Archivos de la etiqueta: electronic document

15Nov/21

Act nº 6614, Jan. 19, 2002, Framework Act on Electronic Documents and Transactions

15 noviembre, 2021Act, Corea del Suraddressee, certified electronic address, certified electronic document center, certified electronic document intermediary, Derecho Informático Corea del Sur, electronic document, electronic transaction, electronic transaction business entity, electronic transaction user, information processing system, Leegislación Informática Corea del Sur, Legislation South Korea, originatorJosé Cuervo

Act nº 6614, Jan. 19, 2002, Framework Act on Electronic Documents and Transactions. (Amended by Act nº 7440, Mar. 31, 2005; Act nº 7796, Dec. 29, 2005; Act nº 7988, Sep. 27, 2006; Act nº 8371, Apr. 11, 2007; Act nº 8362, Apr. 11, 2007: Act nº 8387, Apr. 27, 2007; Act nº 8466, May 17, 2007; Act nº 8461, May 17, 2007; Act nº 8802, Dec. 27, 2007; Act nº 8852, Feb. 29, 2008; Act nº 8979, Mar. 21, 2008; Act nº 8932, Mar. 21, 2008; Act nº 9246, Dec. 26, 2008; Act nº 9429, Feb. 6, 2009; Act nº 9504, Mar. 18, 2009; Act nº 9705, May 22, 2009; Act nº 9708, May 22, 2009; Act nº 10220, Mar. 31, 2010; Act nº 10250, Apr. 12, 2010; Act nº 10629, May 19, 2011; Act nº 10854, Jul. 14, 2011; Act nº 11461, jun. 1, 2012; Act nº 11688, Mar. 23, 2013; Act nº 11690, Mar. 23, 2013; Act nº 12781, Oct. 15, 2014; Act nº 12875, Dec. 30, 2014; Act nº 13347, jun. 22, 2015; Act nº 13587, Dec. 22, 2015; Act nº 13768, Jan. 19, 2016; Act nº 14839, Jul. 26, 2017; Act nº 14907, Oct. 24, 2017).

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)

The purpose of this Act is to contribute to the development of the national economy by clarifying the legal relevance of electronic documents and electronic transactions, ensuring the security and reliability of electronic documents and electronic transactions, and creating infrastructure for facilitating the use thereof.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 2 (Definitions)

The definitions of terms used in this Act shall be as follows:

1. The term “electronic document” means information, prepared, transmitted, received, or stored in an electronic form by an information processing system;

2. The term “information processing system” means an electronic mechanism or system capable of processing information used for preparing, converting, transmitting, receiving, or storing electronic documents;

3. The term “originator” means a person who prepares and transmits an electronic document;

4. The term “addressee” means another party to whom an originator transmits an electronic document;

5. The term “electronic transaction” means a transaction fully or partially conducted by an electronic document when buying and selling goods or services;

6. The term “electronic transaction business entity” means a person who conducts electronic transactions;

7. The term “electronic transaction user” means a person, other than an electronic transaction business entity, who makes electronic transactions;

8. The term “certified electronic address” means an address registered pursuant to Article 18-4, which is information comprised of letters and numbers to identify a person who sends or receives an electronic document;

9. The term “certified electronic document center” means a person designated under Article 31-2 (1), who conducts the following affairs (hereinafter referred to as “storage of electronic documents, etc.”) for others:

(a) Storage or certification of electronic documents;

(b) Other affairs related to electronic documents;

10. The term “certified electronic document intermediary” means a person designated under Article 31-18, who sends, receives, or relays electronic documents (hereinafter referred to as “distribution of electronic documents“) for others.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 3 (Scope of Application)

This Act shall apply to all electronic documents and electronic transactions, except as otherwise expressly provided for in other Acts.

(Article Amended by Act nº 11461, Jun. 1, 2012)

CHAPTER II.- ELECTRONIC DOCUMENTS

Article 4 (Validity of Electronic Documents)

(1) No electronic document shall be denied legal effect as a document solely because it is in an electronic form, except as otherwise expressly provided for in other Acts.

(2) An electronic document showing the intent of guaranty which has been drawn up by the guarantor for the purpose of his/her business or project shall, notwithstanding the proviso to Article 428-2 (1) of the Civil Act, be deemed a document under the main sentence of the same paragraph. (Inserted by Act nº 13768, Jan. 19, 2016)

(3) Where acts of recording, reporting, preservation, keeping, preparation or otherwise under any Act as specified in attached Table have been conducted in the form of electronic documents, it shall be deemed that acts pursuant to such Act have been conducted.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 5 (Storage of Electronic Documents)

(1) Where an electronic document meets the following requirements, the storage of such electronic document may take the place of the storage of the document provided for in the relevant statutes:

1. That the content of the electronic document shall be available for public perusal;

2. That the electronic document shall be kept in the same form as when prepared, transmitted, or received or in a form reproducible same as the afore-mentioned form;

3. Where matters concerning an originator, an addressee, and the time of transmission or receipt of the electronic document are included therein, such matters shall remain therein.

(2) Where a document converted to a form processible by an information processing system (hereinafter referred to as “digitized document“) from a paper document or other document not prepared in an electronic form (hereinafter referred to as “document to be digitized“) meets the following requirements, the storage of such digitized document may take the place of the storage of a document provided for in the relevant statutes: Provided, That this shall not apply where expressly provided for otherwise in any other statutes:

1. That a digitized document shall be identical to a document to be digitized in its content and form;

2. That a digitized document shall meet all requirements referred to in the subparagraphs of paragraph (1).

(3) Requirements for the identity of the content and form of a digitized document and a document to be digitized, methods and procedures for preparing a digitized document and other necessary matters shall be determined and announced by the Minister of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(4) For the purposes of paragraphs (1) and (2), a part needed only for transmission or receipt may not be deemed an electronic document or digitized document.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 6 (Time and Place of Transmission or Receipt of Electronic Documents)

(1) An electronic document (including a digitized document; hereinafter the same shall apply) shall be deemed sent at the time the electronic document is entered into an information processing system through which an addressee or his/her agent can receive the electronic document.

(2) An electronic document shall be deemed received in any of the following cases:

1. Where an addressee has designated an information processing system through which he/she will receive the electronic document: When it is entered into the designated information processing system: Provided, That where it is entered into an information processing system other than the designated information processing system, referring to the time the addressee prints it out;

2. Where an addressee has not designated an information processing system through which he/she will receive the electronic document: When it is entered into the information processing system he/she manages.

(3) An electronic document shall be deemed sent from or received at the location of the place of business of an originator or addressee; where at least two places of business exist, the electronic document shall be deemed sent from or received at the location of the place of business where the relevant electronic document is mainly controlled: Provided, That the originator or addressee has no place of business, such electronic document shall be deemed sent from or received at his/her habitual residence.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 7 (Where Originator is Deemed to have Sent Electronic Documents)

(1) An expression of intent contained in any of the following electronic documents shall be deemed sent by an originator:

1. An electronic document sent by his/her agent;

2. An electronic document sent by a computer program developed to send or receive electronic documents automatically or by other electronic means.

(2) In any of the following cases, an addressee of an electronic document may do an act, deeming an expression of intent contained in the electronic document to be the expression of intent of an originator:

1. Where the addressee has followed the procedure on which he/she agreed upon in advance with the originator in order to verify whether the electronic document was originated from the originator;

2. Where an electronic document received has been sent by a person who is deemed by the addressee to have sent such electronic document according to the intent of the originator or his/her agent, in view of his/her relationship with the originator or his/her agent.

(3) Paragraph (2) shall not apply in any of the following cases:

1. Where an addressee has received a notice from an originator that the electronic document is not originated from him/her, and there is a reasonable time to take necessary measures according thereto;

2. In a case falling under paragraph (2) 2, where an addressee has become aware that the electronic document did not originate from an originator or he/she might have become aware that he/she paid due attention thereto or followed the procedure on which he/she agreed upon with the originator.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 8 (Independency of Electronic Document Received)

Any electronic document received shall be deemed independent from each other document: Provided, That the same shall not apply where the addressee might have become aware that the same electronic document has been repeatedly transmitted if he/she had followed the procedure for verification agreed upon with the originator or paid due attention thereto.

Article 9 (Acknowledgement of Receipt)

(1) Where an originator has transmitted an electronic document on condition that the receipt thereof shall be acknowledged, no such electronic document shall be deemed sent until the originator receives a notice of acknowledgment of receipt. In such cases, Article 534 of the Civil Act shall not apply.

(2) Where an originator requests a notice of acknowledgment of receipt without specifying the acknowledgment of receipt as a condition, if the originator has not received any notice of acknowledgment of receipt within a reasonable period (referring to a period if such period is designated by the originator or the period agreed upon between the originator and the addressee), the originator may withdraw the transmission of such electronic document.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 10 (Alteration under Agreement between Originator and Addressee)

An originator and an addressee may conclude an agreement on terms different from the provisions of Articles 6 through 9, except as otherwise expressly provided for in other statutes.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 11 (Matters Concerning Digital Signatures)

Matters concerning digital signatures in electronic transactions shall be governed by the Digital Signature Act.

(Article Amended by Act nº 11461, Jun. 1, 2012)

CHAPTER III.- ENSURING SECURITY OF ELECTRONIC TRANSACTIONS AND PROTECTION OF CONSUMERS

Article 12 (Protection of Personal Information)

(1) The Government shall formulate and implement policies to protect personal information of electronic transaction users in order to ensure the security and reliability of electronic transactions.

(2) Every electronic transaction business entity shall comply with related regulations, such as the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc., when collecting, using, providing or managing personal information of electronic transaction users.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 13 (Protection of Trade Secrets)

(1) The Government shall formulate and implement policies to protect trade secrets of electronic transaction users in order to ensure the security and reliability of electronic transactions.

(2) Every electronic transaction business entity (including any person entrusted with the operation of an information processing system; hereafter the same shall apply in this Article) shall take measures to protect trade secrets of electronic transaction users.

(3) No electronic transaction business entity shall, without obtaining the consent of an electronic transaction user, provide or divulge a trade secret of the relevant user to any third person.

(4) Matters necessary for the scope of trade secrets, protective measures, etc. under paragraphs (1) through (3) shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 14 (Use of Encryption Products)

(1) Any electronic transaction business entity may use an encryption product to ensure the security and reliability of electronic transactions.

(2) If the Government deems it necessary for national security, it may restrict the use of encryption products, and take necessary measures to gain access to the original text of encrypted information or encryption technology.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 15 (Formulation and Implementation of Consumer Protection Policies, etc.)

(1) The Government shall formulate and implement policies to protect the basic rights and interests of consumers relevant to electronic transactions and to ensure consumer credibility on electronic transactions pursuant to related statutes, such as the Framework Act on Consumers and the Act on the Consumer Protection in Electronic Commerce, Etc.

(2) The Government may recommend electronic transaction business entities and trade associations to voluntarily establish a code of conduct to prevent unfair conduct related to electronic transactions.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 16 (Prevention of Losses to and Remedies for Consumers)

(1) The Government shall formulate and implement policies on the provision of information to consumers and the proliferation of education, etc., in order to prevent the occurrence of loss to consumers related to electronic transactions.

(2) The Government shall formulate and implement necessary measures so that it may promptly and fairly deal with complaints from and losses to consumers related to electronic transactions.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 17 (Matters to be Generally Observed by Electric Transaction Business Entities)

Every electric transaction business entity shall comply with the following matters in order to protect consumers related to electronic transactions and to ensure the security and reliability of electronic transactions:

1. Provision of its trade name (including the name of the representative of a corporation, if applicable), information on itself and accurate information on goods, services, the terms of a contract, etc.;

2. Provision and preservation of contractual terms and conditions so that consumers may easily have access to or recognize them;

3. Formulation of procedures by which a consumer may cancel or change his/her order;

4. Formulation of procedures for easy withdrawal of an application, cancellation or termination of a contract, exchange, return of goods and refund of payments, etc.;

5. Formulation of procedures to promptly and fairly deal with consumer complaints and requests;

6. Preservation of transaction records required for the verification of transactions for a fixed period.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Articles 18 through 18-3 Delelted (By Act nº 14907, Oct. 24, 2017)

Article 18-4 (Registration of Certified Electronic Addresses)

(1) Any person who intends to send or receive electronic documents using his/her certified electronic address shall register his/her certified electronic address with the exclusively responsible agency under Article 22 (1).

(2) Upon receipt of an application for registration under paragraph (1), the exclusively responsible agency under Article 22 (1) shall confirm whether a certified electronic address applied for registration conforms to international standards, etc., and enter and store the details thereof in an information processing system.

(3) The exclusively responsible agency under Article 22 (1) may collect fees from persons who apply for registration pursuant to paragraph (1).

(4) Matters necessary for registration and storage of certified electronic addresses and registration fees under paragraphs (1) through (3) shall be prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Inserted by Act nº 11461, Jun. 2012)

Article 18-5 (Generation and Issuance of Distribution Certificates, etc.)

(1) Where an electronic document is sent, received or read through a certified electronic address, the exclusively responsible agency under Article 22 (1) shall generate and store information including the following matters (hereinafter referred to as “distribution information“):

1. Time the electronic document is sent and received;

2. The sender and the addressee of the electronic document;

3. Other matters prescribed by Presidential Decree concerning transmission and receipt of electronic documents.

(2) An originator and a sender may be issued a distribution certificate from the exclusively responsible agency under Article 22 (1), which stores distribution information.

(3) Where the exclusively responsible agency under Article 22 (1) has issued a distribution certificate according to the method and procedure prescribed by Presidential Decree, such distribution certificate shall be presumed true and correct.

(4) Matters necessary for the generation, storage and issuance of distribution certificates under paragraphs (1) and (2) shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11461, Jun. 2012)

Article 18-6 (Prohibition of Collection, etc. of Certified Electronic Addresses through Automated Programs, etc.)

(1) No one shall collect certified electronic addresses through an automated program or technical mechanism that collects certified electronic addresses.

(2) No person shall sell or provide any collected certified electronic address in violation of paragraph (1).

(Article Inserted by Act nº 11461, Jun. 2012)

Article 18-7 (Prohibition of Sending Advertisements)

No one shall send any advertisement to the certified electronic address of any addressee for the purpose of profit-making or public relations.

(Article Inserted by Act nº 11461, Jun. 2012)

CHAPTER IV.- FORMULATION OF BASIC POLICIES ON ELECTRONIC DOCUMENTS AND ELECTRONIC TRANSACTIONS AND PROMOTION SYSTEM

Article 19 (Principles of Basic Policies on Electronic Documents and Electronic Transactions and Responsibility of Government)

The Government shall formulate and implement basic policies on electronic documents and electronic transactions according to the following principles to facilitate the use of electronic documents and the conduct of electronic transactions:

1. Performance led by the private sector;

2. Minimizing regulations;

3. Ensuring the security and reliability of electronic documents and electronic transactions;

4. Strengthening international cooperation.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 20 (Formulation and Implementation of Plan to Facilitate Use of Electronic Documents and Conduct of Electronic Transactions)

(1) The Government shall formulate and implement a plan including the following matters are included (hereinafter referred to as “plan to facilitate the use of electronic documents and the conduct of electronic transactions”) according to the principles of basic policies on electronic documents and electronic transactions formulated under Article 19:

1. Basic direction-setting for a plan to facilitate the use of electronic documents and the conduct of electronic transactions;

2. Matters concerning international norms related to electronic documents and electronic transactions;

3. Matters concerning the electronic payment system;

4. Matters concerning the protection of intellectual property rights;

5. Matters concerning the protection of the rights and interests of parties to electronic documents and electronic transactions;

6. Matters concerning ensuring the security and reliability of electronic documents and electronic transactions;

7. Matters concerning the development and standardization of technologies relating to electronic documents and electronic transactions;

8. Matters concerning the creation of an environment to facilitate the use of electronic documents and the conduct of electronic transactions and the generation of demand therefor;

9. Matters concerning international cooperation related to electronic documents and electronic transactions;

10. Matters concerning support for creating infrastructure necessary for facilitating the use of electronic documents and the conduct of electronic transactions;

11. Matters concerning the establishment of high-speed information and communication networks and the revitalization of the use thereof;

12. Other matters necessary for facilitating the use of electronic documents and the conduct of electronic transactions.

(2) The head of a central administrative agency related to a plan to facilitate the use of electronic documents and the conduct of electronic transactions (hereinafter referred to as “related central administrative agency“) shall formulate sectional plans for matters referred to in the subparagraphs of paragraph (1) under his/her jurisdiction, and take such plans into consideration when formulating and implementing major policies.

(3) The Minister of Science and ICT shall formulate a plan to facilitate the use of electronic documents and the conduct of electronic transactions by integrating sectional plans of each related central administrative agency. (Amended by Act nº 11688, Mar. 23, 2013; Act nº 11690, Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 21 Deleted (By Act nº 9504, Mar. 18, 2009)

Article 22 (Agency Exclusively Responsible for Promoting Use of Electronic Documents and Conduct of Electronic Transactions)

(1) The Ministry of Science and ICT may designate an exclusively responsible agency to implement the following projects in an efficient and systematic manner for facilitating the use of electronic documents as well as the conduct of electronic transactions: (Amended by Act nº 13347, Jun. 22, 2015; Act nº 14839, Jul. 26, 2017)

1. Deleted (By Act nº 14907, Oct. 24, 2017)

2. Research and development and dissemination projects of standards related to electronic documents and electronic transactions under Article 24, and activities related to the international standardization of such standards;

3. Support for technical development under Article 25;

4. Support for fact-finding surveys of statistics on electronic documents and electronic transactions under Article 28;

5. Support for duties of designating certified electronic document centers under Article 31-2;

6. Support for reporting of working rules, such as the storage of electronic documents, under Article 31-8;

7. Support for technologies on measures for protecting electronic documents by certified electronic document centers under Article 31-9 (3);

8. Acquiring stored documents, etc. under Article 31-15 (3);

9. Support for duties of designating certified electronic documents intermediaries under Article 31-18;

10. Operation of the Mediation Committee of Disputes on Electronic Documents and Transactions under Article 32.

(2) Delelted (By Act nº 14907, Oct. 24, 2017)

(3) The Government may fully or partially subsidize expenses incurred by the exclusively responsible agency in performing projects to facilitate the conduct of electronic transactions and the use of electronic documents within budgetary limits or within the Information and Communication Technology Promotion Fund established under Article 41 of the Information and Communications Technology Industry Promotion Act.

(Article Amended by Act nº 11461, Jun. 1, 2012)

CHAPTER V.- FACILITATING USE OF ELECTRONIC DOCUMENTS AND CONDUCT OF ELECTRONIC TRANSACTIONS AND CREATING INFRASTRUCTURE

Article 23 (Facilitating Use of Electronic Documents, etc.)

(1) The Government shall formulate and implement necessary policies, such as amending various statutes, in order to facilitate the use of electronic documents.

(2) The Minister of Science and ICT may determine and announce standard guidelines for requirements, methods and procedures for the preparation, transmission, receipt and storage of electronic documents to facilitate the use thereof. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) through (6) Delelted (By Act nº 14907, Oct. 24, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 24 (Standardization of Electronic Documents and Electronic Transactions)

(1) The Government shall promote the following activities to efficiently use electronic documents and conduct electronic transactions and to ensure the compatibility of related technologies:

1. Establishment, amendment, and repeal of standards related to electronic documents and electronic transactions and the dissemination thereof;

2. Research, study, and development of domestic and overseas standards related to electronic documents and electronic transactions;

3. Other activities necessary for standardization related to electronic documents and electronic transactions.

(2) The Government may, if necessary for efficiently implementing a project falling under each of paragraph (1), request any related agency or private organization to conduct such projects on its behalf. In such cases, the Government may subsidize expenses incurred while the project is conducted by proxy as prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 25 (Promotion of Technical Development for Electronic Documents and Electronic Transactions)

The Government shall promote the following to develop technology required for facilitating the use of electronic documents and the conduct of electronic transactions and to improve technical standards:

1. Matters concerning surveys of technical levels related to electronic documents and transactions, research and development of technology, and utilization of developed technologies;

2. Matters concerning technical cooperation, technical guidance, and technology transfer related to electronic documents and electronic transactions;

3. Matters concerning the smooth distribution of technical information related to electronic documents and electronic transactions and industry-science-research cooperation;

4. Other matters necessary for technical development related to electronic documents and electronic transactions.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 26 (Training of Professionals in Electronic Documents and Electronic Transactions)

(1) The Government shall endeavor to train professionals required for facilitating the use of electronic documents and the conduct of electronic transactions.

(2) In order to train professionals pursuant to paragraph (1), the Government may fully or partially subsidize expenses incurred in conducting such task to research institutes, such as government-funded research institutions, under the Act on the Establishment, Operation and Fostering of Government-Funded Research Institutes, Etc., schools under the Higher Education Act, private educational institutions, and other related institutions.

(3) Matters necessary for subsidizing expenses to institutions training professionals under paragraph (2) and other matters shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 27 (Promotion of Electronic Transactions by Public Sectors)

The State agencies, local governments, public institutions defined in Article 4 of the Act on the Management of Public Institutions, public organizations, etc. (hereinafter referred to as “State agencies, etc.”) shall formulate and implement a plan to procure goods or services necessary for the operation thereof, or to perform their projects through electronic transactions.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 28 (Fact-Finding Surveys of Statistics on Electronic Documents and Electronic Transactions)

(1) The Minister of Science and ICT may conduct a fact-finding survey of statistics on electronic documents and electronic transactions, etc. in order to effectively formulate and implement policies for facilitating electronic documents and electronic transactions. In such cases, the Statistics Act shall apply mutatis mutandis to the compilation of statistics on electronic documents and electronic transactions. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) If necessary for conducting a fact-finding survey of statistics on electronic documents and electronic transactions under paragraph (1), the Minister of Science and ICT may request any of the following entities to submit data or state its opinion: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. A State agency, etc.;

2. An electronic transaction business entity;

3. A corporation or organization related to electronic documents or electronic transactions.

(3) Any person in receipt of a request to submit data, etc. under paragraph (2) shall comply therewith.

(4) Matters necessary for conducting a fact-finding survey of statistics on electronic documents and electronic transactions shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 29 (Internationalization of Electronic Documents and Electronic Transactions)

(1) In order to promote international cooperation in electronic documents and electronic transactions, the Government may provide support for activities, such as exchanges of information, technology or human resources on electronic documents and electronic transactions, joint surveys, research and technical cooperation and international standardization.

(2) The Government shall endeavor to fully participate in discussions related to electronic documents and electronic transactions in international organizations and to respond thereto, and to revitalize entry of electronic transaction business entities and business entities related to electronic documents into overseas markets.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 30 (Electronic Commerce Resource Centers)

(1) The Government shall formulate and promote policies required for facilitating electronic transactions conducted by small and medium enterprises.

(2) In order to facilitate electronic transactions conducted by small and medium enterprises, the Minister of Science and ICT may designate an institution which supports education and training, technological guidance, management consulting, provision of information, etc. related to electronic transactions as an electronic commerce resource center (hereinafter referred to as “resource center“). (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for criteria for designation of a resource center, reporting outcomes from performing activities, subsidization of expenses and other matters shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 30-2 (Revocation of Designation of Resource Centers)

If a resource center falls under any of the following, the Minister of Science and ICT may revoke the designation thereof: Provided, That if it falls under subparagraph 1, he/she shall revoke the designation thereof: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where it has obtained designation as a resource center by fraudulent or other unlawful means;

2. Where there is no outcome from activities for at least two consecutive years without just cause;

3. Where it fails to comply with any of the criteria for designation under Article 30 (3).

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31 (Support for Facilitating Use of Electronic Documents and Conduct of Electronic Transactions)

(1) In order to facilitate the use of electronic documents and the conduct of electronic transactions, the State or a local government may provide taxation support, such as tax reductions and exemptions, and financial support and other necessary administrative support, as prescribed by tax-related Acts, including the Restriction of Special Taxation Act and the Restriction of Special Local Taxation Act.

