소에서 헌법상으로 인정한 권리이다. 개인정보 자기결정권 증에는 정보주체가 정보보유자가 보유중인 본인의 정보에 대한 현황 및 처리내역을 열람할 수 있도록 하는 자기정보접근권이 있다. 이러한 자기정보접근권을 보장하기 위하여 개인정보와 관련된 각종 법률에서 정보보유자에게 개인정보의 처리에 관한 사항을 정보주체에게 무조건적으로 통지하도록 의무(이하 "무조건적 자기정보접근권")를 부여하고 있다. 본 논문에서는 이러한 무조건적 자기정보접근권 부여에 대한 국내 법률 현황 및 외국의 규제 현황을 분석한다. 이어서 국내 기업들의 대응 사례를 소개하고, 관련 문제점 및 개선방안을 제시하며 결론을 낼 것이다.

• 한국정보시스템학회지:정보시스템연구
• /
• 제28권4호
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• 의료법학
• /
• 제13권1호
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• 무역상무연구
• /
• 제23권
• /
• pp.155-219
• /
• 2004

This paper focuses on two recent legislative developments in electronic commerce: the "Uniform Computer Information Transactions Act" ("UCITA") of USA and the "preliminary draft convention on the use of data message in [international trade] [the context of international contracts]" ("preliminary draft Convention") of UNCITRAL. UCITA provides rules contracts for computer information transactions. UCITA supplies modified contract formation rules adapted to permit and to facilitate electronic contracting. UCITA also adjusts commonly recognized warranties as appropriate for computer information transactions; for example, to recognize the international context in connection with protection against infringement and misappropriation, and First Amendment considerations involved with informational content. Furthermore, UCITA adapts traditional rules as to what is acceptable performance to the context of computer information transactions, including providing rules for the protection of the parties concerning the electronic regulation of performance to clarify that the appropriate general rule is one of material breach with respect to cancellation (rather than so-called perfect tender). UCITA also supplies guidance in the case of certain specialized types of contracts, e.g., access contracts and for termination of contracts. While for the most part carrying over the familiar rules of Article 2 concerning breach when appropriate in the context of the tangible medium on which the information is fixed, but also adapting common law rules and rules from Article 2 on waiver, cure, assurance and anticipatory breach to the context of computer information transactions, UCITA provides a remedy structure somewhat modeled on that of Article 2 but adapted in significant respects to the different context of a computer information transaction. For example, UCITA contains very important limitations on the generally recognized common law right of self-help as applicable in the electronic context. The UNCITRAL's preliminary draft Convention applies to the use of data messages in connection with an existing or contemplated contract between parties whose places of business are in different States. Nothing in the Convention affects the application of any rule of law that may require the parties to disclose their identities, places of business or other information, or relieves a party from the legal consequences of making inaccurate or false statements in that regard. Likewise, nothing in the Convention requires a contract or any other communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract to be made or evidenced in any particular form. Under the Convention, a communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract, including an offer and the acceptance of an offer, is conveyed by means of data messages. Also, the Convention provides for use of automated information systems for contract formation: a contract formed by the interaction of an automated information system and a person, or by the interaction of automated information systems, shall not be denied on the sole ground that no person reviewed each of the individual actions carried out by such systems or the resulting agreement. Further, the Convention provides that, unless otherwise agreed by the parties, a contract concluded by a person that accesses an automated information system of another party has no legal effect and is not enforceable if the person made an error in a data message and (a) the automated information system did not provide the person with an opportunity to prevent or correct the error; (b) the person notifies the other party of the error as soon as practicable when the person making the error learns of it and indicates that he or she made an error in the data message; (c) The person takes reasonable steps, including steps that conform to the other party's instructions, to return the goods or services received, if any, as a result of the error or, if instructed to do so, to destroy such goods or services.