(2) Where a corporation or organization related to electronic documents and electronic transactions implements a project specified in a plan to facilitate the use of electronic documents and the conduct of electronic transactions, the Government may fully or partially subsidize the relevant project cost within budgetary limits.

(Article Amended by Act nº 11461, Jun. 1, 2012)

CHAPTER V-II.- CERTIFIED ELECTRONIC DOCUMENT CENTERS AND CERTIFIED ELECTRONIC DOCUMENTS INTERMEDIARIES

SECTION 1.- Certified Electronic Document Centers

Article 31-2 (Designation of Certified Electronic Document Centers)

(1) The Minister of Science and ICT may designate an entity specialized in the storage of electronic documents, etc. as a certified electronic document center and require it store electronic documents in order to ensure safety and accuracy in the storage of electronic documents. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) Only corporations, State agencies, etc. prescribed by Presidential Decree may be designated as a certified electronic document center.

(3) An entity intending to be designated as a certified electronic document center shall apply for designation to the Minister of Science and ICT upon being equipped with human resources, technical ability, financial ability and independence in human and physical aspects under Article 31-9 (6) and other facilities, equipment, etc. necessary for the storage of electronic documents. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(4) Matters necessary for human resources, technical ability, financial ability and the criteria, methods and procedures for designation of facilities, equipment, etc. of a certified electronic document center under paragraphs (1) and (3) shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-3 (Grounds for Disqualification as Certified Electronic Document Centers)

None of the following persons or entities shall be designated as a certified electronic document center: (Amended by Act nº 12875, Dec. 30, 2014; Act nº 13587, Dec. 22, 2015)

1. An entity employing any of the following persons among its executive officers and staff members prescribed by Presidential Decree (hereinafter referred to as “executive officers, etc.”), who directly conduct the storage of electronic documents:

(a) A person under adult guardianship or person under limited guardianship;

(b) A person declared bankrupt, and not yet reinstated;

(c) Any person for which two years have not passed since his/her sentence of imprisonment without labor or heavier punishment was completely executed (including where the execution is deemed completed) or exempted as declared by a court;

(d) Any person who is subject to a suspended sentence of imprisonment without labor or heavier punishment as declared by a court;

(e) Any person disqualified or whose qualification was suspended by court ruling or by other Acts;

(f) Any person for whom two years have not passed since his/her designation as a certified electronic document center or certified electronic document intermediary was revoked (excluding cases where his/her designation has been revoked in accordance with the subparagraph 3 of Article 31-22 because he/she falls under subparagraph 1 (a) or (b)), who was an executive officer, etc. of the person whose designation was revoked pursuant to Articles 31-5 (1) and 31-22 (limited to a person directly responsible for the occurrence of the ground for revocation thereof or responsible therefor correspondingly, who is prescribed by Presidential Decree);

2. Any person for who two years have not passed since its designation was revoked (excluding cases where its designation has been revoked in accordance with the subparagraph 3 of Article 31-22 because he/she falls under subparagraph 1 (a) or (b)) pursuant to Articles 31-5 (1) and 31-22.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-4 (Correction Orders)

Where a certified electronic document center falls under any of the following, the Minister of Science and ICT may order it to make a correction within a fixed period not exceeding six months: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where it fails to comply with any of the criteria for designation of a certified electronic document center under Article 31-2 (4);

2. Where an executive officer, etc. falls under any of the items of subparagraph 1 of Article 31-3;

3. Where it fails to report on working rules for the storage of electronic documents, etc., in violation of Article 31-8 (1);

4. Where it fails to report on any amendment to working rules for the storage of electronic documents, etc., in violation of Article 31-8 (2);

5. Where it refuses to provide services of storing electronic documents, etc., in violation of Article 31-9 (1);

6. Where it discriminates unfairly against a user, in violation of Article 31-9 (2);

7. Where it fails to take measures necessary for preventing the content of any stored electronic document from being damaged or altered, in violation of Article 31-9 (3);

8. Where security in the storage, transmission, or receipt of electronic documents or the accuracy of proof concerning electronic documents is at risk of being compromised because the method or procedure of a certified electronic document center for conducting its affairs is inappropriate;

9. Where it fails to purchase insurance, in violation of Article 31-16 (2).

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-5 (Revocation of Designation and Penalty Surcharges)

(1) Where an entity designated as a certified electronic document center pursuant to Article 31-2 falls under any of the following, the Minister of Science and ICT may revoke its designation or order it to fully or partially suspend within a fixed period not exceeding one year, as prescribed by Ordinance of the Ministry of Science, ICT and Future Planning: Provided, That where it falls under subparagraph 1 or 2, he/she shall revoke its designation: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where it has obtained designation under Article 31-2 (1) by fraudulent or other unlawful means;

2. Where it has continued its affairs during a period for which its affairs are suspended;

3. Where it fails to begin operations for at least one year from the date it has obtained designation under Article 31-2 (1), or fails to conduct its affairs, such as the storage of electronic documents, for at least one consecutive year after beginning operations;

4. Where it fails to comply with a correction order issued under Article 31-4 within a fixed period.

(2) Where the Minister of Science and ICT must impose the suspension of operations because an entity designated as a certified electronic document center falls under paragraph (1) 3 and 4 and he/she deems that the suspension of operations will cause serious inconvenience to users of a certified electronic document center, or harm public interests, he/she may impose a penalty surcharge not exceeding 100 million won in lieu of the suspension of operations. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) The amount of a penalty surcharge depending on the type and severity of an offense on which a penalty surcharge is imposed pursuant to paragraph (2) and methods for computing the penalty surcharge and other necessary matters shall be prescribed by Presidential Decree.

(4) When any person liable to pay a penalty surcharge under paragraph (2) fails to pay it by the payment due date, the Minister of Science and ICT shall collect it in the same manner as delinquent national taxes are collected. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-6 (Effect of Storage through Certified Electronic Document Centers)

Where a certified electronic document center stores electronic documents, such electronic documents shall be deemed stored under Article 5 (1) or (2).

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-7 (Presumption of Content of Electronic Documents, etc.)

(1) The content of electronic documents stored in a certified electronic document center shall be presumed unmodified during the period of storage.

(2) Where a certified electronic document center issues a certificate of matters on the storage, an originator, an addressee and the date and time of transmission and receipt of an electronic document stored in the relevant certified electronic document center according to methods and procedures prescribed by Presidential Decree, matters stated on the certificate shall be presumed true and correct.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-8 (Reporting on Working Rules for Storage of Electronic Documents, etc.)

(1) Any certified electronic document center shall establish working rules for the storage of electronic documents, etc. (hereinafter referred to as “working rules for the storage of electronic documents, etc.”) before it begins operations, as prescribed by Ordinance of the Ministry of Science and ICT, and report to the Minister of Science and ICT. In such cases, the following matters shall be included in working rules for the storage of electronic documents, etc.: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Types of business affairs;

2. Methods and procedures for conducting business affairs;

3. Terms and conditions of use of services of storing electronic documents, etc. and user fees;

4. Other matters prescribed by Ordinance of the Ministry of Science and ICT and necessary for conducting business affairs.

(2) Where a certified electronic document center intends to modify matters reported pursuant to paragraph (1), it shall report in advance to the Minister of Science and ICT, as prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) Where the Minister of Science and ICT deems that the content of working rules for the storage of electronic documents, etc. reported pursuant to paragraph (1) is at risk of compromising security and accuracy in the storage of electronic documents, etc. or harm interests of users (hereinafter referred to as “user“) of services of storing electronic documents, etc., he/she may order the relevant certified electronic document center to amend the working rules for the storage of electronic documents, etc. within a fixed period. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(4) When a certified electronic document center has changed facilities or equipment used for the storage of electronic documents, etc., it shall report to the Minister of Science and ICT, as prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-9 (Matters to Observe)

(1) No certified electronic document center shall refuse to provide services of storing electronic documents, etc. without just cause.

(2) No certified electronic document center shall discriminate unfairly against any user.

(3) A certified electronic document center shall take necessary measure, as prescribed by Presidential Decree, to prevent the content of stored electronic documents from being damaged or altered.

(4) No certified electronic document center shall provide or disclose any electronic document stored in the relevant information processing system or other related information to any third person without following due process or without the consent of the originator, the addressee and the relevant user of the electronic document.

(5) A certified electronic document center shall maintain independence in human and physical aspects in the relationship with its users in order to store electronic documents, etc., in a reliable manner and the specific criteria therefor shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-10 (Regular Inspections, etc.)

(1) A certified electronic document center shall undergo regular inspections by the Minister of Science and ICT on the safety of the facilities and equipment it possesses. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) Where a certified electronic document center has reported a change under Article 31-8 (4) or succession under Article 31-14 (3), it shall undergo an inspection by the Minister of Science and ICT on the safety of the relevant facilities or equipment. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) Standards, timing, subject matter of, and procedures for inspections under paragraphs (1) and (2) and other necessary matters shall be prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-11 (Reporting, Inspections, etc.)

(1) If deemed necessary, the Minister of Science and ICT may require a certified electronic document center to submit related data or file a report in writing or by electronic document, and require related public officials to enter an office, a place of business and other related place of the certified electronic document center to inspect facilities, equipment, documents or other articles relating to the storage of electronic documents, etc., as prescribed by Presidential Decree. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) Any public official who conducts an inspection under paragraph (1) shall carry a certificate of identification indicating his/her authority, and produce it to interested parties.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-12 (Security of Related Information, Such as Electronic Documents)

(1) No one shall forge or falsify any electronic document or other related information stored in a certified electronic document center, or use forged or falsified information.

(2) No one shall be issued a false certificate referred to in Article 31-7 (2) by entering false information or a false command into an information processing system of a certified electronic document center.

(3) No one shall destroy or damage any electronic document or other related information stored in a certified electronic document center, or infringe on its confidentiality.

(4) No current or former executive officer or employee of a certified electronic document center shall divulge the content of any electronic document or other related information he/she has become aware of in the course of performing his/her duty, or use it for himself/herself or allow any third party to use it.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-13 (Protection of User Information)

Every certified electronic document center and certified electronic document intermediary shall protect personal information of users in relation to the storage of electronic documents, etc. and the distribution of electronic documents, as prescribed by related statutes.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-14 (Transfer, Acquisition, etc. of Business of Certified Electronic Document Centers)

(1) Any certified electronic document center may fully or partially transfer its business to any third certified electronic document center or merge with any third certified electronic document center. In such cases, the certified electronic document center shall notify its users of such transfer or merger by no later than 60 days prior to the date it intends to transfer or merge, as prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) Any certified electronic document center which has transferred its business pursuant to paragraph (1) or any certified electronic document center surviving a merger or established in the course of a merger shall succeed to the status of the previous certified electronic document center.

(3) Any entity that has succeeded to the status of the previous certified electronic document center pursuant to paragraph (2) shall report to the Minister of Science and ICT, as prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-15 (Discontinuance of Business of Storing Electronic Documents, etc.)

(1) Where a certified electronic document center intends to discontinue its business of storing electronic documents, etc., it shall notify its users of the discontinuance of its business and report such fact to the Minister of Science and ICT, as prescribed by Ordinance of the Ministry of Science and ICT, by no later than 60 days prior to the date it intends to discontinue its business. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) A certified document center which have reported pursuant to paragraph (1) shall transfer electronic documents that it stores and other records on the storage of electronic documents, etc. (hereinafter referred to as “stored documents, etc.”) to any third certified electronic document center: Provided, That where it cannot transfer stored documents, etc. due to inevitable reasons, such as the refusal of any third certified electronic document center to acquire such stored documents, etc., it shall, without delay, report such fact to the Minister of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) Where any of the following cases arises and the Minister of Science and ICT deems an emergency measure necessary to ensure the continuity and security of its affairs, such as the storage of electronic documents, he/she may require the exclusively responsible agency to acquire the relevant stored electronic documents, etc. or may require it to take other necessary measures: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where he/she has received a report under the proviso to paragraph (2);

2. Where he/she has revoked designation of a certified electronic document center pursuant to Article 31-5;

3. Where there arises an inevitable reason making it impossible for a certified electronic document center to conduct its affairs, such as the storage of electronic documents.

(4) Matters necessary for reporting the discontinuance of business, and transfer and acquisition of stored documents, etc. under paragraphs (1) through (3) and other matters shall be prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-16 (Liability for Compensation and Purchasing Insurance)

(1) When a certified electronic document center has inflicted a loss on a user in connection with the storage of electronic documents, etc., it shall compensate the user for such loss: Provided, That where the certified electronic document center has proved that there is no intention or negligence on its part, this shall not apply.

(2) A certified electronic document center shall purchase insurance, as prescribed by Presidential Decree, in order to compensate for losses under paragraph (1).

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 31-17 (Fees, etc.)

A certified electronic document center may impose necessary charges, such as fees, on applicants for issuance of certificates or its users.

(Article Amended by Act nº 11461, Jun. 1, 2012)

SECTION 2.- Certified Electronic Document Intermediaries

Article 31-18 (Designation of Certified Electronic Document Intermediaries, etc.)

(1) The Minister of Science and ICT may designate an entity specialized in the distribution of electronic documents as a certified electronic document intermediary to distribute electronic documents in order to ensure stability and reliability in the distribution of electronic documents. In such cases, he/she may first designate a person who represents each field of finance, health care, national defense, etc. where necessary to protect personal information and trade secrets. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) Only corporations, State agencies, etc. prescribed by Presidential Decree may be designated as a certified electronic document intermediary.

(3) Any person who intends to be designated as a certified electronic document intermediary shall apply for designation to the Minister of Science and ICT up being equipped with human resources, facilities, equipment and financial ability and technical ability necessary for distributing electronic documents (hereinafter referred to as “requirements for certified electronic document intermediaries”). (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(4) The Minister of Science and ICT may announce the working rules of certified electronic document intermediaries in order to ensure stability and reliability in the distribution of electronic documents. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(5) Where the Minister of Science and ICT designates a certified electronic document intermediary pursuant to the latter part of paragraph (1), he/she may attach a condition necessary to ensure stability and reliability in the distribution of electronic documents. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(6) Matters necessary for requirements for certified electronic document intermediaries and procedures for the designation thereof under paragraph (1) and (3) and other matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11461, Jun. 2012)

Article 31-19 (Grounds for Disqualification as Certified Electronic Document Intermediaries)

None of the following entities shall be designated as a certified electronic document intermediary: (Amended by Act nº 13587, Dec. 22, 2015)

1. An entity, any of the executive officers of which falls under any of the items of subparagraph 1 of Article 31-3;

2. An entity for which two years have not passed since its designation was revoked (excluding cases where its designation has been revoked in accordance with the subparagraph 3 of Article 31-22 because he/she falls under subparagraph 1 (a) or (b)) pursuant to Article 31-5 (1) or 31-22.

(Article Inserted by Act nº 11461, Jun. 2012)

Article 31-20 (Reporting by Certified Electronic Document Intermediaries on Changes)

When a certified electronic document intermediary has changed facilities or equipment used for distributing electronic documents, he/she shall report to the Minister of Science and ICT, as prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Inserted by Act nº 11461, Jun. 2012)

Article 31-21 (Regular Inspections, etc.)

(1) Every certified electronic document intermediary shall undergo regular inspections by the Minister of Science and ICT on the safety of the facilities and equipment it possesses. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(2) When any certified electronic document intermediary has reported changes under Article 31-20, it shall undergo an inspection by the Minister of Science and ICT on the safety of the relevant facilities or equipment. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for standards, timing, subject matter of, and procedures for inspections under paragraphs (1) and (2) shall be prescribed by Ordinance of the Ministry of Science and ICT. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Inserted by Act nº 11461, Jun. 2012)

Article 31-22 (Revocation of Designation of Certified Electronic Document Intermediaries)

Where any certified electronic document intermediary falls under any of the following, the Minister of Science and ICT may revoke its designation, as prescribed by Ordinance of the Ministry of Science and ICT: Provided, That where it falls under subparagraph 1, he/she shall revoke its designation: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where it has obtained designation by fraudulent or other unlawful means;

2. Where it fails to meet requirements for certified electronic document intermediaries under Article 31-18 (3);

3. Where its executive officer falls under subparagraph 1 of Article 31-19: Provided, That this shall not apply where it appoints another executive officer replacing such executive officer within three months;

4. Where it fails to comply with a correction order issued under Article 31-23 within a fixed period.

(Article Inserted by Act nº 11461, Jun. 2012)

Article 31-23 (Correction Orders)

Where any certified person replaying electronic documents falls under any of the following, the Minister of Science and ICT may order it to make a correction within a fixed period not exceeding six months: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where it violates any provision of working rules under Article 31-18 (4);

2. Where it fails to comply with a condition attached pursuant to Article 31-18 (5);

3. Where stability and reliability in the distribution of electronic documents is at risk of being substantially compromised because the method or procedure for conducting its affairs is inappropriate.

(Article Inserted by Act nº 11461, Jun. 2012)

CHAPTER VI.- MEDIATION COMMITTEE OF DISPUTES ON ELECTRONIC DOCUMENTS AND ELECTRONIC TRANSACTIONS

Article 32 (Establishment and Composition of Mediation Committee of Disputes on Electronic Documents and Electronic Transactions, etc.)

(1) There is hereby established a Mediation Committee of Disputes on Electronic Documents and Electronic Transactions (hereafter referred to as the “Committee” in this Chapter) to mediate disputes on electronic documents and electronic transactions.

(2) The Committee shall be comprised of at least 15 up to 50 members, including one Chairperson.

(3) Members shall be appointed or commissioned by the Minister of Science and ICT from among any of the following persons, and the Chairperson shall be elected by the Committee from among its members: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. A current or former associate professor or higher, or person in a position equivalent thereto in a university or officially-recognized research institution, who majored in the field related to electronic documents or electronic transactions;

2. A current or former Grade IV public official or higher (including a public official in general service belonging to the Senior Civil Service) or a person in a position equivalent thereto in a public agency, who has experience in electronic documents or electronic transactions;

3. A qualified judge, public prosecutor or attorney-at-law;

4. A person recommended by a non-profit, non-governmental organization as defined in Article 2 of the Assistance for Non-Profit, Non-Governmental Organizations Act;

5. Other person who has knowledge and experience in electronic documents or electronic transactions, and the mediation of disputes.

(4) The members shall be non-standing members, and the terms of office of members shall be three years, and renewable for only one further term.

(5) No member shall be dismissed or de-commissioned against his/her will except in any of the following cases: (Amended by Act nº 14907, Oct. 24, 2017)

1. Where he/she is sentenced to the suspension of qualification or heavier punishment;

2. Where he/she is no longer able to perform his/her duties due to a mental or physical disorder;

3. Where any illegality exists relating to his/her duties;

4. Where he/she is deemed ill-fitted as a member due to neglect of duty or injury to dignity;

5. Where he/she fails to abstain even though he/she falls under any of the subparagraphs of Article 32-2 (1) or the former part of Article 32-2 (2).

(6) The secretariat shall be established within the exclusively responsible agency to support the affairs of the Committee.

(7) Except as otherwise expressly provided for in paragraphs (1) through (6), matters necessary for the operation of the Committee and other matters shall be prescribed by Presidential Decree.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 32-2 (Abstention, Recusal or Withdrawal of Members)

(1) Where a member of the Committee falls under any of the following, he/she shall abstain from the mediation of the relevant mediation case:

1. Where the member or his/her current or former spouse becomes a party to the case or is in the relationship of a joint titleholder or co-obligor with the party to the case;

2. Where the member a current or former relative of a party to the case;

3. Where the member bore witness in or assessed the relevant case;

4. Where the member is or was involved in the relevant case as an agent of the party to the case.

(2) Where a party to the case is in a circumstance that he/she anticipates unfairness in mediation, he/she may apply for recusal of the relevant member to the Committee; and the Committee shall determine thereon by voting. In such cases, the member against whom the recusal is applied for shall not participate in the voting. (Amended by Act nº 14907, Oct. 24, 2017)

(3) Where a member falls under a ground referred to in paragraph (1) or (2), he/she shall voluntarily withdraw from the mediation of the relevant case. (Amended by Act nº 14907, Oct. 24, 2017)

(Article Inserted by Act nº 11461, Jun. 2012)

Article 33 (Mediation of Disputes)

(1) Any person who intends to obtain a remedy for any loss or seek mediation of a dispute related to an electronic document or electronic transaction may apply for mediation of the dispute to the Committee: Provided, That this shall not apply where the mediation of the dispute has been completed in accordance with other Acts.

(2) The Mediation Board (hereinafter referred to as the “Mediation Board“) comprised of not more than three members shall conduct mediation: Provided, That the Committee shall conduct mediation if the Committee has resolved to mediate for itself.

(3) Members of the Mediation Board shall be appointed for each case by the Chairperson from among the members of the Committee, and at least one person falling under Article 32 (3) 3 shall be included as a member.

(4) The Committee or the Mediation Board shall prepare a draft mediation within 45 days after receipt of an application for mediation of a dispute under paragraph (1), and recommend the draft mediation to the parties to the dispute (hereinafter referred to as “parties“): Provided, That where it intends to extend such deadline due to extenuating circumstances, it shall notify the parties of its intention, specifying the grounds therefor and the new deadline.

(5) A draft mediation referred to in paragraph (4) may include restoration, compensation and other measures necessary to remedy damage within the limit not contrary to the purport of the application. (Inserted by Act nº 13347, Jun. 22, 2015)

(6) The parties concerned upon receipt of a recommendation under the main sentence of paragraph (4) shall notify the Committee or the Mediation Board of whether they consent to the draft mediation within 15 days from the date of receipt of such recommendation. In such cases, if any party fails to express his or her intention within 15 days, he/she shall be deemed to have accepted the draft mediation.

(7) Except as otherwise provided for in paragraphs (1) through (6), necessary matters concerning procedures for mediation shall be prescribed by Presidential Decree. (Amended by Act nº 13347, Jun. 22, 2015)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 33-2 (Notification of Illegal Acts, and Other Related Matters)

Where the Committee deems that any party or person concerned has violated any statute while conducting dispute mediation, the Committee shall notify the relevant agency of such violation and make a request that the agency take an appropriate measure: Provided, That this shall not apply in any of the following cases:

1. Where any of the parties to dispute has agreed to compensate for damage and has redressed the violation of the statutes;

2. Where the relevant agency has already become aware of and investigated into the violation of the statutes.

(Article Inserted by Act nº 13347, Jun. 22, 2015)

Article 34 (Requests for Data, etc.)

(1) The Committee may request the parties or a witness to provide data required for the mediation of a dispute. In such cases, the relevant parties shall comply with such request unless they have just cause.

(2) Where the Committee deems it necessary, it may require the parties or a witness to attend a meeting of the Committee to hear their opinions.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 34-2 (Refusal and Suspension of Mediation)

(1) The Committee may refuse to mediate the case in any of the following cases:

1. Where the mediation of a dispute has been completed in accordance with other Act;

2. Where it is deemed inappropriate for the Committee to mediate a dispute in light of the nature of the case;

3. Where the Committee deems that an application for the mediation of a dispute has been filed for any unlawful purpose.

(2) Where a party brings a lawsuit against the other party before the mediation of a dispute finishes, the Committee may suspend such mediation.

(3) Where the Committee refuses to mediate the case pursuant to paragraph (1) or suspends mediation pursuant to paragraph (2), it shall notify the parties of the fact and grounds therefor.

(Article Inserted by Act nº 11461, Jun. 2012)

Article 35 (Completion of Mediation)

(1) Mediation shall be completed in any of the following cases:

1. Where parties consent to a mediation plan under Article 33 (4);

2. Where parties submit a mediated agreement to the Committee.

(2) Where mediation is completed pursuant to paragraph (1), the Committee shall send to the parties a protocol of mediation signed and sealed by the Committee Chairperson and each party.

(3) A protocol of mediation referred to in paragraph (2) shall have the same effect as a consent judgment under the Civil Procedure Act.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 36 (Cessation of Mediation)

The Committee shall notify the parties of the cessation of mediation in any of the following cases:

1. Where an application for mediation is withdrawn, or any of the parties fails to comply with the mediation of a dispute;

2. Where the parties refuse a mediation plan of the Committee.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 36-2 (Interruption of Extinctive Prescription)

An Application for mediation of a dispute under Article 33 (1) shall have an effect of interrupting extinctive prescription: Provided, That this shall not apply where the application for mediation of a dispute is withdrawn.

(Article Inserted by Act nº 12781, Oct. 15, 2014)

Article 37 (Expenses for Mediation, etc.)

(1) The Committee may require an applicant for mediation of a dispute to bear expenses for mediation, as prescribed by Presidential Decree.

(2) The Government may subsidize expenses incurred in the operation of the Committee within budgetary limits.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 37-2 (Confidentiality)

No person who conducts or has conducted affairs related to the mediation of a dispute of the Committee shall divulge confidential information he/she has become aware of in the course of performing his/her duty to any third person or appropriate it for any purpose other than the official purpose: Provided, That this shall not apply where expressly provided for otherwise in any other Acts.

(Article Inserted by Act nº 11461, Jun. 2012)

CHAPTER VII.- SUPPLEMENTARY PROVISIONS

Article 38 (Prohibition of Use of Similar Names)

(1) No entity, other than one designated as a certified electronic document center, shall use a certified electronic document center or similar in its name.

(2) No entity, other than one designated as a certified electronic document intermediary, shall use a certified electronic document intermediary or similar in its name.

(3) No one shall use a certified electronic address or similar for non-certified electronic address.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 39 (Delegation or Entrustment of Authority)

The Minister of Science and ICT may delegate part of his/her authority under this Act to the head of an agency under his/her jurisdiction or the head of a local government, or entrust such authority to the head of a related central administrative agency or an specialized institution, as prescribed by Presidential Decree. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 40 (Reciprocity)

This Act shall also apply to foreigners and foreign corporations: Provided, That with respect to foreigners or foreign corporations of a State which does not provide protection corresponding to this Act to citizens or corporations of the Republic of Korea, protection under this Act or treaties to which the Republic of Korea acceded or concluded by the Republic of Korea may be restricted commensurately therewith.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 41 (Hearings)

Where the Minister of Science and ICT falls under any of the following, he/she shall hold a hearing: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Where he/she intends to revoke the designation of a resource center pursuant to Article 30-2;

2. Where he/she intends to revoke the designation of a certified electronic document center pursuant to Article 31-5 (1);

3. Where he/she intends to revoke the designation of a certified electronic document intermediary pursuant to Article 31-22.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 42 (Deemed Public Officials for Purposes of Penalty Provisions)

Any of the following persons shall be deemed a public official for the purposes of applying Articles 129 through 132 of the Criminal Act to his/her business affairs:

1. An executive officer or employee of a certified electronic document center;

2. An executive officer of a certified electronic document intermediary;

3. A non-public official member of the Committee among its members.

(Article Amended by Act nº 11461, Jun. 1, 2012)

CHAPTER VIII.- PENALTY PROVISIONS

Article 43 (Penalty Provisions)

(1) Any of the following persons shall be punished by imprisonment with labor for not more than ten years or by a fine not exceeding 100 million won:

1. A person who forges or falsifies an electronic document or other related information stored in a certified electronic document center or uses forged or falsified information, in violation of Article 31-12 (1);

2. A person who is issued a false certificate under Article 31-7 (2) by entering false information or a false command into the information processing system of a certified electronic document center, in violation of Article 31-12 (2).

(2) An attempted offender referred to in paragraph (1) shall be punished.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 44 (Penalty Provisions)

Any of the following persons shall be punished by imprisonment with labor for not more than five years or by a fine not exceeding 50 million won:

1. A person who destroys or damages an electronic document or other related information stored in a certified electronic document center, or infringes on its confidentiality, in violation of Article 31-12 (3);

2. A current or former executive officer or employee of a certified electronic document center, who divulges the content of an electronic document or other related information he/she has become aware of in the course of performing his/her duty, or uses such content for himself/herself or allows any third party to use such content, in violation of Article 31-12 (4);

3. A person who divulges confidential information he/she has become aware of in the course of performing his/her duty to any third person or appropriates it for any purpose other than the official purpose, in violation of Article 37-2.

(Article Amended by Act nº 11461, Jun. 1, 2012)

Article 45 (Joint Penalty Provisions)

If the representative of a corporation, or an agent, an employee or any other servant of a corporation or an individual has committed an offense under Article 43 or 44 in connection with the affairs of the corporation or individual, not only shall a relevant offender be punished accordingly, but the corporation or individual shall also be punished by a fine under the relevant provisions: Provided, That this shall not apply where such corporation or individual has not been negligent in giving due attention and supervision of the relevant affairs to prevent such offense.

(Article Amended by Act nº 9246, Dec. 26, 2008)

Article 46 (Administrative Fines)

(1) Any of the following persons shall be punished by an administrative fine not exceeding 30 million won:

1. A person who collects, sells or provides any certified electronic address, in violation of Article 18-6;

2. A person who sends any advertisement to the certified electronic address of an addressee for the purpose of profit-making or public relations, in violation of Article 18-7;

3. A certified electronic document center that provides or discloses any electronic document or other related information, in violation of Article 31-9 (4).

(2) Any of the following persons shall be punished by an administrative fine not exceeding ten million won: (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

1. Deleted (By Act nº 14907, Oct. 24, 2017)

2. A person who fails to report working rules for the storage of electronic documents, etc., in violation of Article 31-8 (1);

3. A person who fails to report any amendment made to working rules for the storage of electronic documents, etc., in violation of Article 31-8 (2);

4. A person who fails to comply with an order to amend working rules for the storage of electronic documents, etc., in violation of Article 31-8 (3);

5. A person who fails to report the change of facilities or equipment, in violation of Article 31-8 (4);

6. A person who refuses to provide services of storing electronic documents, etc. without just cause, in violation of Article 31-9 (1);

7. A person who discriminates unfairly against a user, in violation of Article 31-9 (2);

8. A person who fails to take measures necessary for preventing the content of electronic documents stored in a certified electronic document center from being damaged or altered, in violation of Article 31-9 (3);

9. A person who fails to undergo an inspection, in violation of Article 31-10 (1) or (2);

10. A person who fails to submit data or a report, who submits false data or a false report, or who refuses, interferes with or evades entry or inspection of a related public official under Article 31-11 (1);

11. A person who fails to notify users of the transfer or merger of business of storing electronic documents, etc., in violation of the latter part of Article 31-14 (1);

12. A person who fails to report succession to the status of a certified electronic document center, in violation of Article 31-14 (3);

13. A person who fails to notify users of the discontinuance of business of storing electronic documents, etc. or fails to report such fact to the Minister of Science and ICT, in violation of Article 31-15 (1);

14. A person who fails to transfer or report stored documents, etc., in violation of Article 31-15 (2);

15. A person who fails to purchase insurance, in violation of Article 31-16 (2);

16. A person who fails to report the change of facilities or equipment, in violation of Article 31-20;

17. A person who fails to undergo an inspection, in violation of Article 31-21;

18. An entity who uses a certified electronic document center or similar in its name, in violation of Article 38 (1);

19. An entity who uses a certified electronic document intermediary or similar in its name, in violation of Article 38 (2);

20. A person who uses a certified electronic address or similar, in violation of Article 38 (3).

(3) Administrative fines under paragraphs (1) and (2) shall be imposed and collected by the Minister of Science and ICT, as prescribed by Presidential Decree. (Amended by Act nº 11690; Mar. 23, 2013, Act nº 14839, Jul. 26, 2017)

(Article Amended by Act nº 11461, Jun. 1, 2012)

ADDENDA

(1) (Enforcement Date) This Act shall enter into force on July 1, 2002.

(2) (Transitional Measures for Designation of Electronic Commerce Resource Center) Electronic commerce resource centers designated under the former provisions as at the time this Act enters into force, shall be deemed electronic commerce resource centers under Article 30.

(3) (Relations with other Statutes) Where the former Framework Act on Electronic Commerce or its provisions are cited in other statutes at the time of enforcement of this Act, if there exist any corresponding provisions in this Act, this Act or the corresponding provisions in this Act shall be deemed to have been cited.

ADDENDA (Act nº 7440, Mar. 31, 2005)

(1) (Enforcement Date) This Act shall enter into force six months after the date of its promulgation.

(2) (Transitional Measures for Council on Electronic Commerce Policy) The Council on Electronic Commerce Policy established and composed under the former provisions at the time of enforcement of this Act shall be deemed to be the Committee on Electronic Commerce Policy established and composed under the amended provisions of Article 21.

(3) (Transitional Measures for Korea Electronic Documents Exchange Committee) The Korea Electronic Documents Exchange Committee established and composed under the former provisions at the time of enforcement of this Act shall be deemed to be the sectional committee on standards of electronic documents of the Committee on Electronic Commerce Policy established and composed under the amended provisions of Article 21 (5).

ADDENDA (Act nº 7796, Dec. 29, 2005)

Article 1 (Enforcement Date)

This Act shall enter into force on July 1, 2006.

Articles 2 through 6 Omitted.

ADDENDA (Act nº 7988, Sep. 27, 2006)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 13 Omitted.

ADDENDA (Act nº 8362, Apr. 11, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 10 Omitted.

ADDENDA (Act nº 8371, Apr. 11, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 10 Omitted.

ADDENDA (Act nº 8387, Apr. 27, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 9 Omitted.

ADDENDUM (Act nº 8461, May 17, 2007)

This Act shall enter into force six months after the date of its promulgation: Provided, That the amended provisions of Article 5 (2) through (4) shall enter into force on the date of its promulgation.

ADDENDA (Act nº 8466, May 17, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 5 Omitted.

ADDENDA (Act nº 8802, Dec. 27, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 7 Omitted.

ADDENDA (Act nº 8852, Feb. 29, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDUM (Act nº 8932, Mar. 21, 2008)

This Act shall enter into force on the date of its promulgation.

ADDENDA (Act nº 8979, Mar. 21, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Articles 2 through 6 Omitted.

ADDENDUM (Act nº 9246, Dec. 26, 2008)

This Act shall enter into force on the date of its promulgation.

ADDENDUM (Act nº 9429, Feb. 6, 2009)

This Act shall enter into force six months after the date of its promulgation.

ADDENDUM (Act nº 9504, Mar. 18, 2009)

This Act shall enter into force on the date of its promulgation.

ADDENDA (Act nº 9705, May 22, 2009)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act nº 9708, May 22, 2009)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 12 Omitted.

ADDENDA (Act nº 10220, Mar.31, 2010)

Article 1 (Enforcement Date)

This Act shall enter into force on January 1, 2011.

Articles 2 through 5 Omitted.

ADDENDA (Act nº 10250, Apr. 12, 2010)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 9 Omitted.

ADDENDA (Act nº 10629 May 19, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force two months after the date of its promulgation. (Proviso Omitted.)

Article 2 Omitted.

ADDENDA (Act nº 10854, Jul. 14, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 and 3 Omitted.

ADDENDA (Act nº 11461, Jun. 1, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Article 2 (Applicability to Terms of Office of Members of Mediation Committee of Disputes on Electronic Documents or Electronic Transactions)

The amended provisions of Article 32 (4) shall apply from the first members appointed or commissioned after this Act enters into force.

Article 3 (Applicability to Mediation of Disputes on Electronic Documents or Electronic Transactions)

The amended provisions of Articles 33, 34-2, 35 and 36 shall apply from the first application for mediation of a dispute filed after this Act enters into force.

Article 4 (Transitional Measures concerning Certification of Exemplary Electronic Transaction Business Entities)

The certification of exemplary electronic transaction business entity obtained under the former provisions as at the time this Act enters into force shall be deemed the certification of exemplary electronic transaction business entity obtained under the amended provisions of Article 18.

Article 5 (Transitional Measures concerning Basic Policies on Electronic Transactions)

Basic policies on electronic transactions formulated under the former provisions as at the time this Act enters into force shall be deemed basic polices on electronic documents and electronic transactions formulated under the amended provisions of Article 19.

Article 6 (Transitional Measures concerning Plans to Facilitate Electronic Transactions)

A plan to facilitate electronic transactions formulated under the former provisions as at the time this Act enters into force shall be deemed a plan to facilitate electronic documents and electronic transactions formulated under the amended provisions of Article 20.

Article 7 (Transitional Measures concerning Certified Electronic Document Depositories)

A corporation designated as a certified electronic document depository under the former provisions before this Act enters into force shall be deemed a certified electronic document center designed under the amended provisions of Article 31-2.

Article 8 (Transitional Measures concerning Grounds for Disqualification)

Where any executive officer of a certified electronic document center as at the time this Act enters into force newly falls under grounds for disqualification under the amended provision of subparagraph 1 (e) of Article 31-3 due to a ground which arose before this Act enters into force, notwithstanding the said amended provision, the former provision shall apply.

Article 9 (Transitional Measures concerning Electronic Commerce Dispute Mediation Committee)

The Electronic Commerce Dispute Mediation Committee established under the former provisions as at the time this Act enters into force shall be deemed the Mediation Committee of Disputes on Electronic Documents and Electronic Transactions established under the amended provisions of Article 32.

Article 10 Omitted.

ADDENDA (Act nº 11688, Mar. 23, 2013)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 Omitted.

ADDENDA (Act nº 11690, Mar. 23, 2013)

Article 1 (Enforcement Date)

(1) This Act shall enter into force on the date of its promulgation.

(2) Omitted.

Articles 2 through 7 Omitted.

ADDENDA (Act nº 12781, Oct. 15, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 (Applicability)

The amended provisions of Article 36-2 shall apply beginning with the first case with respect to which an application for mediation of a dispute is filed after this Act enters into force.

ADDENDA (Act nº 12875, Dec. 30, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 (Transitional Measures concerning Disqualification of Incompetent Persons, etc.)

Notwithstanding the amended provisons of the subparagraph 1 (a) of Article 31-3, former provisons shall apply to the person who has already been declared as incompetent or quasi-incompetent by a court at the times when such amended provisons enter into force and for whom the effectiveness of the declaration of incompetence or quasi-competence is maintained in accordance with Article 2 of Addenda to the Civil Act partially amended by Act nº 10429.

ADDENDA (Act nº 13347, Jun. 22, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Applicability to Notification of Illegal Acts and Other Related Matters)

The amended provisions of Article 33-2 shall apply with the first dispute mediation for which an application is filed in accordance with Article 33 after this Act enters into force.

Article 3 (Transitional Measures concerning Transfer of Duties)

Any acts conducted by or toward the National Information Technology (IT) Industry Promotion Agency, duties regarding which are transferred to an exclusively responsible agency designated by the Ministry of Science, Information and Communications Technology (ICT) and Future Planning in accordance with the amended provisions of Article 22 (1), shall be deemed conducted by or toward the relevant exclusively responsible agency.

ADDENDUM (Act nº 13587, Dec. 22, 2015)

This Act shall enter into force on the date of its promulgation.

ADDENDUM (Act nº 13768, Jan. 19, 2016)

This Act shall enter into force on February 4, 2016.

ADDENDA (Act nº 14839, Jul. 26, 2017)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Provso Omitted.)

Articles 2 through 6 Omitted.

ADDENDUM (Act nº 14907, Oct. 24, 2017)

This Act shall enter into force six months after the date of its promulgation.

10Nov/21

Act nº 9705, May 22, 2009, Electronic Government

10 noviembre, 2021Act, Corea del Suradministrative agency, administrative digital signature, administrative information, central agency responsible for administrative affairs, Derecho Informática Corea del Sur, digitized document, electronic document, Electronic government, Information and communications network, information resources, information system, information technology architecture, Legislación Informática Corea del Sur, Legislation South Korea, public institution, supervision of information system, supervisorJosé Cuervo

Act nº 9705, May 22, 2009, Electronic Government (Amended by: Act nº 10012, Feb. 4, 2010, Act nº 10303, May 17, 2010, Act nº 10465, Mar. 29, 2011, Act nº 10580, Apr. 12, 2011, Act nº 11461, jun. 1, 2012, Act nº 11688, Mar. 23, 2013, Act nº 11690, Mar. 23, 2013, Act nº 11735, Apr. 5, 2013, Act nº 12346, Jan. 28, 2014, Act nº 12592, May 20, 2014, Act nº 12738, jun. 3, 2014, Act nº 13459, Aug. 11, 2015, Act nº 14474, Dec. 27, 2016, Act nº 14914, Oct. 24, 2017).

ELECTRONIC GOVERNMENT ACT

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)

The purpose of this Act is to facilitate the efficient realization of electronic government, enhance productivity, transparency and democracy in the public administration, and improve the quality of life of citizens by providing for fundamental principles, procedures, methods of promotion, and other relevant matters for the electronic processing of administrative affairs.

Article 2 (Definitions)

The terms used in this Act shall be defined as follows: (Amended by Act n º 11690, Mar. 23, 2013; Act nº 12346, Jan. 28, 2014; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. The term “electronic government” means a government that efficiently coordinates administrative affairs between administrative agencies and public institutions (hereinafter referred to as “administrative agencies, etc.“) or conducts administrative affairs for citizens by digitalizing administrative affairs of administrative agencies, etc. using information technology;

2. The term “administrative agency” means an agency responsible for the processing of administrative affairs of the National Assembly, the Judiciary, the Constitutional Court, or the National Election Commission; a central administrative agency (including agencies under the jurisdiction of the President or of the Prime Minister; hereinafter the same shall apply) and an affiliate thereof; a local government;

3. The term “public institution” means any of the following:

(a) A corporation, organization, or institution under Article 4 of the Act on the Management of Public Institutions;

(b) A local government-invested public corporation or local government public corporation under the Local Public Enterprises Act;

(d) Any level of school, established under the Elementary and Secondary Education Act, the Higher Education Act, or any other Act;

(e) Other corporations, organizations, or institutions specified by Presidential Decree;

4. The term “central agency responsible for administrative affairs” means the National Assembly Secretariat for affiliates of the National Assembly, the National Court Administration for affiliates of the Judiciary, the Department of Court Administration of the Constitutional Court for affiliates of the Constitutional Court, the National Election Commission Secretariat for affiliates of the National Election Commission, and the Ministry of the Interior and Safety for central administrative agencies, their affiliates, and local governments;

5. The term “electronic government service” means any administrative service rendered by administrative agencies, etc., to other administrative agencies, etc. and citizens, enterprises, etc., through access to electronic government;

6. The term “administrative information” means data prepared or acquired and managed by administrative agencies, etc. within the scope of their duties, which have been processed by means of digital technology to be expressed in code, characters, voice, sound, images, or any other mode;

7. The term “electronic document” means standardized information prepared and transmitted, received, or stored in digital format by devices capable of processing information, such as computers;

8. The term “digitized document” means a document converted from a hard-copy or any other non-electronic version to a format that can be processed on information systems;

9. The term “administrative digital signature” means information by which one can verify the identity of any of the following agencies that have prepared an electronic document or the person directly in charge of the relevant work in any of such agencies as well as any modification to the electronic document, which is specific to the electronic document:

(a) An administrative agency;

(b) An auxiliary agency or support agency of an administrative agency;

(d) An institution, corporation, or organization under Article 36 (2);

10. The term “information and communications network” means an information and communications system through which information is collected, processed, stored, searched, transmitted, or received by using telecommunications systems under subparagraph 2 of Article 2 of the Framework Act on Telecommunications or by utilizing telecommunications systems, computers, and computer technologies;

11. The term “information resources” means administrative information held by administrative agencies, etc.; information systems constructed so as to facilitate the collection, processing, and search of administrative information by electronic means; information technologies for the establishment of information systems; budgets and human resources for informatization and other related resources;

12. The term “information technology architecture” means a systematic framework formulated following the comprehensive analysis of the components of an entire organization, including the scope of its work, applications, data, technologies, and security, conducted based on specific guidelines and processes, and methodologies for optimizing the components through informatization, etc. based on such framework;

13. The term “information system” means a systematic network of devices and software for collecting, processing, storing, searching, transmitting, receiving, or using information;

14. The term “supervision of information system” means the comprehensive monitoring of matters regarding the construction, operation, etc., of the information system to resolve its problems from the third-person perspective by a person independent of the interests of the person awarding the contract for supervision and the person subject to supervision, with the aim of improving efficiency and ensuring safety of the information system;

15. The term “supervisor” means a person who meets the requirements specified in Article 60 (1) to perform supervision of an information system (hereinafter referred to as “supervisory duty”).

Article 3 (Duties of Administrative Agencies, etc. and Public Officials, etc.)

(1) The head of each administrative agency, etc. shall implement this Act and improve related systems with the aim of facilitating the realization of electronic government and improving the quality of life of citizens and shall actively cooperate in interlinking information and communications networks, sharing administrative information, etc.

(2) Public officials and employees of public institutions shall be capable of utilizing information technologies necessary for the electronic processing of their work and give priority to citizens’ convenience over the convenience of the relevant agencies in electronically processing their work.

Article 4 (Principles of Electronic Government)

(1) Each administrative agency, etc. shall consider, among other things, the following matters in materializing, operating, and developing electronic government, and take measures necessary therefor:

1. Digitizing public services and improving citizens’ convenience;

2. Innovating administrative affairs and improving their productivity and efficiency;

3. Ensuring the security and reliability of information systems;

4. Protecting personal information and privacy;

5. Expanding disclosure and sharing of administrative information;

6. Preventing duplicative investment and improving interoperability.

(2) Each administrative agency, etc. shall promote the realization, operation, and development of electronic government, based on an information technology architecture.

(3) Each administrative agency, etc. shall not require civil petitioners to submit matters that can be electronically verified through the sharing of administrative information between the agencies, etc.

(4) No personal information maintained and managed by administrative agencies, etc. shall be used against the wishes of the relevant person, unless otherwise provided for in other Acts or subordinate statutes.

Article 5 (Formulation of Master Plans for Electronic Government)

(1) The head of each central agency responsible for administrative affairs shall formulate a master plan for electronic government every five years combining the plans of each of administrative agencies, etc. referred to in Article 5-2 (1) to realize, operate, and develop electronic government.

(2) A master plan for electronic government under paragraph (1) (hereinafter referred to as “master plan for electronic government“) shall include the following matters:

1. Basic direction-setting for the realization and mid- and long-term development of electronic government;

2. Modification of related Acts and subordinate statutes and systems for the realization of electronic government;

3. Facilitation of the delivery and utilization of electronic government services;

4. Electronic administrative management;

5. Increased sharing and securement of safety of administrative information;

6. Adoption and utilization of information technology architecture;

7. Integration, sharing, and efficient management of information resources;

8. Standardization of electronic government, ensuring interoperability and expansion of services for sharing;

9. Promotion of electronic government projects and local informatization projects and the management of the outcomes thereof;

10. Re-design of work process for realization of electronic government;

11. International cooperation on electronic government;

12. Other matters necessary for the realization, operation, and development of electronic government, such as training of human resources for informatization.

(3) When the head of each related central administrative agency intends to formulate and implement an implementation plan for national informatization pursuant to Article 7 of the Framework Act on National Informatization, he/she shall take a master plan for electronic government into consideration.

(4) Matters necessary for the procedure, etc. for formulation of master plans for electronic government shall be prescribed by National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, and Presidential Decree.

(Article Amended by Act nº 12346, Jan. 28, 2014)

Article 5-2 (Formulation and Evaluation of Plan for Each Agency)

(1) The head of an administrative agency, etc. shall formulate a master plan for the realization, operation, and development of electronic government in a relevant agency (hereinafter referred to as “plan for each agency”) every five years and submit such plan to the head of the relevant central agency responsible for administrative affairs.

(2) The head of each administrative agency, etc. shall endeavor to secure financial resources necessary for the implementation of the plan for each agency.

(3) The head of each central agency responsible for administrative affairs may examine the current status of the plan for each administrative agency, etc. and the outcomes thereof.

(4) Matters necessary for the standards for formulation of the plan for each agency, procedures for the formulation and examination of the current status therof, etc. shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, and Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 5-3 (Electronic Government Day)

(1) In order to continuously accelerate the development of electronic government by, for example, informing the public about the excellence and convenience of electronic government and enhancing the national status of the Republic of Korea, June 24 shall be designated as the Electronic Government Day.

(2) The State may host events that meet the intent of the Electronic Government Day.

(Article Inserted by Act nº 14914, Oct. 24, 2017)

Article 6 (Relationship with other Acts)

Except as otherwise provided for in other Acts, this Act shall govern the realization, operation, and development of electronic government, such as digitization of public services and administrative management of administrative agencies, etc. and the sharing of administrative information.

CHAPTER II.- PROVISION AND UTILIZATION OF ELECTRONIC GOVERNMENT SERVICES

SECTION 1.- Electronic Processing of Civil Petitions

Article 7 (Application, etc. for Electronic Processing of Civil Petitions)

(1) The head of an administrative agency, etc. (including any person to whom administrative authority has been entrusted: hereafter the same shall apply in this Section) may allow citizens to file, report, or submit a civil application or petition (hereinafter referred to as “application, etc.”) in electronic form even where relevant Acts and subordinate statutes (including ordinances and municipal rules of a local government; hereinafter the same shall apply) require application, etc. for a civil petition, etc. subject to processing of the said agency in paper form, such as a written document, statement, or form.

(2) When the head of an administrative agency, etc. processes a civil petition, etc., he/she may give notice or notification (hereinafter referred to as “notice, etc.”) of the results of the processing in electronic form, if the petitioner wishes to receive such results in such manner or files an application, etc, for the civil petition, etc. in electronic form, even where relevant Acts and subordinate statutes require notice, etc. of the results of the processing in paper form, such as a written document, statement, or form.

(3) When filing an application, etc. or giving notice, etc. pursuant to paragraph (1) or (2), a digitized document may serve as a document to be attached to the electronic document.

(4) An application, etc. filed or notice, etc. provided in electronic form pursuant to paragraph (1) or (2) shall be deemed to have been filed or provided in compliance with the procedures provided for by relevant Acts and subordinate statutes.

(5) When the head of an administrative agency, etc. allows citizens to file an application, etc. or gives notice, etc. in electronic or digitized form pursuant to paragraphs (1) through (3), he/she shall publish the type of such application, etc. for or notice, etc. of the civil petition, etc. and the processing procedure therefor in advance via the Internet.

(6) Matters necessary for the utilization of digitized documents, verification of their authenticity, and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 8 (Electronic Verification, etc. of Required Documentation)

(1) The head of each administrative agency, etc. shall process relevant work after directly receiving an electronic document from an administrative agency, etc., if any document or certificate required to be attached or submitted by the civil petitioner is to be issued by the administrative agency, etc. in electronic form.

(2) A civil petition may be processed in accordance with paragraph (1) only where the civil petitioner pays the full fees prescribed by relevant Acts and subordinate statutes (including expenses incurred by an administrative agency, etc. in remitting fees to the issuing agency) to the administrative agency, etc. for the civil petition and required documents.

(3) If the head of an administrative agency, etc. can verify information about required documents by sharing administrative information pursuant to Article 36 (1), he/she may substitute such verification for the issuance of the documents. In such cases, the head of the administrative agency, etc. may waive or reduce fees for the relevant documents, subject to consultation with the heads of issuing agencies.

(4) Where the head of an administrative agency, etc. has processed required documents pursuant to paragraphs (1) through (3), such required documents are deemed processed in compliance with the procedures provided for by relevant Acts and subordinate statutes.

(5) When the head of each administrative agency, etc. intends to process required documents in a way specified in paragraphs (1) through (3), he/she shall publish the types and the scope of such required documents, related civil petitions, and other necessary matters in advance via the Internet.

(6) The procedure for processing work pursuant to paragraphs (1) through (5) and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 9 (Processing of Civil Petitions without Appearance)

(1) In order for civil petitioners to have their civil petitions, etc. processed without necessarily appearing in person at the relevant agency, the head of each administrative agency, etc. shall take measures, such as the improvement of relevant Acts and subordinate statutes and the establishment of facilities and systems as necessary.

(2) The head of an administrative agency, etc. may open and operate a window for electronic civil petitions on the Internet to implement a system for processing civil petitions without appearance pursuant to paragraph (1): Provided, That if a window has yet to be opened for electronic civil petitions, the head of the administrative agency, etc. may authorize an integrated electronic civil petition window under paragraph (3) to process electronic civil petitions, etc.

(3) The head of a central agency responsible for administrative affairs may provide support for administrative agencies, etc. to open and operate electronic civil petition windows and may open and operate an integrated electronic civil petition window by interlinking such windows.

(4) An application, etc. filed by a civil petitioner through an electronic civil petition window under paragraphs (2) and (3) is deemed an application, etc. filed in person with the competent agency responsible for the civil petition prescribed by relevant Acts and subordinate statutes.

(5) The head of an administrative agency, etc. may charge additional fees for processing civil petitions, etc. filed through an electronic civil petition window under paragraphs (2) and (3), apart from the fees prescribed by related Acts and subordinate statutes, if such fees are required by means prescribed in Article 14.

(6) The head of an administrative agency, etc. may waive or reduce fees for processing civil petitions, etc. submitted through an electronic civil petition window under paragraphs (2) and (3), notwithstanding the provisions of other Acts and subordinate statutes.

(7) Necessary matters concerning the opening and operation of an electronic civil petition window under paragraphs (1) through (4), processing fees under paragraph (5), and the scope of civil petitions, etc. subject to waiver or reduction of processing fees under paragraph (6), the rates of such waiver or reduction, and other related matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 9-2 (Provision of Daily Life Information through Integrated Electronic Civil Petition Window)

(1) The Minister of the Interior and Safety may provide civil petitioners with the services through which such daily life information as the their health examination dates, vaccination dates, renewal dates of drivers’ license, etc. can be perused (hereinafter referred to as “life information viewing services” in this Article). In such cases, the Minister of the Interior and Safety may interlink the integrated electronic civil petition window under Article 9 (3) with information systems of other central administrative agencies, etc. following consultation with the heads of other central administrative agencies, etc. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The types of daily life information viewing services provided under paragraph (1) shall be determined and publicly announced by the Minister of the Interior and Safety following consultation with the heads of related central administrative agencies, etc. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) In order to provide daily life information viewing services, the Minister of the Interior and Safety may request the heads of other central administrative agencies, etc. to provide data. In such cases, the related central administrative agencies, etc. upon receipt of such request for provision of data shall comply with such request, except in extenuating circumstances. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) The Minister of the Interior and Safety may provide daily life information viewing services only where the relevant civil petitioner agrees to do so. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 10 (Verification of Identities of Civil Petitioners, etc.)

Whenever it is necessary to verify the identity of a civil petitioner in processing a civil petition, etc., the head of an administrative agency, etc. may verify the identity with the petitioner’s officially authenticated digital signature under subparagraph 3 of Article 2 of the Digital Signature Act (hereinafter referred to as “authenticated digital signature“) or in ways prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 11 (Electronic Notice or Information)

(1) The head of an administrative agency, etc. may provide notice, etc. to a citizen by an electronic document, even where relevant Acts and subordinate statutes require to give such notice, etc. by a paper document, such as a written notice or information.

(2) Any notice, etc. given by an electronic document pursuant to paragraph (1) shall be deemed notice, etc. provided in compliance with the procedure provided for by relevant Acts and subordinate statutes.

(3) The head of each administrative agency, etc. shall, when he/she intends to provide notice, etc. by an electronic document pursuant to paragraph (1), publish the types of and procedure for giving such notice, etc. in advance via the Internet.

(4) Necessary matters concerning the provision of notice, etc. by an electronic document shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 12 (Electronic Provision of Administrative Information)

(1) The head of each administrative agency, etc. shall separately provide citizens with information related to civil petitions, such as Acts relevant to civil petitions and subordinate statutes thereof, manuals related to the processing of civil petitions, and the guidelines for processing civil petitions, and other administrative information specified by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree as administrative information related to citizens’ lives, by posting them on the Internet.

(2) The head of an administrative agency, etc. may separately provide citizens with information published in the Official Gazette, newspapers, bulletins, etc. by posting them on the Internet.

Article 12-2 (Designation of Public Services and Notification, etc. of Lists)

(1) The head of a central administrative agency, etc. shall designate the goods, services, etc. provided to those who fulfill prerequisites, such as the elderly, the disabled, and persons entitled to veterans benefits, as public services (hereinafter referred to as “public services”) in accordance with the Acts and subordinate statutes (including ordinances and regulations of local governments) under his/her jurisdiction, and shall notify the Minister of the Interior and Safety of such list. The same shall also apply to cases where a list of public services is modified. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) Matters necessary for the standards for designation of public services and notification, etc. of lists shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 12-3 (Construction, Operation, etc. of Registration System)

(1) The Minister of the Interior and Safety may construct and operate a system for the registration, management, and utilization of lists of public services (hereinafter referred to as “registration system“). In such cases, such system can be interlinked with information systems of other central administrative agencies, etc., and consultations thereon shall be held with the relevant agencies. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) For the construction, operation, etc. of a registration system, the Minister of the Interior and Safety may request the provision of data on resident registration, family registration, national taxes, local taxes, finance, real estate, national pension, health insurance, etc. held by other administrative agencies, etc. after obtaining prior consent from the relevant civil petitioner. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Article 42 (1) shall apply mutatis mutandis to prior consent set forth in paragraph (2).

(4) Where a civil petitioner’s individual consent to a request for provision of data under paragraph (2) is obtained, an application filed by a civil petitioner under Article 12-4 (1) shall be deemed a prior consent the Minister of the Interior and Safety is required to obtain from the civil petitioner under the same paragraph. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(5) Where necessary for the construction and operation of a registration system, the Minister of the Interior and Safety may advance pilot projects. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(6) Matters necessary for the construction and operation of a registration system shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 12-4 (Provision, etc. of Lists of Public Services)

(1) If any civil petitioner applies for the perusal of lists of public services, the head of a local government (referring to the Mayor of a Special Self-Governing City, the Governor of a Special Self-Governing Province, the head of a Si/Gun/Gu (referring to an autonomous Gu); hereafter the same shall apply in this Article) may provide the lists of public services required by the civil petitioner through a registration system.

(2) When a civil petitioner provided with the lists of public services under paragraph (1) files an application for the provision of any civil services, the head of a local government shall forward the relevant application to the head of the relevant central administrative agency, etc.

(3) Matters necessary for the provision of lists of public services, application for public services, transfer, etc. shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 13 (Bearing Expenses Incurred in Electronic Provision of Administrative Information)

(1) The head of an administrative agency, etc. may collect fees from a person, if any, who gains special benefits from administrative information provided via the Internet.

(2) Necessary matters concerning the criteria for collecting fees under paragraph (1), the procedures therefor, and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 14 (Electronic Payment of Taxes, etc.)

The head of an administrative agency, etc. may allow citizens to pay taxes, fees, administrative fines, penalty surcharges, penalties, fines, minor fines, etc. by means of electronic money, electronic payment, etc. through information and communications networks, even where other Acts and subordinate statutes require payment thereof by cash, revenue stamp, or other means.

Article 15 (Electronic Payment of Grants and Benefits)

When the head of an administrative agency, etc. pays specific grants and benefits to citizens pursuant to the provisions of any Act and subordinate statutes, he/she may pay such specific grants and benefits via information and communications networks.

SECTION 2.- Provision of Electronic Government Services and Promotion of Their Utilization

Article 16 (Development and Provision of Electronic Government Services)

(1) The head of each administrative agency, etc. shall develop and provide electronic government services for enhancing public welfare and convenience, ensuring people’s security, and facilitating business activities such as starting a business and establishing factories, and take measures to continuously supplement and improve such services.

(2) The head of each administrative agency, etc. shall ensure that users of its electronic government services have easy access to such services and utilize them in a safe and convenient manner and shall keep its electronic government services up-to-date.

(3) When the head of each administrative agency, etc. develops electronic government services, he/she shall take into account the demands and convenience of users of such services.

Article 17 (Increased User Involvement)

When the head of each administrative agency, etc. provides electronic government services, he/she shall guarantee opportunities for their users to participate in the relevant process and express various opinions by means, such as discussions, recommendations, and policy suggestions, and shall actively reflect such recommendations, policy suggestions, etc. in the process of amending relevant Acts and subordinate statutes and systems, improving the electronic government services, etc.

Article 18 (Introduction and Utilization of Ubiquitous Electronic Government Services)

(1) The head of each administrative agency, etc. shall deliver services for public administration, transportation, welfare, environment, disaster safety, etc. (hereafter referred to as “ubiquitous electronic government services” in this Article) that can be utilized by citizens, enterprises, etc. anywhere anytime, using advanced information and communications technologies, and shall formulate policies necessary therefor.

(2) The Minister of the Interior and Safety may pursue pilot projects, if necessary, to facilitate the introduction and utilization of ubiquitous electronic government services under paragraph (1). (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Necessary matters concerning the introduction and utilization of ubiquitous electronic government services under paragraph (1) and pilot projects under paragraph (2) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 19 (Measures for Broader Use of Electronic Government Services)

The head of each administrative agency, etc. shall take necessary measures to ensure that citizens do not have difficulty accessing or utilizing electronic government services due to their economic, regional, physical, or social conditions.

Article 20 (Operation of Electronic Government Portal)

(1) The State shall establish, manage, and facilitate the use of an Internet-based integrated information system (hereinafter referred to as “electronic government portal“) to efficiently deliver electronic government services.

(2) Matters necessary for the establishment, management, and facilitation of the use of the electronic government portal shall be prescribed by Presidential Decree.

Article 21 (Engagement and Use of Private Sector in Electronic Government Services)

(1) The head of an administrative agency, etc. may develop and provide a new service in combination with a service delivered by an individual, enterprise, organization, etc. by entering into a memorandum of understanding, etc. therewith, in order to facilitate the use of electronic government services.

(2) The head of an administrative agency, etc. may provide necessary assistance to individuals, enterprises, organizations, etc. to develop and provide new services using specific technologies or administrative information of a highly public nature delivered as part of electronic government services (excluding personal information as defined in subparagraph 1 of Article 2 of the Personal Information Protection Act). (Amended by Act nº 10465, Mar. 29, 2011)

(3) Necessary matters concerning the memorandum of understanding under paragraph (1) and the criteria, procedures, etc. for assistance under paragraph (2) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 22 (Investigation and Analysis of Actual Use of Electronic Government Services)

(1) The head of an administrative agency, etc. shall, at regular intervals, investigate, analyze, and manage the actual use, etc. of the electronic government services delivered by the agency, and prepare measures to improve such use.

(2) Detailed matters necessary for the investigation, analysis, and management of the actual use of electronic government services under paragraph (1) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 23 (Efficient Management of Electronic Government Services)

(1) Where electronic government services provided by administrative agencies, etc. are similar to, or overlap with, one another, or their operational value is considered not high, the head of a central agency responsible for administrative affairs may recommend the integration or scrapping thereof, or other measures to improve such services. (Amended by Act nº 11688, Mar. 23, 2013)

(2) Necessary matters concerning the criteria and procedures for the integration or scrapping, etc. of electronic government services under paragraph (1) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 24 (Security Measures for Electronic Public Services)

(1) The Minister of the Interior and Safety shall formulate security measures related to electronic public services through prior consultation with the Director of the National Intelligence Service. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The head of each central administrative agency, each affiliate thereof, and each local government shall formulate and implement security measures for his/her agency in accordance with the security measures provided for in paragraph (1).

CHAPTER III.- ELECTRONIC ADMINISTRATIVE MANAGEMENT

Article 25 (Preparation, etc. of Electronic Documents)

(1) Documents of each administrative agency, etc. shall be prepared, dispatched, received, stored, preserved, and utilized basically in electronic form: Provided, That the same shall not apply where the nature of specific work requires any other format, or under exceptional circumstances.

(2) Each administrative agency, etc. shall make the forms of documents sent or received by such agency appropriate for electronic documents.

(3) Necessary matters concerning the preparation, delivery, receipt, storage, preservation, and utilization of electronic documents of each administrative agency, etc., the method of preparing forms of electronic documents, and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 26 (Formation, Effects, etc. of Electronic Documents, etc.)

(1) An electronic document prepared by an administrative agency, etc. shall be duly formed when it is approved (referring to approval by electronic means specified by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree).

(2) An electronic document that has been approved by an ancillary agency or support agency of an administrative agency, etc. with power delegated by the administrative agency or vicariously for and on behalf of the administrative agency may be delivered with the administrative digital signature of the ancillary or support agency under Article 29.

(3) Any electronic document and digitized document under this Act shall have the same effect as a paper document, except as otherwise provided for in other Acts.

Article 27 (Transmission and Receipt of Electronic Documents)

(1) Any individual, corporation, or organization seeking to transmit to an administrative agency, etc. an electronic document that requires verification of the identity of the transmitter shall transmit such document with an authenticated digital signature or by electronic means recognized by other Acts and subordinate statutes as means that may be used for the verification of the identity of a person: Provided, That any public institution seeking to exchange electronic documents with an administrative agency shall use its administrative digital signature in transmitting and receiving such electronic documents.

(2) If clarification of the time of delivery or arrival of an electronic document is required, the electronic document shall be transmitted or received by electronic means specified by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree so that the time of delivery or arrival can be objectively verified.

Article 28 (Timing of Delivery or Arrival of Electronic Documents)

(1) An electronic document transmitted to an administrative agency, etc. shall be deemed delivered by the transmitter at the time the transmission of the electronic document is electronically recorded by using an information system.

(2) An electronic document transmitted by an administrative agency, etc. shall be deemed to arrive at the addressee at the time it is entered in the information system, etc. designated by the addressee: Provided, That if the information system, etc. is not designated, such electronic document is deemed to arrive at the addressee at the time it is entered in the information system, etc. under the control of the addressee.

(3) If a transmitter had delivered a document, etc. required to arrive by a specific deadline in electronic form by electronic means described in Article 27 (2) prior to the deadline, but the document did not arrive by the deadline due to failure of the information system or related device of the addressee, the deadline that applies only to the transmitter is deemed to fall on the day immediately following the date on which the failure is eliminated.

(4) If an electronic document that arrives at, and is received by, an administrative agency, etc. is illegible, the administrative agency, etc. shall regard it as a defective document and shall demand the transmitter correct the defect within a period reasonably prescribed as necessary for such correction, while if an electronic document delivered by an administrative agency, etc. that arrives at the addressee is illegible, such document shall not be deemed a document that duly arrives.

Article 29 (Authentication of Administrative Digital Signatures)

(1) Each electronic document prepared by an administrative agency shall bear an administrative digital signature: Provided, That any administrative agency may use an authenticated digital signature to efficiently operate electronic transactions under subparagraph 5 of Article 2 of the Framework Act on Electronic Documents and Transactions. (Amended by Act nº 11461, Jun. 1, 2012)

(2) The head of each central agency responsible for administrative affairs shall authenticate administrative digital signatures.

(3) In authenticating administrative digital signatures under paragraph (2), the head of each central agency responsible for administrative affairs shall prepare technical standards for administrative digital signatures in consultation with the Minister of the Interior and Safety to increase compatibility with authenticated digital signatures and shall also prepare measures to link administrative digital signatures with authenticated digital signatures. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) An administrative digital signature authenticated pursuant to paragraph (2) and applied to an electronic document shall be deemed the official seal or official authentication of the administrative agency or public institution indicated in the electronic document or the signature of the person in direct charge of relevant affairs in the relevant agency, and the content thereof shall be presumed not to have been modified after the administrative digital signature was applied thereto.

(5) Necessary matters concerning the authentication of administrative digital signatures shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 30 (Electronic Management of Administrative Knowledge)

The head of an administrative agency, etc. may establish and operate an electronic processing system for utilizing matters deemed considerably valuable as data that can be used to make decisions on important policies thereof, out of administrative information relevant to duties under his/her jurisdiction, personal experiences, practical knowledge and techniques produced and circulated within the agency.

Article 30-2 (Inter-Linkage and Integration of Electronic Systems)

(1) For improving administrative efficiency and the integrated and efficient provision of services to the public, the head of a central administrative agency, etc., may interlink or integrate the electronic systems under his/her jurisdiction with those of other central administrative agencies, etc.

(2) Necessary matters concerning the standards for inter-linkage and integration of electronic systems and the procedures, methods, etc. therefor, shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 30-3 (Construction and Utilization of Data-Sharing Hub)

(1) The Minister of the Interior and Safety may construct and operate a system for sharing data collected and managed through electronic systems (hereinafter referred to as “data-sharing hub“). (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The head of a central administrative agency, etc., may, through the data-sharing hub, jointly use the data collected and managed by the heads of other central administrative agencies, etc.

(3) Necessary matters concerning the scope of data and sharing procedures set forth in paragraphs (1) and (2) shall be prescribed by Presidential Decree. (Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 30-4 (Collection and Utilization of Disclosed Internet Data)

(1) For the formulation of policies, decision-making, etc., the head of an administrative agency, etc. may collect and utilize disclosed Internet data, other than the personal information defined in subparagraph 1 of Article 2 of the Personal Information Protection Act, through the data-sharing hub.

(2) Necessary matters concerning the scope of collection of open Internet data, procedures for utilization thereof, etc. under paragraph (1), shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 31 (Gathering Opinions through Information and Communications Networks)

(1) With regard to the enactment and amendment of an Act or a subordinate statute relevant to affairs under the control of an administrative agency, etc., the matters that require pre-announcement of administration pursuant to Article 46 (1) of the Administrative Procedures Act, and other matters that require holding of a public hearing, poll, or others pursuant to relevant Acts and subordinate statutes, the head of the responsible administrative agency, etc. shall proceed in tandem to gather opinions through information and communications networks.

(2) The head of each administrative agency, etc. shall allow a party or any interested party who has an opinion with regard to a disposition made by the agency to present his/her opinion through an information and communications network.

(3) The head of each administrative agency, etc. shall readjust relevant Acts and subordinate statutes and take other measures in order to facilitate the gathering and presentation of opinions under paragraphs (1) and (2).

(4) The head of each administrative agency, etc. shall, when he/she conducts any statistical survey subject to citizens, a survey on citizens’ satisfaction with the processing of civil petitions, or any similar survey, actively take measures to utilize information and communications networks.

Article 32 (Electronic Performance of Work, etc.)

(1) The head of an administrative agency, etc. may adopt an online video conferencing method using information and communications networks in conducting administrative affairs. In such cases, the head of an administrative agency, etc. shall endeavor to preferentially utilize such online video conferencing when conducting business between distant locations. (Amended by Act nº 12346, Jan. 28, 2014)

(2) The head of a central agency responsible for administrative affairs may provide necessary assistance for the adoption, utilization, etc. of online video conferencing under paragraph (1). (Inserted by Act nº 12346, Jan. 28, 2014)

(3) The head of an administrative agency, etc. may, whenever necessary, allow his/her employees to conduct some form of remote work through information and communications networks without necessarily designating a specific place of service. In such cases, the head of an administrative agency, etc. shall formulate measures to prevent illegal access to information and communications networks and other security measures. (Amended by Act nº 12346, Jan. 28, 2014)

(4) The head of an administrative agency, etc. may provide online remote educational and training programs for his/her employees through information and communications networks. (Amended by Act nº 12346, Jan. 28, 2014)

(5) Matters necessary to facilitate the performance of remote work under paragraphs (1) through (4) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree. (Amended by Act nº 12346, Jan. 28, 2014)

Article 33 (Reduction of Paper Documents)

(1) The head of each administrative agency, etc. shall minimize the formulation, receipt, circulation, and storage of paper documents by digitalizing administrative affairs and civil petitions, sharing administrative information with other agencies, or by other means, and shall formulate plans to continuously reduce paper documents in the relevant agency.

(2) The head of each administrative agency, etc. shall revise its methods of working, etc. in the relevant agency in a manner that minimizes unnecessary printing of paper documents in the process of formulating and reporting documents.

(3) With the aim of reducing paper documents, the head of each administrative agency, etc. shall amend or supplement Acts and subordinate statutes, directives, etc. that stipulate application, reports, submission, notice, or notification in paper form to allow such application, etc. by electronic means as well, except under exceptional circumstances.

(4) The head of a central agency responsible for administrative affairs may, if necessary, formulate and implement directives to reduce paper documents or investigate the actual use, etc. of paper documents.

Article 34 (Identities of Persons in Charge and their Rights of Access)

The head of each administrative agency, etc. shall manage and check the identity, rights of access, etc. of a person in charge of relevant work, seeking to access an information system or to use administrative information for electronically processing civil petitions or conducting relevant affairs, in a manner prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 35 (Prohibited Acts)

No person shall commit any of the following acts when handling or utilizing administrative information: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. Forging, altering, damaging, or deleting administrative information for the purpose of interfering with affairs related to the processing of such information;

2. Forging, altering, damaging, or using an information system for the sharing of administrative information without good cause;

3. Disclosing or disseminating, to the public, any method or program by which administrative information can be altered or deleted;

4. Divulging administrative information, the disclosure of which is prohibited, without good cause;

5. Processing administrative information without due authority or beyond the authority accorded;

6. Aiding or abetting another person, without due authority, to use administrative information;

7. An agency having obtained the approval for sharing administrative information from the Minister of the Interior and Safety pursuant to Article 39 (2), but sharing administrative information in a manner that has not been approved or storing administrative information in an information system or storage device that has not been approved;

8. Receiving administrative information from an administrative agency, etc. or accessing administrative information by fraud or other improper means.

CHAPTER IV.- SHARING ADMINISTRATIVE INFORMATION

Article 36 (Efficient Management and Use of Administrative Information)

(1) The head of each administrative agency, etc. shall share administrative information collected and held by such agency with other administrative agencies, etc. that need such information and shall not endeavor to separately gather identical information where he/she can be provided with reliable administrative information from other administrative agencies, etc.

(2) The head of each administrative agency, etc. collecting and possessing administrative information (hereinafter referred to as “agency in possession of administrative information“) may allow other administrative agencies, etc., banks authorized to engage in banking business pursuant to Article 8 (1) of the Banking Act, and legal entities, organizations, or institutions specified by Presidential Decree to share administrative information held by the agency in possession of such administrative information. (Amended by Act nº 10303, May 17, 2010)

(3) The Minister of the Interior and Safety may publicly announce the detailed examination of the lists of administrative information held by administrative agencies, etc. and the outcomes thereof through information systems and conduct research on demand for the administrative information that administrative agencies, etc. need to share with each other. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12346, Jan. 28, 2014; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) The head of each central agency responsible for administrative affairs shall promote the readjustment of relevant Acts, subordinate statutes, and systems in order to ensure the effective management of administrative information, such as production, processing, utilization, provision, storing, scrapping, etc. of administrative information.

(5) The Minister of the Interior and Safety may establish and publish guidelines for the criteria, procedures, etc. for sharing administrative information, in consultation with the heads of other central agencies responsible for administrative affairs. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(6) Necessary matters concerning the methods, etc. for examination of lists of administrative information under paragraph (3) shall be prescribed by Presidential Decree. (Inserted by Act nº 12346, Jan. 28, 2014)

Article 37 (Administrative Information-Sharing Center)

(1) In order to ensure the effective sharing of administrative information, the Minister of the Interior and Safety may establish an Administrative Information-Sharing Center (hereinafter referred to as the “Sharing Center“) under his/her jurisdiction to implement policies necessary to share administrative information, as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) Any agency sharing administrative information pursuant to Article 36 (2) shall share such information through the Sharing Center unless good cause exists.

Article 38 (Administrative Information Subject to Sharing)

(1) Administrative information that can be shared through the Sharing Center pursuant to Articles 36 and 37 shall be as follows:

1. Administrative information necessary to process civil petitions, etc.;

2. Administrative information that can be used as reference to carry out administrative affairs, such as statistical information, bibliographic information, and policy information;

3. Administrative information deemed essential by an administrative agency, etc. to carry out its official duties prescribed by any Act and subordinate statutes, etc.

(2) Administrative information related to national security of the State, administrative information classified as confidential under any Act or subordinate statute, or any similar administrative information may be excluded from information subject to sharing.

(3) Each agency in possession of administrative information shall ensure that it provides the most up-to-date and accurate administrative information for sharing.

(4) Administrative information shall be shared to the extent necessary for satisfying the specific purpose of its use.

(5) The type, scope, category, etc. of information subject to sharing in the scope of administrative information under paragraph (1) shall be prescribed by Presidential Decree.

Article 39 (Applications for Sharing Administrative Information and Approvals thereof)

(1) Any agency intending to use administrative information through the Sharing Center pursuant to Article 37 (2) shall apply for the sharing of administrative information to the Minister of the Interior and Safety by specifying the administrative information to be subject to sharing and the scope thereof, the purpose and method of sharing, the agency in possession of such administrative information, etc., as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) Upon receipt of an application for the sharing of administrative information under paragraph (1), the Minister of the Interior and Safety may approve such application by specifying conditions for sharing, etc. as prescribed by Presidential Decree: Provided, That he/she shall not approve an application for sharing in any of the following cases: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. Where the administrative information, the sharing of which has been applied for, is defined as confidential or non-disclosable by any other Act or an order delegated by such other Act (limited only to the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, the Board of Audit and Inspection Regulations, Presidential Decrees, ordinances of the Prime Minister, Ministerial ordinances, and municipal ordinances and rules);

2. Where the administrative information, the sharing of which has been applied for, is related to the guarantee of national security or the national defense, unification of the two Koreas, diplomatic relations, etc. and deemed likely to significantly harm the material national interest if it is so shared;

3. Where the administrative information, the sharing of which has been applied for, is deemed as unnecessary for the performance of inherent duties of the agency that has applied for the sharing (hereinafter referred to as “applicant agency“);

4. Other cases deemed likely to defeat the purpose of sharing administrative information under this Act or the security and reliability of administrative information prescribed by Presidential Decree.

(3) The Minister of the Interior and Safety shall, prior to the grant of the approval pursuant to paragraph (2), obtain the consent of the head of the agency holding relevant administrative information, and in such cases, the head of the agency holding relevant administrative information shall cooperate in sharing administrative information, except under exceptional circumstances. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) Where administrative information that an applicant agency intends to share is a personal information file described in Article 32 of the Personal Information Protection Act, the Minister of the Interior and Safety shall grant the approval therefor pursuant to paragraph (2) after deliberation and resolution by the Personal Information Protection Committee referred to in Article 7 of the said Act: Provided, That this shall not apply where otherwise provided for in any other Act. (Amended by Act. nº 10465, Mar. 29, 2011; Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(5) The Minister of the Interior and Safety may approve the sharing of administrative information by simplifying or skipping the procedures described in paragraphs (1) through (4), in either of the following cases: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 13459, Aug. 11, 2015; Act nº 14839, Jul. 26, 2017)

1. Where, with regard to an administrative affair, the sharing of which has already been approved, a simple change in its name, department in charge, etc. is to be made due to enactment or amendment of an Act or subordinate statutes;

2. Where sharing administrative information is required to process civil petitions listed in the standards for performing clerical services for civil petitions referred to in Article 36 (1) of the Civil Petitions Treatment Act.

(6) Where an administrative affair subject to sharing is an affair common to several administrative agencies, etc. as prescribed by Acts and subordinate statutes, the Minister of the Interior and Safety may approve the sharing of such administrative affair among all the agencies handling such affair, even though no separate application therefor is filed by individual agencies. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(7) Each agency that has obtained approval pursuant to paragraph (2) shall designate any of the following persons to operate the relevant business as prescribed by Presidential Decree:

1. A person with the right to engage in overall management of matters related to the sharing in the relevant agency;

2. A person with the right to grant authority to access administrative information to responsible persons in the relevant agency;

3. A person with the right to access relevant work and administrative information processed by such sharing.

Article 40 (Constructive Review, Approval and Consultations)

(1) Where an applicant agency has obtained approval for sharing pursuant to Article 39 (2) with regard to administrative information set forth in the main sentences of the provisions referred to in each of the following subparagraphs, it shall be deemed capable of providing such administrative information to the applicant agency pursuant to the provisos to the corresponding provisions: (Amended by Act nº 12346, Jan. 28, 2014; Act nº 14474, Dec. 27, 2016)

1. Article 81-13 (1) of the Framework Act on National Taxes;

2. Article 116 (1) of the Customs Act;

3. Article 86 (1) of the Framework Act on Local Taxes.

(2) Where an applicant agency has obtained approval to share administrative information pursuant to Article 39 (2) and such administrative information contains any of the following, the following review, approval, consultations, etc. corresponding thereto shall be deemed done, obtained, or provided for such administrative information: (Amended by Act. nº 10580, Apr. 12, 2011; Act nº 12592, May 20, 2014; Act nº 12738, Jun. 3, 2014)

1. Review, approval, or consultation with regard to the use or utilization of computerized registration data as prescribed in Article 109 (2) of the Registration of Real Estate Act;

2. Review, approval, or consultation with regard to the use or utilization of computerized data on registration as prescribed in Article 13 (1) of the Act on the Registration, etc. of Family Relationships;

3. Review or approval with regard to the use or utilization of computer processing information data on resident registration as prescribed in Article 30 of the Resident Registration Act;

4. Review or approval with regard to the use or utilization of cadastral computerized data as prescribed in Article 76 of the Act on the Establishment, Management, etc. of Spatial Data;

5. Review or approval with regard to the use of computerized data as prescribed in Article 69 (2) of the Motor Vehicle Management Act;

6. Review or approval with regard to the use of computerized data as prescribed in Article 32 of the Building Act;

7. Review, approval or consultation with regard to the use or utilization of computerized registration data as prescribed in Article 21 (2) of the Commercial Registration Act.

Article 41 (Withdrawal or Suspension of Approval for Sharing Administrative Information)

(1) Where an agency using administrative information after obtaining the approval for sharing pursuant to Article 39 (2) (hereinafter referred to as “user agency“) or an employee belonging to such agency falls under any of the following, the Minister of the Interior and Safety may withdraw the approval granted to the relevant user agency: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. Where the agency or employee violates the conditions for sharing determined pursuant to Article 39 (2);

2. Where an event corresponding to any of the subparagraphs of Article 39 (2) arises after the agency files an application for sharing;

3. Where the agency or employee commits a prohibited act under Article 35 or violates the duty to comply under Article 74;

4. Other cases similar to subparagraphs 1 through 3 where there is any unavoidable reason to justify prohibiting the sharing of administrative information, as prescribed by Presidential Decree.

(2) Where it is deemed that a reason falling under any of the subparagraphs of paragraph (1) arises temporarily, the Minister of the Interior and Safety may temporarily suspend the relevant user agency’s sharing of administrative information until the cause for the event is settled, notwithstanding paragraph (1). (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Where any user agency sharing administrative information or any employee belonging to such agency falls under any of the subparagraphs of paragraph (1), an agency in possession of such administrative information may request the Minister of the Interior and Safety to withdraw the approval granted to the relevant agency for the sharing of administrative information under its jurisdiction or to temporarily suspend the relevant user agency’s sharing of such information. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) Where the Minister of the Interior and Safety withdraws the approval for the sharing of administrative information under paragraph (1) or suspends such sharing under paragraph (2), he/she shall notify the relevant user agency and the agency in possession of such administrative information of the detailed grounds therefor. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(5) Matters necessary for the withdrawal or suspension of sharing administrative information, and other relevant matters shall be prescribed by Presidential Decree.

Article 42 (Prior Consent of Owners of Information)

(1) When any user agency shares administrative information containing personal information through the Sharing Center, it shall obtain the prior consent of the owner of the said information as defined in subparagraph 3 of Article 2 of the Personal Information Protection Act (hereinafter referred to as “owner of information“) so that he/she is aware of the following matters. In such cases, the consent under Article 18 (2) 1, subparagraph 1 of Article 19 or Article 24 (1) 1 shall be deemed obtained. (Amended by Act. nº 10465, Mar. 29, 2011; Act nº 12346, Jan. 28, 2014)

1. The purpose of sharing the information;

2. The administrative information subject to sharing and the scope of sharing;

3. The name of the user agency sharing the information.

(2) Notwithstanding paragraph (1), where it is impossible for a user agency to obtain prior consent from the owner of information or it is deemed improper to obtain such prior consent in any of the following cases, the user agency shall make the matters listed in the subparagraphs of paragraph (1) known to the said owner of information after the relevant administrative information is shared, as prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree: Provided, That where a user agency shares administrative information for a criminal investigation in the case of subparagraph 3, it shall make those listed in the subparagraphs of paragraph (1) known to the owner of information on or after the date public prosecution is initiated or a disposition not to arrest or initiate public prosecution (except for a decision to suspend indictment) is made with regard to the relevant case:

1. Where sharing the relevant information is urgently required to protect the life or body of the owner of information;

2. Where sharing the relevant information is unavoidable to impose a duty on the owner of information or revoke or withdraw any right or interest of the owner of information pursuant to any Act or subordinate statute;

3. Where sharing the relevant information is unavoidable to perform affairs related to sanctions on the owner of information who has violated any Act or subordinate statute, such as investigation or punishment of the owner of information;

4. Other cases deemed considerably improper to obtain the consent of the owner of information in performing affairs stipulated by an Act or subordinate statute, in consideration of the nature of the relevant affairs or information, as prescribed by Presidential Decree.

(3) The Minister of the Interior and Safety shall disclose the detailed scope of affairs and administrative information that can be shared without the prior consent of the owner of information pursuant to paragraph (2), as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

Article 43 (Rights of Owners of Information to Request Access)

(1) Any owner of information may apply to the Minister of the Interior and Safety or the head of the relevant user agency for access to the following matters with regard to the administrative information about him/herself, among the information shared through the Sharing Center: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. The user agency;

2. The purpose of sharing the information;

3. The type of the information shared;

4. The time of sharing the information;

5. Legal grounds for sharing the administrative information.

(2) Upon receipt of an application filed by an owner of information under paragraph (1), the Minister of the Interior and Safety and the head of each user agency shall notify the owner of information about the matters listed in the subparagraphs of paragraph (1) within ten days from the date of filing an application, unless any good reason exists. In such cases, if there is any good reason making it impossible to give notice within ten days, he/she shall notify without delay when the relevant reason ceases to exist. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Where a user agency shares administrative information for a criminal investigation in cases under paragraph (2), it shall notify the owner of information thereof within 30 days of the date public prosecution is initiated or a disposition not to arrest or initiate public prosecution (except for a decision to suspend indictment) is made with regard to the relevant case.

(4) If a user agency fails to give notice under paragraph (2), the owner of information may directly apply to the Minister of the Interior and Safety for access to the matters listed in the subparagraphs of paragraph (1) related to him/herself, among the information shared by the user agency. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(5) Matters necessary for the procedures for the access, etc. under paragraphs (1) through (4) shall be prescribed by Presidential Decree.

(6) The Minister of the Interior and Safety shall keep, manage, and disclose records related to the administrative information shared through the Sharing Center, such as its title and frequency of sharing, as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

Article 44 (Charges for Sharing Administrative Information)

(1) Any agency that provides administrative information through the Sharing Center may charge fees therefor, to the agency that uses the information.

(2) Necessary matters concerning the subject matters and scope of the charges for providing administrative information and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

CHAPTER V.- STRENGTHENING OPERATIONAL BASIS FOR ELECTRONIC GOVERNMENT

SECTION 1.- Introduction and Utilization of Information Technology Architecture

Article 45 (Formulation, etc. of Master Plan for Information Technology Architecture)

(1) The Minister of the Interior and Safety shall formulate a master plan to introduce and disseminate an information technology architecture (hereinafter referred to as the “Master Plan“) in a systematic manner in consultation with the heads of related administrative agencies, etc. (Amended by Act nº 11688, Mar. 23, 2013; Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The Minister of the Interior and Safety shall formulate a pan-Governmental information technology architecture in compliance with the Master Plan. (Amended by Act nº 11688, Mar. 23, 2013; Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) The Minister of the Interior and Safety shall establish and publish guidelines for the introduction and operation of an information technology architecture as well as the construction and operation of an information system, and the head of each administrative agency, etc. shall comply with such guidelines. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) The Minister of the Interior and Safety shall formulate policies for interlinking an information technology architecture with related systems, such as budgets and performance, and for developing them in consultation with the heads of related central administrative agencies, and the head of each administrative agency, etc. shall endeavor to reflect such policies in any work under his/her jurisdiction, except under exceptional circumstances. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

Article 46 (Introduction and Operation of Information Technology Architecture for each Agency)

(1) The head of each administrative agency, etc. prescribed by Presidential Decree (hereinafter referred to as “agency to introduce an architecture“) shall formulate a plan for the introduction of an information technology architecture and submit such plan to the Minister of the Interior and Safety, as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The head of each agency to introduce an architecture shall introduce and operate the information technology architecture in accordance with the plan under paragraph (1) and maintain and develop the architecture, to ensure the efficient work processing and facilitation of informatization in the relevant agency.

Article 47 (Facilitating Introduction and Operation of Information Technology Architecture)

(1) In order to facilitate the introduction and operation of an information technology architecture, the Minister of the Interior and Safety may develop and disseminate a reference model for an information technology architecture jointly usable by administrative agencies, etc. (referring to a model for securing consistency, compatibility, etc. by defining the components of an information technology architecture in line with the standardized classification system and format; hereinafter the same shall apply). (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) The Minister of the Interior and Safety may provide administrative agencies, etc. seeking to introduce and operate an information technology architecture, with technology relating to the introduction and operation of such architecture, education and training, and other necessary assistance, as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) In order to make information relating to an information technology architecture available to every administrative agency, etc., the Minister of the Interior and Safety shall establish and operate a system for managing and providing information relating to the reference model, pan-Governmental information technology architecture, the current status of implementation and operation of the information technology architecture for each agency, and other relevant matters. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) The Minister of the Interior and Safety may recommend that the private sector in close relationship with an administrative agency, etc., which establishes or operates an information system in connection with the information system of administrative agency, etc., implement and operate an information technology architecture. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

Article 48 (Re-Design of Work Processes Compatible with Information and Communications Technologies)

(1) When the head of each administrative agency, etc. introduces information and communications technologies to any work under his/her jurisdiction, he/she shall re-design its pre-existing organization, placement of manpower, work processes, etc. in a manner compatible with the implementation of the information and communications technologies, and shall implement such re-design.

(2) If the scope of work process re-designed pursuant to paragraph (1) involves work of two or more administrative agencies, etc., the head of a relevant administrative agency, etc. may request the heads of related administrative agencies, etc. to cooperate in such re-design, and the heads of related administrative agencies, etc. so requested shall comply with such request, except under exceptional circumstances.

(3) The head of each administrative agency, etc. shall, if necessary, readjust Acts, subordinate statutes, and systems relevant to work under his/her jurisdiction in accordance with the re-design of work processes under paragraphs (1) and (2) and may request improvement of Acts, subordinate statutes, and systems under jurisdiction of other administrative agencies, etc.

SECTION 2.- Laying Groundwork for Efficient Management of Information Resources

Article 49 (Technical Evaluations for Securing Interoperability, etc.)

(1) When the head of an administrative agency, etc. intends to undertake a project to build an information system, the characteristics and the project size of which meet the criteria prescribed by Presidential Decree, he/she shall conduct technical evaluations of each of the following in accordance with the guidelines under Article 45 (3) before confirming the project plan:

1. Interoperability of the information system;

2. Information sharing;

3. Efficiency of the information system;

4. Technical convenience of access to information;

5. Technical suitability of establishment and operation of the information system.

(2) The head of an administrative agency, etc. may, if necessary, allow an agency meeting the qualifications prescribed by Presidential Decree to conduct technical evaluations under paragraph (1) before formulating the project plan.

Article 50 (Standardization)

The head of each central agency responsible for administrative affairs may take necessary measures for the standardization of official electronic documents, administrative codes, and computers and other devices commonly used by administrative agencies, etc., as prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 51 (Designation and Utilization of Services for Sharing)

(1) The head of a central agency responsible for administrative affairs may designate, modify, or revoke standardized information resources that can be utilized by multiple administrative agencies, etc. or the private sector (hereinafter referred to as “services for sharing“), among the information resources held by administrative agencies, etc., in consultation with the heads of related administrative agencies, etc. and may find and select outstanding information resources among them and distribute such resources to other administrative agencies, etc.

(2) The head of a central agency responsible for administrative affairs may build and operate a system to manage services for sharing to facilitate the efficient distribution and utilization of such services.

(3) The head of each administrative agency, etc. shall prioritize utilizing the services for sharing designated under paragraph (1) in building its information system, and register services that can be utilized by other administrative agencies, etc. or the private sector, among the services developed by the agency, with the system to manage services for sharing under paragraph (2) and continue to manage them.

(4) Any agency developing and distributing outstanding information resources may charge fees therefor to the agency that uses the information resources.

(5) The head of each central agency responsible for administrative affairs shall formulate policies for distributing and disseminating services for sharing.

(6) Detailed matters concerning the provisions of paragraphs (1) through (5) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 52 (Establishment of Information and Communications Networks)

(1) The head of each central agency responsible for administrative affairs shall formulate a plan for the establishment and operation of an information and communications network through which administrative agencies, etc. are integrated and interlinked, in consultation with the Minister of the Interior and Safety. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) When the head of an administrative agency, etc. intends to establish and operate an information and communications network, he/she shall design and operate such network in a manner that can be linked to the information and communications networks of other administrative agencies, etc. to ensure the efficient operation of the networks and the smooth flow of various kinds of administrative information.

(3) The Minister of the Interior and Safety shall establish and implement a system for the use of information and communications services, necessary to enable administrative agencies, etc. to use information and communication networks at a minimum cost. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

Article 53 (Formulation, etc. of Plans for Fostering Experts on Informatization)

(1) The head of a central agency responsible for administrative affairs may formulate and promote plans for fostering experts on informatization, developing experts on informatization, qualification systems, etc. with the aim of enhancing informatization capability of public officials and facilitating the efficient management of information resources.

(2) The head of each central administrative agency and the head of each local government shall formulate and implement its own action plan in accordance with the plans for fostering experts on informatization referred to in paragraph (1).

(3) Necessary matters concerning the development of experts on informatization, etc. other than those provided for in paragraphs (1) and (2) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 54 (Integrated Management of Information Resources)

(1) The head of each administrative agency, etc. shall systematically prepare and manage the current status of the information resources possessed by the relevant agency and statistical data thereon (hereinafter referred to as “current status of information resources, etc.”).

(2) The Minister of the Interior and Safety may survey the demand for informatization in order to facilitate the sharing of information resources between administrative agencies, etc. and their efficient management, and may establish integrated standards, principles, etc. for information resources (hereinafter referred to as “standards for integrating information resources“) for the comprehensive integration and management of information resources. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12346, Jan. 28, 2014; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for the preparation and management of the current status of information resources, etc., matters to be included in the standards for integrating information resources, and other relevant matters shall be prescribed by Presidential Decree.

Article 55 (Establishment and Operation of Local Information Integration Centers)

(1) A local government may establish and operate a Local Information Integration Center to efficiently manage information resources and promote informatization at the local level on an integrated basis and may, if necessary, establish and operate the Local Information Integration Center together with the State or any other local government or governments.

(2) The State may provide administrative, financial, technical, and other necessary assistance in establishing and operating the Local Information Integration Centers referred to in paragraph (1).

(3) The head of a local government intending to establish a Local Information Integration Center shall have prior consultation with the Minister of the Interior and Safety to prevent duplicative investment, etc, pursuant to Article 67 (1). (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(4) Matters necessary for the establishment and operation of the Local Information Integration Centers, other than those provided for in paragraphs (1) through (3), shall be prescribed by Presidential Decree.

SECTION 3.- Improving Safety and Reliability of Information Systems

Article 56 (Formulation and Implementation of Security Measures for Information and Communications Networks)

(1) The National Assembly, the Judiciary, the Constitutional Court, the National Election Commission, and the Executive Branch shall prepare security measures for ensuring the safety and reliability of information and communications networks, administrative information, etc. necessary for the realization of electronic government.

(2) The head of each administrative agency shall formulate and implement security measures for information and communications networks, administrative information, etc. under his/her jurisdiction in conformity with the security measures under paragraph (1).

(3) The head of each administrative agency shall take security measures, the safety of which has been confirmed by the Director of the National Intelligence Service, to prevent electronic documents from being forged, altered, damaged, or leaked in the course of preserving and circulating electronic documents through an information and communications network, and the Director of the National Intelligence Service may conduct an inspection to ensure such measures have been taken.

(4) Paragraph (3) shall be applicable to an agency responsible for processing administrative affairs of the National Assembly, the Judiciary, the Constitutional Court, or the National Election Commission, only if the head of the agency deems it necessary to take such measures: Provided, That the head of the agency shall, when he/she deems it unnecessary, take security measures similar to those provided for in paragraph (3).

Article 56-2 (Prevention of, Responses to, etc. System Failures)

(1) The head of each administrative agency shall formulate measures for preventing and responding to system failures for the stable operation and management of the information systems belonging to the relevant agency and the agencies under its jurisdiction.

(2) Matters necessary for the prevention of and response to system failures under paragraph (1), shall be prescribed by National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, and Presidential Decree.

(Article Inserted by Act nº 12346, Jan. 28, 2014)

Article 57 (Supervision of Information Systems in Administrative Agencies, etc.)

(1) The head of each administrative agency, etc. shall request a supervisory corporation under Article 58 (1) to supervise its information system, the characteristics and the project size of which meet the criteria prescribed by Presidential Decree: Provided, That the same shall not apply to electronic government projects prescribed by Presidential Decree the management of which is entrusted under Article 64-2. (Amended by Act nº 12346, Jan. 28, 2014)

(2) The head of each administrative agency, etc. shall, with regard to a project subject to supervision, allow his/her employees and the business operator constructing the relevant information system to provide necessary assistance to supervisors in performing their duties, and shall not intervene in, nor interfere with, their work without good cause.

(3) The head of each administrative agency, etc. shall, with regard to a project subject to supervision under paragraph (1), allow the business operator constructing the relevant information system to reflect the results of the supervision in the project.

(4) Notwithstanding paragraph (1), the head of an agency dealing with information prescribed by Presidential Decree, such as information for guaranteeing national security, may allow an institution determined by the head of the agency to supervise its information system.

(5) The Minister of the Interior and Safety shall determine and publicly announce standards necessary for carrying out supervision of information systems, such as the scope of supervision, procedures for supervision, matters to be observed, etc. (hereinafter referred to as “supervision standards“): Provided, That for matters relating to the security of information systems, he/she shall consult in advance with the heads of relevant agencies. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(6) A corporation or institution carrying out supervision pursuant to paragraphs (1) and (4) shall verify whether the relevant information system is being developed and constructed appropriately, in compliance with the supervision standards.

(7) The scope of duty of a corporation or institution carrying out supervision pursuant to paragraph (6), procedures for supervision, and other necessary matters shall be prescribed by Presidential Decree.

Article 58 (Registration of Supervisory Corporations)

(1) Any person intending to carry out supervision of an information system shall register him/herself with the Minister of the Interior and Safety as a corporation after meeting requirements prescribed by Presidential Decree, such as technical and financial capability and other matters necessary for supervision of an information system. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(2) When a corporation registered under paragraph (1) (hereinafter referred to as “supervisory corporation“) intends to modify any registered matters, he/she shall report such modification to the Minister of the Interior and Safety in advance: Provided, That this shall not apply to modification of any insignificant matters prescribed by Presidential Decree, such as modification of equity capital within the extent of registration requirements. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for the registration of supervisory corporations, modification of registered matters, and other relevant matters shall be prescribed by Presidential Decree.

Article 59 (Matters to be Observed by Supervisory Corporations)

(1) Each supervisory corporation shall require supervisors under Article 60 (1) to perform supervisory duties.

(2) No supervisory corporation shall prepare a false report on supervision, and it shall carry out supervision of information systems in good faith.

(3) No supervisory corporation shall allow another person to carry out supervision of information systems using its own name.

Article 60 (Supervisors)

(1) Any person intending to work as a supervisor shall meet specific requirements for qualification prescribed by Presidential Decree, such as technical requirements for each grade, and shall receive education necessary for performing supervisory duties, as prescribed by Presidential Decree.

(2) The Minister of the Interior and Safety shall issue supervisor’s certificates to persons satisfying the requirements for qualification under paragraph (1) and manage those certificates, as prescribed by Presidential Decree. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) No supervisor shall allow another person to perform supervisory duties using his/her own name, or lend his/her supervisor’s certificate to another person.

Article 61 (Disqualification of Supervisory Corporations, etc.)

(1) No corporation with either of the following persons serving as its executive officer shall be registered as a supervisory corporation under Article 58 (1): (Amended by Act nº 12346, Jan. 28, 2014)

1. An incompetent under the adult guardianship or a quasi-incompetent under the limited guardianship;

2. An executive officer of a supervisory corporation of which registration has been revoked pursuant to Article 62, for whom two years have not elapsed from the date the registration was revoked (referring to a person who has committed an act constituting a cause for such revocation and its representative).

(2) No person corresponding to paragraph (1) 1 shall become a supervisor under Article 60.

(3) Matters necessary to confirm grounds for disqualification of supervisory corporations, etc. shall be prescribed by Presidential Decree.

Article 62 (Revocation of Registration of Supervisory Corporations, etc.)

(1) When any supervisory corporation falls under any of the following subparagraphs, the Minister of the Interior and Safety may revoke its registration or order suspension of its business for a prescribed period not exceeding one year: Provided, That he/she shall revoke the registration of a supervisory corporation where it falls under subparagraphs 1 through 3 or subparagraph 10: (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

1. Where its registration is made by fraud or other improper means;

2. Where it has been subject to a disposition for suspension of business on at least three occasions for the last three years;

3. Where it carries out supervision of an information system during the period of suspension of business: Provided, That this shall not apply where it carries out supervision during the period of suspension of business pursuant to Article 63;

4. Where it carries out supervision in breach of the supervision standards, in violation of Article 57 (6);

5. Where it falls short of the requirements for registration under Article 58 (1);

6. Where it fails to report, or falsely reports, modified matters under Article 58 (2);

7. Where it allows persons other than supervisors to perform supervisory duties, in violation of Article 59 (1);

8. Where it prepares a false report on supervision, in violation of Article 59 (2);

9. Where it allows another person to carry out supervision of information systems using its own name, in violation of Article 59 (3);

10. Where any of its executive officers falls under a ground for disqualification provided for in Article 61 (1): Provided, That this shall not apply where it appoints another executive officer instead of the relevant executive within six months of the date such executive officer falls under disqualification requirements.

(2) The Minister of the Interior and Safety shall hold a hearing if he/she intends to revoke the registration pursuant to paragraph (1). (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Necessary matters concerning the standards and procedures for dispositions under paragraph (1) and other relevant matters shall be prescribed by Presidential Decree.

Article 63 (Continuance of Business, etc. of Supervisory Corporations on which Disposition of Revocation of Registration, etc. has been Imposed)

(1) Any supervisory corporation on which a disposition of revocation of registration or suspension of business has been imposed pursuant to Article 62 (1) may continue to perform its supervisory duties under a contract concluded before the relevant disposition was imposed. In such cases, the supervisory corporation shall, without delay, notify the relevant person awarding the contract of the details of such disposition.

(2) Where a person awarding a contract for the supervision of an information system is notified pursuant to paragraph (1) or learns the fact that revocation of registration or suspension of business has been imposed on the relevant supervisory corporation, he/she may terminate the contract only within 30 days from the date he/she learns such fact, except under exceptional circumstances.

CHAPTER VI.- PROMOTION OF POLICIES, ETC. FOR REALIZATION OF ELECTRONIC GOVERNMENT

Article 64 (Promotion of and Support for Electronic Government Projects)

(1) The head of each administrative agency, etc. shall actively pursue projects for the realization, operation, and development of electronic government (hereinafter referred to as “electronic government projects“).

(2) The Minister of the Interior and Safety may provide the heads of administrative agencies, etc. with administrative, financial, technical, or other support necessary to help them efficiently pursue electronic government projects. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for the selection and management of electronic government projects supported under paragraph (2) (hereinafter referred to as “supported electronic government projects“), and other relevant matters shall be prescribed by Presidential Decree.

Article 64-2 (Entrustment of Management of Electronic Government Projects)

(1) In order to efficiently implement electronic government projects, the heads of administrative agencies, etc. may entrust all or part of their business concerning the management and supervision of any of the following projects (hereinafter referred to as “management of electronic government projects“) to a person equipped with expertise and technical capacity, and the specific scope of electronic government projects which may be entrusted and the qualifications of a person eligible for being entrusted with the management of electronic government projects shall be prescribed by Presidential Decree:

1. Projects that significantly affect the efficiency in pubic services and public administration;

2. Projects that require special management because of a high level of difficulty;

3. Other cases where the heads of administrative agencies, etc. deem it necessary to entrust the management of electronic government projects.

(2) When the head of an administrative agency selects a person to whom he/she intends to entrust the management of electronic government projects (hereinafter referred to as “manager of electronic government projects“) pursuant to paragraph (1), he/she shall take into consideration human resources capable of managing such projects, a plan for conducting business, the past records of management of electronic government projects, etc., and detailed criteria for the selection shall be prescribed by Presidential Decree.

(3) No manager of electronic government projects shall give advice to anyone to have relevant electronic government projects subcontracted to him/herself or his/her affiliated company (referring to an affiliated company defined under subparagraph 3 of Article 2 of the Monopoly Regulation and Fair Trade Act).

(4) Where the head of an administrative agency entrusts the management of electronic government projects, he/she shall submit data about relevant electronic government projects, entrusted services, and performance of such services to the Minister of the Interior and Safety. (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(5) The Minister of the Interior and Safety may determine and publicly notify matters necessary for the management of electronic government projects, including the guidelines for the calculation of fees for the entrustment under paragraph (1) and the submission of data under paragraph (4). (Amended by Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(Article Inserted by Act nº 11735, Apr. 5, 2013)

Article 64-3 (Liability, etc. of Manager of Electronic Government Projects)

The manager of electronic government projects shall be liable for any loss or damage suffered by a person from or in connection with his/her placing an order, which has been inflicted due to breach of contract or by intention or negligence in the course of the management of electronic government projects.

(Article Inserted by Act nº 11735, Apr. 5, 2013)

Article 65 (Promotion of and Support for Local Informatization Projects)

(1) The State and a local government may pursue the following local informatization projects with the aim of enhancing regional competitiveness and improving the quality of life for local residents:

1. Development and dissemination of local information services covering the history, culture, welfare, environment, etc. of the relevant region;

2. Construction of information systems and laying the foundations for informatization of the relevant region;

3. Intensive support for regions lagging behind in informatization;

4. Efficient management of information resources, such as integrated management of information systems and information services;

5. Other matters necessary for local informatization.

(2) A local government may pursue a local informatization project under paragraph (1) in collaboration with central administrative agencies or other local governments, if it is necessary to prevent duplicative investment, etc.

(3) The State and a local government may establish and operate a commonly applicable operating foundation for the efficient provision of services through integrated linkage between the public and private sector information systems in the relevant region. In such cases, they shall prepare measures to prevent unlawful access to information networks and other protective measures.

(4) In order to pursue local informatization projects under paragraphs (1) through (3), the State may provide administrative, financial, technical, and other necessary support, as prescribed by Presidential Decree.

(5) Matters necessary for the promotion of and support for local informatization projects, other than those provided for in paragraphs (1) through (4), shall be prescribed by Presidential Decree.

Article 66 (Promotion of Pilot Projects)

(1) The head of an administrative agency, etc. may promote a pilot project if necessary for the realization, operation, and development of electronic government and the facilitation of efficient informatization at the local level.

(2) Matters necessary for the implementation of pilot projects shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 67 (Prior Consultation)

(1) When the head of an administrative agency, etc. intends to pursue an electronic government project or local informatization project for interconnection or sharing with other administrative agencies, etc., he/she shall have prior consultation with the heads of central agencies responsible for administrative affairs to prevent duplicative investment, etc.: Provided, That the local informatization projects being pursued by the head of a Si/Gun/Gu (referring to an autonomous Gu) shall be subject to consultation with the competent Special Metropolitan City Mayor, Metropolitan City Mayor or Do Governor. (Amended by Act nº 12346, Jan. 28, 2014)

(2) The head of each administrative agency, etc. shall reflect the results of prior consultations held under paragraph (1), in the course of pursuing the relevant project.

(3) Necessary matters concerning projects subject to prior consultation, the methods and procedures therefor, and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 68 (Analysis and Examination of Performance)

(1) The head of each central agency responsible for administrative affairs shall conduct comprehensive analysis and examination of the results and performance of major projects prescribed by Presidential Decree, such as projects concerning electronic government and local informatization which relate to multiple administrative agencies, etc., as well as the status of administrative information sharing, submit the results thereof to the National Assembly, and reflect such results in its business plan, etc. for the next year (Amended by Act nº 11688, Mar. 23, 2013)

(2) The Minister of the Interior and Safety shall, every year, analyze and examine the current status and outcomes of the introduction and operation of information technology architectures under Article 46 (2) and shall reflect the results thereof in the Master Plan. (Amended by Act nº 11688, Mar. 23, 2013; Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

(3) Matters necessary for the analysis and examination of outcomes under paragraphs (1) and (2) shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 69 (Cooperation, such as Submission of Materials)

(1) If necessary for performing business affairs provided for in this Act, the head of a central agency responsible for administrative affairs may request the head of any related administrative agency, etc. to submit data, etc. for investigating the current conditions.

(2) The head of each related administrative agency, etc. shall actively cooperate with the request for submitting data under paragraph (1).

(3) The head of a central agency responsible for administrative affairs may provide statistical data, etc. collected pursuant to paragraph (1) upon receipt of a request of the head of any other administrative agency, etc.

Article 70 (International Collaboration for Electronic Government)

(1) The head of each central agency responsible for administrative affairs shall stay informed of international trends in electronic government and improve the international competitiveness of electronic government through international collaboration.

(2) The head of a central agency responsible for administrative affairs may carry out the following activities:

1. Collaboration with international organizations and foreign governments in connection with electronic government;

2. Management of an international rating index with regard to electronic government;

3. Other matters prescribed with regard to international collaboration for electronic government by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

(3) The head of a central agency responsible for administrative affairs may request the head of a related administrative agency, etc. to cooperate in connection with international collaboration for electronic government, and the head of the related administrative agency, etc. so requested shall comply with such request, except under exceptional circumstances.

Article 71 (Designation, etc. of Specialized Institutions)

(1) The head of a central agency responsible for administrative affairs may designate specialized institutions to entrust them with business affairs in order to comprehensively and efficiently conduct the following affairs assigned to each agency: (Amended by Act nº 11735, Apr. 5, 2013)

1. Affairs related to the development, provision, and promotion of the use of electronic government services;

2. Affairs related to the sharing of administrative information;

3. Affairs related to the introduction and utilization of an information technology architecture;

4. Affairs related to research on and improvement of the supervision system;

5. Research on the entrustment of the management of electronic government projects under Article 64-2 (1) and on the improvement therein;

6. Affairs related to the promotion of and assistance in supported electronic government projects and local informatization projects;

7. Other affairs prescribed for the realization, operation, and development of electronic government by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

(2) The head of a central agency responsible for administrative affairs may contribute or subsidize funds within budgetary limits as necessary for the performance of the affairs specified in paragraph (1) to the relevant specialized agency.

(3) Professional characteristics of the relevant affairs, etc. shall be considered in designating a specialized institution, and necessary matters concerning requirements, methods, and procedures for the designation of specialized institutions and other relevant matters shall be prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 72 (Establishment, etc. of Korea Local Information Research and Development Institute)

(1) At least two local governments may jointly establish a Korea Local Information Research and Development Institute (hereinafter referred to as the “Development Institute“) to jointly pursue informatization projects under their control.

(2) The Development Institute shall be a corporation.

(3) The Development Institute shall perform the following affairs:

1. Assistance in informatization projects being pursued by local governments for the realization of electronic government and the facilitation of local informatization;

2. Administrative affairs entrusted by a related central administrative agency or a local government in connection with the promotion of informatization of local governments;

3. Survey, research, education, and training to facilitate informatization of local governments;

4. Other projects determined by Presidential Decree for the facilitation of local informatization.

(4) The head of an administrative agency, etc. may entrust the Development Institute with the affairs assigned to the agency in order to efficiently pursue local informatization projects.

(5) A local government may contribute funds to the Development Institute so that it can be appropriated for the establishment, installation of facilities, and operation of the Development Institute, and the State may provide support as necessary for the Development Institute’s smooth performance of duties.

(6) The Development Institute may request an administrative agency, etc. to wholly or partially bear expenses incurred in providing its services.

(7) Except as otherwise provided for in this Act, provisions regarding incorporated foundations of the Civil Act shall apply mutatis mutandis to the Development Institute.

(8) Matters necessary for the promotion and support of local informatization by the Development Institute and other relevant matters shall be prescribed by Presidential Decree.

Article 73 (Delegation and Entrustment of Authority, etc.)

(1) The head of a central agency responsible for administrative affairs may delegate part of his/her authority under this Act to heads of affiliates under his/her control or the Special Metropolitan City Mayor, Metropolitan City Mayors, and Do Governors or may entrust such authority to the head of any other administrative agency, etc., as prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

(2) The head of a central agency responsible for administrative affairs may entrust to any related corporation or organization some of its affairs under this Act, as prescribed by the National Assembly Regulations, the Supreme Court Regulations, the Constitutional Court Regulations, the National Election Commission Regulations, or by Presidential Decree.

Article 74 (Prevention of Divulgence of Confidential Information, etc.)

No person who was or is engaged in any of the following duties shall, without good cause, divulge to a third party any confidential information he/she acquires while performing his/her duties or steal such confidential information: (Amended by Act nº 11735, Apr. 5, 2013)

1. An administrative duty for which sharing administrative information is required;

2. A supervisory duty;

3. A duty of managing an electronic government project entrusted pursuant to Article 64-2 (1).

Article 75 (Legal Fiction as Public Official in Application of Penalty Provisions)

In applying Articles 129 through 132 of the Criminal Act, any of the following persons shall be deemed a public official, even though he/she is not a public official: (Amended by Act nº 11735, Apr. 5, 2013)

1. A person engaged in work relating to the sharing of administrative information;

2. A person working for an agency that receives administrative information (limited to persons relating to the sharing of administrative information);

3. A supervisor performing supervisory duties;

4. A person in charge of managing an electronic government project entrusted pursuant to Article 64-2 (1).

CHAPTER VII.- PENALTY PROVISIONS

Article 76 (Penalty Provisions)

(1) Any person who forges, alters, damages, or deletes administrative information in violation of subparagraph 1 of Article 35 shall be punished by imprisonment with labor for not more than ten years.

(2) Any of the following persons shall be punished by imprisonment with labor for not more than five years or by a fine not exceeding 50 million won:

1. A person who forges, alters, damages, or uses an information system for sharing administrative information without good cause, in violation of subparagraph 2 of Article 35;

2. A person who discloses or disseminates to the public, any method or program by which administrative information can be altered or deleted, in violation of subparagraph 3 of Article 35.

(3) Any of the following persons shall be punished by imprisonment with labor for not more than three years or by a fine not exceeding 30 million won:

1. A person who divulges administrative information, in violation of subparagraph 4 of Article 35;

2. A person who processes administrative information without due authority or beyond the authority accorded, in violation of subparagraph 5 of Article 35;

3. A person who aids or abets another person, without due authority, to use administrative information, in violation of subparagraph 6 of Article 35;

4. A person who shares administrative information in a manner that has not been authorized, or stores administrative information in an information system or a storage device that has not been authorized, in violation of subparagraph 7 of Article 35;

5. A person who divulges or steals any secret to which he/she has acquired in the course of his/her official duties, in violation of Article 74.

(4) Any person who receives administrative information from an administrative agency, etc. or peruses administrative information by fraud or other improper means, in violation of subparagraph 8 of Article 35, shall be punished by imprisonment with labor for not more than two years or by a fine not exceeding seven million won.

(5) Any person who carries out supervision of an information system without registration under Article 58 (1) shall be punished by imprisonment with labor for not more than two years or by a fine not exceeding 20 million won.

(6) Any person who allows another person to carry out supervision of an information systems using its own name or lends his/her supervisor’s certificate to another person, or any person who carries out supervision using another person’s name or borrows supervisor’s certificate shall be punished by imprisonment with labor for not more than one year or by a fine not exceeding ten million won.

Article 77 (Joint Penalty Provisions)

If the representative of a corporation, or an agent or employee of, or any other person employed, by a corporation or an individual commits a violation under Article 76 (3) 5 or Article 76 (5) or (6) in connection with the business affairs of the corporation or individual, not only shall such violator be punished, but also the corporation or individual shall be punished by a fine under the relevant provisions: Provided, That this shall not apply where such corporation or individual has not been negligent in giving due attention and supervision concerning the relevant duties to prevent such violation.

Article 78 (Administrative Fines)

(1) An administrative fine not exceeding 30 million won shall be imposed on any of the following persons:

1. A person who fails to obtain the prior consent of an owner of information, in violation of Article 42 (1);

2. A person who fails to notify an owner of information of the matters listed in the subparagraphs of Article 43 (1) without good cause, in violation of Article 42 (2) and (3).

(2) Administrative fines under paragraph (1) shall be imposed and collected by the Minister of the Interior and Safety. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12844, Nov. 19, 2014; Act nº 14839, Jul. 26, 2017)

ADDENDA

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation: Provided, That the amended provisions of Article 5 (5) of this Addenda shall enter into force on January 1, 2011.

Article 2 (Repeal of other Act)

The Act on the Efficient Introduction, Operation, etc. of Information Systems is hereby repealed.

Article 3 (Transitional Measures concerning Sharing of Administrative Information)

(1) Any administrative information being shared through the Sharing Center under the previous provisions as at the time this Act enters into force shall be deemed authorized in accordance with the procedures determined by this Act.

(2) Any person corresponding to the amended provisions of the subparagraphs of Article 39 (7) shall be deemed designated in accordance with the procedures determined by this Act.

Article 4 (Transitional Measure following Repeal of the Act on the Efficient Introduction, Operation, etc. of Information Systems)

(1) Any agency designated as an agency introducing an information technology architecture under Article 5 of the previous Act on the Efficient Introduction, Operation, etc. of Information Systems (hereafter referred to as “Information Systems Act” in this Article) before this Act enters into force shall be deemed an agency designated under this Act.

(2) Any project on which supervision is carried out under Article 11 of the previous Information Systems Act as at the time this Act enters into force shall be deemed a project on which supervision is carried out under this Act.

(3) Any supervisory corporation registered as a supervisory corporation under Article 12 of the previous Information Systems Act before this Act enters into force shall be deemed registered under this Act.

(4) Any person educated as a supervisor under Article 14 of the previous Information Systems Act before this Act enters into force shall be deemed to have received education under this Act.

(5) Any person having received a supervisor’s certificate under Article 14 of the previous Information Systems Act before this Act enters into force shall be deemed to have received such certificate under this Act.

(6) Any administrative disposition imposed with regard to supervision on any information system under Article 16 of the previous Information Systems Act before this Act enters into force shall be deemed to have been imposed under this Act.

(7) Any application of penalty provisions or administrative dispositions with regard to a violation of any provision of the previous Information Systems Act before this Act enters into force shall be governed by the previous Information Systems Act.

Article 5 Omitted.

Article 6 (Relationship with other Acts and Subordinate Statues)

Where the previous Electronic Government Act or the previous Act on the Efficient Introduction, Operation, etc. of Information Systems, or the provisions thereof are cited in other Acts or subordinate statutes as at the time this Act enters into force, this Act or the corresponding provisons hereof shall be deemed cited in place of the previous provisions, if provisions corresponding thereto exist in this Act.

ADDENDA (Act nº 10303, May 17, 201)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 10 Omitted.

ADDENDA (Act nº 10465, Mar. 29, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act nº 10580, Apr. 12, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 5 Omitted.

ADDENDA (Act nº 11461, Jun. 1, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Articles 2 through 10 Omitted.

ADDENDA (Act nº 11688, Mar. 23, 2013)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Article 2 Omitted.

ADDENDA (Act nº 11690, Mar. 23, 2013)

Article 1 (Enforcement Date)

(1) This Act shall enter into force on the date of its promulgation.

(2) Omitted.

Articles 2 through 7 Omitted.

ADDENDUM (Act nº 11735, Apr. 5, 2013)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act nº 12346, Jan. 28, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Applicability concerning Master Plans for Electronic Government)

The first master plan for electronic government under the amended provisions of Article 5 shall be formulated in the year immediately following the enforcement of this Act.

Article 3 (Applicability concerning Plan for Each Agency)

The first plan for each agency under the amended provisions of Article 5-2 shall be formulated in the year immediately following the enforcement of this Act.

Article 4 (Applicability concerning Supervision of Information Systems)

The amended provisions under the proviso to Article 57 (1) shall apply to electronic government projects, the notices of tender for the entrustment of management of which are announced after this Act enters into force.

Article 5 (Transitional Measures concerning Incompetents, etc.)

The incompetents under the adult guardianship or quasi-incompetents under the limited guardianship under the amended provisions of Article 61 (1) 1 shall be deemed to include persons currently incompetent or quasi-incompetent under Article 2 of the Addenda to the partially amended Civil Act (Act nº 10429).

ADDENDA (Act nº 12592, May 20, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 5 Omitted.

ADDENDA (Act nº 12738, Jun. 3, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force one year after the date of its promulgation. (Proviso Omitted.)

Articles 2 and 3 Omitted.

ADDENDA (Act nº 12844, Nov. 19, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act nº 13459, Aug. 11, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 5 Omitted.

ADDENDA (Act nº 14474, Dec. 27, 2016)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Articles 2 through 14 Omitted.

ADDENDA (Act nº 14839, Jul. 26, 2017)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation: Provided, That among the Acts amended in accordance with Article 5 of these Addenda, amendments to Acts, which were promulgated before this Act enters into force, but the dates on which they are to enter into force have yet to arrive, shall enter into force on the enforcement dates of the respective Acts.

Articles 2 through 6 Omitted.

ADDENDUM (Act nº 14914, Oct. 24, 2017)

This Act shall enter into force on the date of its promulgation.

29Oct/21

Act nº 14080, Mar. 22, 2016. Internet Address Resources Act

29 octubre, 2021Corea del Sur, LeyDerecho Informático, electronic document, Electronic transmission medium, Information and communications network, Information and communications services, Internet Address Resources Act, intrusion, Legislación Informática de Corea del Sur, message board, personal information, provider of telecommunications billing services, Providers of informations services, telecommunications billing services, User of telecommunications billing services, usersJosé Cuervo

Internet Address Resources Act

CHAPTER I.- GENERAL PROVISIONS

Article 1 (Purpose)

The purpose of this Act is to contribute to improving citizens’ lives and enhancing public welfare by facilitating utilization of information and communications networks, protecting personal information of people using information and communications services, and developing an environment in which people can utilize information and communications networks in a healthier and safer way.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 2 (Definitions)

(1) The definitions of terms used in this Act shall be as follows: (Amended by Act nº 7139, Jan. 29, 2004; Act nº 8289, Jan. 26, 2007; Act nº 8778, Dec. 21, 2007; Act nº 9119, Jun. 13, 2008; Act nº 10166, Mar. 22, 2010; Act nº 12681, May 28, 2014; Act nº 13343 Jun. 22, 2015)

1. The term “information and communications network” means an information and communications system for collecting, processing, storing, searching, transmitting or receiving information by using telecommunications facilities and equipment prescribed in subparagraph 2 of Article 2 of the Telecommunications Business Act or computers and applied computer technology;

2. The term “information and communications services” means the telecommunications services prescribed in subparagraph 6 of Article 2 of the Telecommunications Business Act and services of providing information or intermediating the provision of information by using such telecommunications services;

3. The term “providers of information and communications services” means the telecommunications business operators prescribed in subparagraph 8 of Article 2 of the Telecommunications Business Act and other persons who provide information or intermediate to provide information commercially by utilizing services provided by a telecommunications business operator;

4. The term “users” means persons who use information and communications services rendered by providers of information and communications services;

5. The term “electronic document” means data prepared and transmitted, received, or stored electronically in a standardized document by a device capable of processing information, such as a computer;

6. The term “personal information” means the information pertaining to an individual alive, which contains information identifying a specific person with a name, a national identification number, or similar in the form of a code, letters, voice, sound, motion picture, or any other form (including information that makes it impracticable to identify a specific person by itself, but that enables to identify such person easily if combined with another information);

7. The term “intrusion” means an event resulting from an attack on an information and communications network or an information system related to such network by means of hacking, computer virus, logic bomb, mail bomb, denial of service, high-power electromagnetic wave, etc.;

8. Deleted.; (by Act Nº13343 Jun. 22, 2015)

9. The term “message board” means, regardless of its name, a computer program or a technical device with which users can publish information in the form of a code, letters, voice, sound, image, motion picture, or any other form purposely to disclose the information to the public by using an information and communications network;

10. The term “telecommunications billing services” means information and communications services to perform the following business activities:

(a) Business activities of charging and collecting prices for goods or services sold or provided by a third person (hereinafter referred to as “goods or services”) together with charges for the telecommunications services provided;

(b) Business activities of transmitting and receiving information of transactions electronically so that prices for goods or services sold or provided by a third person can be billed or collected together with charges for the telecommunications services provided by oneself, or settling, on behalf of another person, or intermediating payments for such prices;

11. The term “provider of telecommunications billing services” means a person who provides telecommunications billing services after being registered under Article 53;

12. The term “user of telecommunications billing services” means a person who purchases or uses goods or services by using telecommunications billing services rendered by a provider of telecommunications billing services;

13. The term “electronic transmission medium” means a medium transmitting codes, letters, voices, images or motion pictures to addressees in an electronic form, such as an electronic document, via information and communications networks.

(2) Except as otherwise provided for in paragraph (1), definitions of terms used in this Act shall be governed by the Framework Act on National Informatization. (Amended by Act nº 9119, Jun. 13, 2008; Act nº 11690, Mar. 23, 2013)

Article 3 (Responsibilities of Providers and Users of Information and Communications Services)

(1) Every provider of information and communications services shall contribute to protection of rights and interests of users and enhancement of users’ abilities to use information by protecting personal information of users and providing information and communications services in a sounder and safer way.

(2) Every user shall make efforts to help to establish a healthier information society.

(3) The Government may provide support to organizations composed of providers or users of information and communications services for their activities for protecting personal information and protecting juvenile in information and communications networks.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 4 (Preparation of Policy on Promotion of Utilization of Information and Communications Networks and Protection of Information)

(1) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall prepare policies to lay a foundation for an information society through the promotion of utilization of information and communications networks, the stable management and operation of such networks, the protection of personal information of users, and other related activities (hereinafter referred to as “promotion of utilization of information and communication networks, the protection of information, or other related matters”). (Amended by Act nº 10465, Mar. 29, 2011; Act nº 11690, Mar. 23, 2013)

(2) The policies under paragraph (1) shall contain descriptions of the following:

1. Development and dissemination of technology related to the information and communications networks;

2. Standardization of information and communications networks;

3. Promotion of the use of information and communications networks, including the development of content of information and applied service for information and communications networks under Article 11;

4. Facilitation of sharing information through information and communications networks;

5. Promotion of use of internet;

6. Protection of personal information collected, processed, stored and used via information and communications networks, and development and dissemination of technology related thereto;

7. Protection of juvenile in information and communications networks;

8. Enhancement of safety and reliability of information and communications networks;

9. Other matters necessary for the promotion of utilization of information and communications networks, the protection of information, or other related matters.

(3) When the Minister of Science, ICT and Future Planning or the Korea Communications Commission prepares the policy under paragraph (1), he or she shall ensure that the policy conforms to the basic plan for national informatization under Article 6 of the Framework Act on National Informatization. (Amended by Act nº 10465, Mar. 29, 2011; Act nº 11690, Mar. 23, 2013) (Amended by Act nº 9119, Jun. 13, 2008)

Article 5 (Relationship to Other Acts)

Except as otherwise provided for in any other Act, the promotion of use of information and communications networks, the protection of information, or other related matters shall be governed by the provisions of this Act: Provided, That this Act shall take precedence over the Electronic Financial Transaction Act, in cases where a plicable f this Act and a plicable f the Electronic Financial Transaction Act are plicable to the telecommunications billing service under Chapter VII.

(Amended by Act nº 9119, Jun. 13, 2008)

CHAPTER II.- PROMOTION OF UTILIZATION OF INFORMATION AND COMMUNICATIONS NETWORK

Article 6 (Development of Technology)

(1) The Minister of Science, ICT and Future Planning may engage the relevant research institute, as prescribed by Presidential Decree, to implement a project for research and development, technical cooperation, transfer of technology, technical guidance, or similar, in order to promote the development of technology and equipment related to information and communications networks. (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Government may provide financial support to a research institute that implement a project for research and development or similar in accordance with paragraph (1) for all or part of the cost and expenses incurred in such project.

(3) Necessary matters concerning the disbursement and management of cost and expenses under paragraph (2) shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 7 (Management and Dissemination of Technology-Related Information)

(1) The Minister of Science, ICT and Future Planning shall manage, systematically and comprehensively, the information pertaining to technology and equipment related to information and communications networks (hereafter referred to as “technology-related information” in this Article). (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may, if necessary for managing technology-related information systematically and comprehensively, request data relevant to technology-related information from the relevant administrative agency and a national or public research institute. In such cases, the head of such agency or institute shall, upon such request, comply with the request, unless any particular reason exists. (Amended by Act nº 11690, Mar. 23, 2013)

(3) The Minister of Science, ICT and Future Planning shall perform projects for dissemination of technology-related information, so that technology-related information can be used promptly and easily. (Amended by Act nº 11690, Mar. 23, 2013)

(4) Necessary matters concerning the scope of technology and equipment related to information and communications networks, which shall be disseminated pursuant to paragraph (3), shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 8 (Standardization and Certification of Information and Communications Networks)

(1) The Minister of Science, ICT and Future Planning shall establish and provide a public notice the standards for information and communications networks in order to promote the use of information and communications networks, and may recommend providers of information and communication services or the persons who manufacture or supply products related to information and communications networks to comply with the standards: Provided, That the matters for which the Korean Industrial Standards under Article 12 of the Industrial Standardization Act have already been established shall comply with such standards. (Amended by Act nº 11690, Mar. 23, 2013)

(2) A person who manufactures or supplies a product related to information communications in conformity with the standards publicly notified pursuant to paragraph (1) may put on the product a mark stating that the product conforms to the standards, subject to the prior certification of the certifying institution under Article 9 (1).

(3) In cases where a product falls under the proviso to paragraph (1) and the certification under Article 15 of the Industrial Standardization Act has been already given to the product, the product shall be deemed to have been certified pursuant to paragraph (2).

(4) No person but those who hold the certification under paragraph (2) may put a mark verifying that his or her product conforms to the standards or put any similar mark, nor may sell a product with any similar mark or display such a product for the purpose of sale.

(5) The Minister of Science, ICT and Future Planning may order a person, who sells a product in violation of paragraph (4) or displays such a product for the purpose of sale to collect and recall the product or to obtain certification to put such a mark, or may take any other corrective measure as may be necessary. (Amended by Act nº 11690, Mar. 23, 2013)

(6) Necessary matters concerning the subject matters of the standardization, the method and procedure for such standardization, and a mark of certification under paragraphs (1) through (3), and the collection, recall, corrective measures, etc. under paragraph (5) shall be prescribed by Ordinance of the Ministry of Science, ICT and Future Planning. (Amended by Act nº 11690, Mar. 23, 2013) (Amended by Act nº 9119, Jun. 13, 2008)

Article 9 (Designation of Certifying Institutions)

(1) The Minister of Science, ICT and Future Planning may designate an institution to certify products related to information and communications networks (hereinafter referred to as a “certifying institution”), which are manufactured or supplied by a person, and conforming to the standards publicly notified pursuant to the main sentence of Article 8 (1). (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may, if a certifying institution falls under any of the following subparagraphs, revoke the designation or give an order of business suspension for a prescribed period of time not exceeding six months: Provided, That the Minister of Science, ICT and Future Planning shall revoke the designation of a certifying institution without an exception, if it falls under subparagraph 1: (Amended by Act nº 11690, Mar. 23, 2013)

1. If the institution is designated by fraud or other improper means;

2. If the institution has not continued its certification service for one year or longer without a justifiable reason; and

3. If the institution fails to meet the standards for designation under paragraph (3).

(3) Necessary matters concerning the standards and procedures for designation under paragraph (1) and, the criteria for revocation of designation and for business suspension of a certifying institution under paragraph (2), and other related matters shall be prescribed by Ordinance of the Ministry of Science, ICT and Future Planning. (Amended by Act nº 11690, Mar. 23, 2013) (Amended by Act nº 9119, Jun. 13, 2008)

Article 10 (Support for Development of Content of Information)

With an aim of securing national competitiveness and enhancing the public interest, the Government may provide financial and technical support, or otherwise, to the persons who develop ontento f information distributed through information and communications networks.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 11 (Acceleration of Development of Applied Services for Information and Communications Networks)

(1) The Government may provide financial and technical support, or otherwise as may be necessary, to any State agency, local government, public institution that develops and operates applied services for improving efficiency in processing its business affairs or automatizing or upgrading process of its business affairs by utilizing information and communications network (hereinafter referred to as “applied services for information and communications networks”).

(2) The Government may provide financial and technical support, or otherwise as may be necessary, to private sector with an aim of facilitating the development of applied services for information and communications networks by private sector and shall take the following measures for nurturing technical human resources necessary to develop applied services for information and communications networks:

1. Support for internet education conducted by schools in various levels and other educational institutions;

2. Extension of internet education for citizens;

3. Support for projects to cultivate technical human resources specializing in information and communications networks;

4. Establishment of and support for institutions to cultivate technical human resources specializing in information and communications networks;

5. Support for development and dissemination of educational programs for utilizing information and communications networks;

6. Support for establishment of the technical qualification system related to information and communications networks and support for supply of technical human resources specializing in information and communications networks on demand;

7. Other matters necessary for cultivate technical human resources related to information and communications networks.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 12 (Establishment of System for Sharing Information)

(1) The Government may encourage to build up a system for sharing information through linked operation and standardization of information and communications networks or in any other way so that the networks can be made efficient use of.

(2) The Government may provide financial and technical support, or otherwise as may be necessary, to any person who builds up a system for sharing information under paragraph (1).

(3) Necessary matters concerning the encouragement and support under paragraphs (1) and (2) shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 13 (Projects for Promoting Use of Information and Communications Networks)

(1) The Minister of Science, ICT and Future Planning may implement projects designed to promote efficient use and dissemination of technology, equipment, and applied services related to information and communications networks, as prescribed by Presidential Decree, in order to promote the use of information and communications networks in various areas of public service, local communities, industry, life, and social welfare and eliminate gaps in accessibility to information. (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Government may provide financial and technical support, or otherwise as may be necessary, to the persons who participate in the projects under paragraph (1).

(Amended by Act nº 9119, Jun. 13, 2008)

Article 14 (Proliferation of Internet)

The Government shall induce public and private sectors to use internet facilities available in public and private sectors so that internet can be proliferated, expand the user base for internet through education and public relations activities on internet, and prepare and enforce a policy to eliminate gaps in accessibility to internet between localities, genders, and ages.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 15 (Improvement of Quality of Internet Service)

(1) The Minister of Science, ICT and Future Planning shall prepare and enforce a policy to protect rights and interests of users of internet service and to ensure improvement of quality of internet service and stable availability of internet service. (Amended by Act nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may, if deemed necessary for enforcing the policy under paragraph (1), prescribe and give a public notice of the standards for measuring and assessing the quality of internet service, hearing opinions of organizations of providers and users of information and communications services and others. (Amended by Act nº 11690, Mar. 23, 2013)

(3) Every provider of information and communications services may voluntarily assess the current status of quality of his or her own internet service in accordance with the standards under paragraph (2) and notify the results thereof to users.

(Amended by Act nº 9119, Jun. 13, 2008)

Articles 16 and 17 Deleted. (by Act nº 7142, Jan. 29, 2004)

CHAPTER III.- DELETED

Articles 18 through 21 Deleted. (by Act nº13343 Jun. 22, 2015)

CHAPTER IV.- PROTECTION OF PERSONAL INFORMATION

SECTION 1.- Collection, Use, and Provision of Personal Information

Article 22 (Consent to Collection and Use of Personal Information)

(1) A provider of information and communications services shall, whenever he or she intends to collect personal information of a user purposely to use it, notify the user of the following matters and obtain consent from the user. The same shall apply in cases where he or she intends to change any of the following matters:

1. Purposes of collection and use of the personal information;

2. Items of personal information that he or she intends to collect;

3. Period of time during which he or she intends to possess and use the personal information.

(2) A provider of information and communications services may collect and use personal information of a user without the consent under paragraph (1) in any of the following cases:

1. If the personal information is necessary in fulfilling the contract for provision of information and communications services, but it is obviously difficult to get consent in an ordinary way due to any economic or technical reason;

2. If it is necessary in paying charges on the information and communication services rendered;

3. If a specific provision exists in this Act or any other Act otherwise.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 22-2 (Consent to Access Authority)

(1) Where a provider of information and communications services needs authority to access (hereinafter referred to as “access authority”) information stored and functions installed in mobile devices of users in order to provide the relevant services, the provider shall inform users of the following matters so that users may clearly recognize such matters, and shall obtain consent of users:

1. In the case of access authority certainly necessary to provide the relevant services:

(a) Items of the information and functions for which access authority is necessary;

(b) Ground that access authority is necessary.

2. In the case of access authority not certainly necessary to provide the relevant services:

(a) Items of the information and functions for which access authority is necessary;

(b) Ground that access authority is necessary;

(2) No provider of information and communications services shall refuse to provide the relevant services to users on the ground that the users give no consent to the establishment of access authority not certainly necessary to provide the relevant services.

(3) The persons manufacturing and providing a basic operating system (referring to an operating environment in which softwares installed in mobile devices can be run) of mobile devices, the manufacturers of mobile devices, and the persons manufacturing and providing a software for mobile devices shall take measures necessary for protecting users’ information, such as devising methods for users to give or revoke consent to access authority where the provider of information and communications services intends to access the information stored and functions installed in mobile devices.

(4) The Scope of, and methods for consenting to, access authority referred to in paragraph (1), measures necessary for protecting users’ information referred to in paragraph (3), and other necessary matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 14080, Mar. 22, 2016)

Article 23 (Restrictions on Collection of Personal Information)

(1) No provider of information and communications services may collect personal information regarding any person, such as his or her ideology, beliefs, family relationship status, kinship and matrimonial relationship, educational background, and medical history, which is anticipated to otherwise infringe seriously upon any right, interest, or privacy of the person: Provided, That he or she may collect such personal information within the minimum scope necessary where he or she obtains consent of the user under Article 22 (1) or such personal information is specially permitted as personal information that may be collected pursuant to any other Act. (Amended by Act nº 12681, May 28, 2014)

(2) Where a provider of information and communications services collects personal information of a user, he or she shall only collect personal information within the minimum scope necessary to provide information and communications services. (Amended by Act nº 12681, May 28, 2014)

(3) No provider of information and communications services shall refuse to provide such services on the ground that a user does not provide personal information other than the minimum personal information required. In such cases, the minimum personal information required means information that is specifically required to perform essential functions of the relevant services. (Inserted by Act nº 12681, May 28, 2014) (Amended by Act nº 9119, Jun. 13, 2008)

Article 23-2 (Restriction on Use of Resident Registration Numbers)

(1) Other than the cases falling under any of the following subparagraphs, a provider of information and communications services may not collect/use users’ resident registration numbers: (Amended by Act nº 10560, Apr. 5, 2011)

1. Where the provider is designated as the identification service agency pursuant to Article 23-3;

2. Where collection/use of users’ resident registration numbers is authorized by statutes;

3. Where the Korea Communications Commission makes a public announcement for the provider of information and communications services who inevitably collects/uses users’ resident registration numbers for his or her business purposes.

(2) Even where the collection/use of users’ resident registration numbers is authorized pursuant to paragraph (1) 2 or 3, an identification method without using the users’ resident registration numbers (hereinafter referred to as “alternative means”) shall be provided.

(Amended by Act nº 11322, Feb. 17, 2012)

Article 23-3 (Designation of Identification Service Agency, etc.)

(1) The Korea Communications Commission may, after reviewing each item of the following subparagraphs, designate a person as an identification service agency who is deemed competent to safely and reliably perform the affairs of development, provision and administration of the alternative means (hereinafter referred to as “identification service”):

1. A plan for physical/technological/administrative measures in order to secure safety of the identification service;

2. Technological/financial capability necessary for performing the identification service;

3. Appropriateness of the scale of facilities relevant to the identification service.

(2) When the identification service agency intends to suspend all or part of identification service, it shall determine and notify a suspension period to the users no later than 30 days prior to the intended date of suspension and shall report the same to the Korea Communications Commission. In this case, the suspension period shall not exceed six months.

(3) When the identification service agency intends to discontinue the identification affairs, it shall notify the intention to the users no later than 60 days prior to the intended date of discontinuation and shall report the same to the Korea Communications Commission.

(4) Necessary matters concerning the criteria for each standard subject to the review and the designation procedure of identification service agency under paragraph (1), suspension or discontinuation of the identification affairs under paragraphs (2) and (3) and other matters shall be determined by Presidential Decree.

(Article Inserted by Act nº 10560, Apr. 5, 2011)

Article 23-4 (Suspension of Identification Service and Cancelation of Designation of Identification Service Agency)

(1) When the identification service agency falls under any of the following subparagraphs, the Korea Communications Commission may determine the period of suspension within six months and order suspension of all or part of the identification service, or cancel designation of identification service agency: Provided, That in cases where falling under subparagraph 1 or 2, the Korea Communications Commission shall cancel designation of identification service agency:

1. Where an identification service agency is designated by falsity or other fraudulent methods;

2. Where a person who has received the order for suspension of identification service fails to suspend the affairs in violation of the order;

3. Where a person fails to start the identification service within six months from the date of being designated, or suspend the service continuously for six months or more;

4. Where it becomes not suitable for the standard of designation pursuant to Article 23-3 (4).

(2) Standards and procedures for any dispositions pursuant to paragraph (1) and other necessary matters shall be determined by Presidential Decree.

(Article Inserted by Act nº 10560, Apr. 5, 2011)

Article 24 (Restriction on Use of Personal Information)

No provider of information and communications services may use personal information collected in accordance with Article 22 and the proviso to Article 23 (1) for any purpose other than the purpose consented by the relevant user or the purpose specified in any subparagraph of Article 22 (2).

(Amended by Act nº 9119, Jun. 13, 2008)

Article 24-2 (Consent to Provision of Personal Information)

(1) Every provider of information and communications services shall, whenever he or she intends to furnish a third party with personal information of a user, notify the user of all the following matters and obtain consent from the user, except as provided for in Article 22 (2) 2 and 3. The same shall apply in cases where there is a change in any of the following matters:

1. The person to whom the personal information is furnished;

2. Purposes of use of the personal information of the person to whom the personal information is furnished;

3. Items of the personal information furnished;

4. Period of time during which the person to whom the personal information is furnished will possess and use the personal information.

(2) A person who received any personal information of a user from a provider of information and communications services in accordance with paragraph (1) shall not furnish the personal information to a third party or use it for any purpose other than the purpose originally agreed upon at the time when the information was furnished without consent of the user or a specific provision otherwise specified in any other Act.

(3) When the provider, etc. of information and communications services under Article 25 (1) is given the consent to furnishing user’s information under paragraph (1) and to the entrustment of management of personal information under Article 25 (1), he or she shall obtain such consent apart from the consent to collection/use of personal information pursuant to Article 22, and shall not refuse to provide its service on the ground of a user’s refusal of aforementioned consent. (Inserted by Act nº 10560, Apr. 5, 2011; Act nº 14080, Mar. 22, 2016)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 25 (Entrustment of Management of Personal Information)

(1) A provider of information and communications services or a person who received personal information of users from the provider of information and communications services in accordance with Article 24-2 (1) (hereinafter referred to as a “provider of information and communications services or similar”) shall, if he or she intends to entrust a third party with handling of business affairs related to personal information (hereinafter referred to as “entrustment of management of personal information”) so as to collect, create, connect, link, record, save, hold, process, edit, search, print, correct, recover, use, provide, disclose, destruct or treat similarly users’ personal information (hereinafter referred to as “management”), notify the users of all the following matters and shall obtain consent of the users. The same shall apply in cases where there exists a change in any of the following matters: (Amended by Act Nº 14080, Mar. 22, 2016)

1. Any person to whom the management of personal information is entrusted (hereinafter referred to as a “trustee”);

2. Details of the business affairs subject to the entrustment of management of personal information.

(2) A provider of information and communications services or similar may omit the procedures for notification and consent under paragraph (1) for entrusting the management of personal information, where the personal information is required to comply with the contract on the provision of the information and communications services and enhance convenience of users and where all the matters prescribed in subparagraphs of paragraph (1) have been disclosed to the public under Article 27-2 (1) or notified to users in a manner prescribed by Presidential Decree, such as by electronic mails. The same shall apply where there exists a change in a matter prescribed in any subparagraph of paragraph (1). (Amended by Act nº 12681, May 28, 2014; Act nº 14080, Mar. 22, 2016)

(3) A provider of information and communications services or similar shall, when he or she entrusts the management of personal information to a third party, define the scope of purposes, in advance, within which the trustee is allowed to manage personal information of users, and the trustee shall not manage the personal information of users beyond the scope of purposes. (Amended by Act nº 14080, Mar. 22, 2016)

(4) A provider of information and communications services or similar shall control, supervise and educate the trustee to ensure that the trustee does not violate any provision of this Chapter. (Amended by Act nº 14080, Mar. 22, 2016)

(5) If the trustee violates any provision of this Chapter in connection with the business affairs related to the entrustment of management of personal information and inflicts damages upon a user, the trustee shall be deemed an employee of the provider of information and communications services or similar in determining liability for such damages. (Amended by Act nº 14080, Mar. 22, 2016)

(6) A provider, etc. of information and communications shall, when entrusting a trustee with management of personal information, do so in writing. (Inserted by Act nº 14080, Mar. 22, 2016)

(7) A trustee may re-entrust a third party with affairs entrusted pursuant to paragraph (1) only where the trustee obtains consent from the provider, etc. of information and communications services. (Inserted by Act nº 14080, Mar. 22, 2016)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 26 (Transfer of Personal Information Following Transfer of Business)

(1) Where a provider of information and communications services or similar transfers personal information of users to a third party due to transfer of business, in whole or in part, merger, or any similar cause, he or she shall notify the users of all the following matters by publishing them on its internet homepage or by electronic mail or any other means specified by Presidential Decree:

1. The fact that the personal information is to be transferred;

2. The name (referring to the name of a legal corporation, if the person is a legal corporation; hereafter the same shall apply in this Article), address, and telephone number of a person to whom the personal information is to be transferred (hereinafter referred to as a “transferee of business or similar”), and other contact information of the person;

3. The methods and procedures available for revocation of consent, where a user does not want his or her personal information transferred to a third party.

(2) If any personal information is transferred to a transferee of business, etc., he or she shall immediately notify the users of such fact and his or her name, domicile, telephone number and other contact details according to methods prescribed by Presidential Decree, such as the posting of such information on the Internet homepage or email. (Amended by Act nº 12681, May 28, 2014)

(3) A transferee of business or similar may use or furnish personal information only within the scope of purposes originally defined for which any provider of information and communications services or similar uses or furnishes the personal information of users: Provided, That the same shall not apply where he or she separately obtains consent from users.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 26-2 (Method Applicable in Obtaining Consent)

The method plicable in obtaining the consent under Article 22 (1), the proviso to Article 23 (1), Article 24-2 (1) or (2), Article 25 (1), the proviso to Article 26 (3), or Article 63 (2) (hereinafter referred to as “consent to collection, use, provision, and similar disposition of personal information”) shall be prescribed by Presidential Decree, considering media for collection of personal information, peculiarities of each type of business, number of users, and other related factors.

(Amended by Act nº 9119, Jun. 13, 2008)

SECTION 2.- MANAGEMENT, DESTRUCTION, ETC. OF PERSONAL INFORMATION

Article 27 (Designation of Person Responsible for Management of Personal Information)

(1) Every provider of information and communications services or similar shall designate a person responsible for protection of personal information so that he or she protects the personal information of users and process complaints from users in connection with the personal information: Provided, That a provider of information and communications services or similar may, if he or she falls under the criteria prescribed by Presidential Decree for the number of employees, number of users, and other related matters, omit such designation. (Amended by Act nº 14080, Mar. 22, 2016)

(2) If a provider of information and communications services or similar does not designate a person responsible for protection of personal information under the proviso to paragraph (1), the business owner or representative of the provider or similar shall be the person responsible for protection of personal information. (Amended by Act nº 14080, Mar. 22, 2016)

(3) The qualification requirements for a person responsible for protection of personal information and other matters necessary for designation of such person shall be prescribed by Presidential Decree. (Amended by Act nº 14080, Mar. 22, 2016)

(4) Where a person responsible for protection of personal information becomes aware of a fact of violation of this Act or other relevant statute, he or she shall take measures for improvement immediately, and if necessary, report the measures for improvement to the business owner or representative of the provider, etc. of information and communications services: Provided, That the provisions concerning reporting of measures for improvement shall not apply where the business owner or representative is the person responsible for protection of personal information pursuant to paragraph (2). (Inserted by Act nº 14080, Mar. 22, 2016) (Amended by Act nº 9119, Jun. 13, 2008)

Article 27-2 (Public Disclosure of Policy on Managing Personal Information)

(1) Every provider of information and communications services or similar shall, when he or she manages personal information of users, establish and disclose its policy on managing personal information to the public in a manner specified by Presidential Decree so that users become aware of the policy easily at any time. (Amended by Act nº 14080, Mar. 22, 2016)

(2) The policy on managing personal information under paragraph (1) shall include descriptions of all the following matters: (Amended by Act nº 11322, Feb. 17, 2012; Act nº 14080, Mar. 22, 2016)

1. Purposes of collection and use of personal information, items of personal information collected, and methods of collection;

2. The name of the person (referring to the name of a legal entity, if the person is a legal entity) to whom personal information is furnished, if the personal information is furnished to a third party, purposes of use of the person to whom the personal information is furnished, and items of the personal information furnished;

3. The period of time during which the personal information is possessed and used, and the procedure and method for destruction of the personal information (including the ground for preservation and items of preserved personal information, if it is required to preserve the personal information in accordance with the proviso to the part above subparagraphs of Article 29 (1));

4. Details of business affairs subject to the entrustment of management of personal information and the trustee (they shall be included in the policy on management, only where this subparagraph is applicable);

5. Rights of users and their legal representatives and methods for the exercise of such rights;

6. Matters concerning installation, operation, and denial of a device that collect personal information automatically, such as an information file for access to internet;

7. The name and address of the person responsible for protection of personal information or the department responsible for business affairs related to the protection of personal information and processing related complaints and other contact information of such person or department.

(3) Every provider of information and communications services or similar shall, when he or she revises the policy on managing personal information under paragraph (1), give public notice of the reasons for and details of such revision without delay in a manner specified by Presidential Decree, and take measures to make users aware of the details of the revision easily at any time. (Amended by Act nº 14080, Mar. 22, 2016) (Amended by Act nº 9119, Jun. 13, 2008)

Article 27-3 (Notification/Reports on Leakage of Personal Information)

(1) When a provider of information and communications services or similar becomes aware of the loss, theft, or leakage of personal information (hereinafter referred to as “leakages, etc.”), he or she shall immediately inform the relevant users of all the following matters and report to the Korea Communications Commission or the Korea Internet Security Agency, and shall not notify or report them after 24 hours have elapsed since he or she became aware of such fact without any justifiable cause: Provided, That other measures in lieu of the aforementioned notification may be taken as prescribed by Presidential Decree where users’ contact information is unknown or other good cause exists: (Amended by Act nº 12681, May 28, 2014; Act nº 14080, Mar. 22, 2016)

1. Each item of the personal information leaked;

2. Point of time the personal information is leaked;

3. Measures available for users to take;

4. Countermeasures to be taken by a provider of information and communications services or similar;

5. Responsible departments and contact information to be used for the users who seek consultations, etc., to submit their application for such consultations.

(2) The Korea Internet Security Agency in receipt of a report under paragraph (1) shall immediately inform the Korea Communications Commission of such fact. (Inserted by Act nº 12681, May 28, 2014)

(3) A provider of information and communications services, etc. shall explain just cause under the main sentence of and proviso to paragraph (1) to the Korea Communications Commission. (Inserted by Act nº 12681, May 28, 2014)

(4) Matters necessary for methods and procedures, etc., for the notification and report pursuant to paragraph (1) shall be prescribed by Presidential Decree.

(5) A provider of information and communications services, etc. shall prepare countermeasures against the leakages, etc. of personal information, and shall seek measures to minimize any damage thereof. (Amended by Act nº 14080, Mar. 22, 2016) (Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 28 (Protective Measures for Personal Information)

(1) Every provider of information and communications services or similar shall, when he or she manages personal information of users, take the following technical and administrative measures in accordance with the guidelines prescribed by Presidential Decree to prevent loss, theft, leakage, forgery or alteration of or damage to personal information and secure the safety of personal information: (Amended by Act nº 14080, Mar. 22, 2016)

1. Establishment and implementation of an internal control plan for managing personal information in a safe way;

2. Installation and operation of an access control device, such as a system for blocking intrusion to cut off illegal access to personal information;

3. Measures for preventing fabrication and alteration of access records;

4. Measures for security by using encryption technology and other methods for safe storage and transmission of personal information;

5. Measures for preventing intrusion of computer viruses, including installation and operation of vaccine software;

6. Other protective measures necessary for securing safety of personal information.

(2) Every provider of information and communications services or similar shall restrict the persons who may manage users’ personal information to the minimum extent. (Amended by Act nº 14080, Mar. 22, 2016) (Amended by Act nº 9119, Jun. 13, 2008)

Article 28-2 (Prohibition on Disclosure of Personal Information)

(1) A person who manages or has ever manages personal information of users shall not damage, intrude on, or disclosed personal information that he or she learned in the course of performing his or her duty. (Amended by Act nº 14080, Mar. 22, 2016)

(2) No one shall be knowingly provided with any disclosed personal information for profit or any unlawful purpose.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 29 (Destruction of Personal Information)

(1) A provider of information and communications services or similar shall, if any of the followings occurs, destroy the relevant personal information without delay so that such personal information cannot be recovered or reproduced: Provided, That the same shall not apply where it is required to preserve the personal information in accordance with any other Act: (Amended by Act nº 11322, Feb. 17, 2012; Act nº 12681, May 28, 2014)

1. When the purpose of collection and use of personal information with consent obtained in accordance with Article 22 (1), the proviso to Article 23 (1), or Article 24-2 (1) or (2) or the purpose under any subparagraph of Article 22 (2) has been achieved;

2. When a period during which it is allowed to possess and use personal information with consent obtained in accordance with Article 22 (1), the proviso to Article 23 (1), or Article 24-2 (1) or (2) ends;

3. When a period during which it is allowed to possess and use personal information in accordance with Article 27-2 (2) 3 ends, if the personal information has been collected and used without consent of users under Article 22 (2);

4. When the business is permanently closed down.

(2) The provider of information and communications services or similar shall, in an effort to protect personal information of the users who do not use information and communications services for a period of one year, take necessary measures, such as destruction of personal information, as prescribed by Presidential Decree: Provided, That the period is otherwise provided either in accordance with other statue or at the request of the users, such provisions shall apply.(Inserted by Act nº 11322, Feb. 17, 2012; Act nº 13520, Dec. 1, 2015)

(3) The provider, etc. of information and communications services shall notify , until 30 days before expiration of the period under paragraph (2), the users of the matters prescribed by Presidential Decree such as the fact that the personal information will be destroyed, the expiration date of the period and items of personal information subject to destruction, in a manner prescribed by Presidential Decree such as by email. (Inserted by Act nº 13520, Dec. 1, 2015)

(Amended by Act nº 9119, Jun. 13, 2008)

SECTION 3.- RIGHTS OF USERS

Article 30 (Rights of Users)

(1) Every user may, at any time, revoke his or her consent given to a provider of information and communications services or similar to allow the provider to collect, use, or furnish his or her personal information.

(2) Every user may request a provider of information and communications services or similar to allow him or her to peruse, or to furnish with any of the following subparagraphs, and may also require the provider to correct an error, if there is any error:

1. Personal information of the user, which the provider of information and communications services or similar possesses;

2. Details of which the provider of information and communications services or similar has used personal information of the user or furnished it to a third party;

3. Details of which the user has given a consent to he provider of information and communications services or similar to collect, use, or furnish his or her personal information.

(3) If a user withdraws his or her consent pursuant to paragraph (1), a provider of information and communications services, etc. shall immediately take necessary measures, such as the destruction of collected personal information in an irrecoverable or in unreproducible way. (Amended by Act nº 12681, May 28, 2014)

(4) A provider of information and communications services or similar shall, in receipt of a request to peruse or furnish matters in accordance with paragraph (2), take necessary measures without delay.

(5) A provider of information and communications services or similar shall, in receipt of a request for correction of an error in accordance with paragraph (2), correct the error, notify the user of the reasons why it is unable to correct the error, if it is the case, or take any other necessary measures, and may not use the relevant personal information or furnish it to a third party until he or she completes taking such measures: Provided, That he or she may furnish the personal information to a third party or use the information, if requested to furnish the personal information pursuant to any other Act.

(6) A provider of information and communications services or similar shall make how to revoke consent under paragraph (1), how to request to peruse personal information or furnish such information under paragraph (2), and how to request correction of an error, easier than how to collect personal information.

(7) Paragraphs (1) through (6) shall apply mutatis mutandis to a transferee of business or similar. In such cases, “provider of information and communications services or similar” shall be deemed “transferee of business or similar.”

(Amended by Act nº 9119, Jun. 13, 2008)

Article 30-2 (Notification of Details of Use of Personal Information)

(1) A provider of information and communications services or similar falling under the standards determined by Presidential Decree shall periodically notify the users of the details of using personal information of such users (including details of the provision under Article 24-2 and of the entrustment of management of personal information under Article 25) in accordance with Article 22 and the proviso to Article 23 (1): Provided, That this shall not apply in cases where the provider of information and communications services or similar does not collect any contact information or other personal information that can be notified to users. (Amended by Act nº 14080, Mar. 22, 2016)

(2) Types of personal information to be notified to users, frequency and method of notifying the information pursuant to paragraph (1) and other matters necessary for notification of details of using such personal information shall be determined Presidential Decree.

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 31 (Rights of Legal Representative)

(1) A provider of information and communications services or similar shall, if he or she desires to obtain consent of a child of less than 14 years on collection, use, furnishing, and other disposition of personal information, obtain consent from his or her legal representative. In such cases, the provider of information and communications services may demand the child to furnish minimum information, such as the legal representative’s name, necessary to obtain consent from the legal representative.

(2) A legal representative may exercise rights of a user under Article 30 (1) and (2) with respect to personal information of the relevant child.

(3) Article 30 (3) through (5) shall apply to a legal representative’s revocation of consent under paragraph (2) and his or her demand for perusal or correction of an error.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 32 (Compensation)

(1) Where a user suffers any damage caused by a violation of any provision of this Chapter by a provider, etc. of information and communications services, he or she may claim compensation for damage against the said provider, etc. of information and communications services. In this case, that provider of information and communications services or similar shall not be exonerated from liability if failing to prove that there is neither intention nor gross negligence on the part of the said provider. (Amended by Act nº 14080, Mar. 22, 2016)

(2) Where any damage occurs to a user because personal information has been lost, stolen, leaked, forged, altered, or damaged due to intention or gross negligence on the part of the provider, etc. of information and communications services or similar, a court may determine the amount of compensation to the extent not exceeding three times the said damage: Provided, That this shall not apply where the provider, etc. of information and communications services proves that there is neither intention nor gross negligence on the part of the said provider. (Inserted by Act nº 14080, Mar. 22, 2016)

(3) Where a court determines the amount of compensation referred to in paragraph (2), it shall take the following matters into account: (Inserted by Act nº 14080, Mar. 22, 2016)

1. Degree of acknowledging the intention or the likeliness of the occurrence of damage;

2. Scale of damage sustained due to the relevant violation;

3. Economic benefits acquired by the provider, etc. of information and communications services by committing the relevant violation;

4. Fines and penalty surcharges due to violations;

5. Period, number, etc. of violations;

6. Status of assets of the provider, etc. of information and communications services;

7. Degree of efforts of the provider, etc. of information and communications services to withdraw the relevant personal information after the user’s personal information has been lost, stolen or leaked;

8. Degree of efforts of the provider, etc. of information and communications services to remedy damage to the user.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 32-2 (Claim for Statutory Damages)

(1) Where a user falls under each of the following subparagraphs, he or she may claim resonable compensation not exceeding three million won as damages, in lieu of claiming damages under Article 32 from a provider of information and communications services, etc. within a period prescribed by Presidential Decree. In such cases, the relevant provider of information and communications services, etc. cannot be exempt from responsibility unless he or she proves that there is no intention or negligence: (Amended by Act nº 14080, Mar. 22, 2016)

1. Where the provider of information and communications services, etc. violates any of the provisions of this Chapter by intention or negligence;

2. Where personal information is lost, stolen, leaked, forged, altered or damaged.

(2) Where a claim for compensation under paragraph (1) is filed, a court may acknowledge a reasonable amount of loss within the limits prescribed in paragraph (1), taking into account the relevance of all pleadings and the outcomes of examination of evidence.

(3) A user claiming compensation for damage pursuant to Article 32 may change such claim to the claim referred to in paragraph (1) before the argument of the inquisition is closed. (Inserted by Act nº 14080, Mar. 22, 2016)

(Article Inserted by Act nº 12681, May 28, 2014)

Article 32-3 (Deletion and Blocking of Exposed Personal Information)

(1) A provider, etc. of information and communications services shall ensure that users’ personal information such as resident registration numbers, account numbers and credit cards information is not exposed to the public through information and communications networks.

(2) Upon the request of the Korea Communications Commission or the Korea Internet and Security Agency, a provider, etc. of information and communications services shall take necessary measures such as deleting and blocking exposed personal information referred to in paragraph (1).

(Article Inserted by Act nº 14080, Mar. 22, 2016)

SECTION 4 Deleted.

Articles 32-3 through 40 Deleted (by Act nº 10465, Mar. 29, 2011)

CHAPTER V.- PROTECTION OF USERS IN INFORMATION AND COMMUNICATIONS NETWORKS

Article 41 (Preparation of Policy on Protection of Juvenile)

(1) The Korea Communications Commission shall prepare a policy on the following measures to protect juvenile from unwholesome information for juvenile (hereinafter referred to as “unwholesome information for juvenile”), such as information of obscenities and violence, circulated through information and communications networks:

1. Development and dissemination of content-screening software;

2. Development and dissemination of technology for protection of juvenile;

3. Education and public relations activities for protection of juvenile;

4. Other matters specified by Presidential Decree for protection of juvenile.

(2) The Korea Communications Commission may, in an effort to implement the policy under paragraph (1), support activities conducted by the Korea Communications Standards Commission under Article 18 of the Establishment and Operation of the Korea Communications Commission Act (hereinafter referred to as the “Communications Standards Commission”), organizations of providers or users of information and communications services, and other relevant specialized institutions for protection of juvenile.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 42 (Labeling of Media Unwholesome for Juvenile)

A person who provides information to the general public purposely to make it public through telecommunications services rendered by a telecommunications business operator (hereinafter referred to as “information provider”) and who intends to provide any unwholesome medium for juvenile as defined in subparagraph 3 of Article 2 of the Juvenile Protection Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act shall put a label indicating that the information is an unwholesome medium for juvenile by the labeling method specified by Presidential Decree. (Amended by Act nº 11048, Sep. 15, 2011)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 42-2 (Prohibition on Advertisement of Unwholesome Media for Juvenile)

No one may transmit, to a juvenile under subparagraph 1 of Article 2 of the Juvenile Protection Act, any information containing an advertisement of an unwholesome medium for juvenile as defined in subparagraph 3 of Article 2 of the aforesaid Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act in the form of code, letter, voice, sound, image, or motion picture through an information and communications network or display such medium to the general public without taking any measure to restrict access by a juvenile. (Amended by Act nº 11048, Sep. 15, 2011)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 42-3 (Designation of Person Responsible for Protection of Juvenile)

(1) A provider of information and communications services whose the average number of users per day, sales, and other related factors fall under the criteria prescribed by Presidential Decree shall designate a person responsible for protection of juvenile to keep juvenile from unwholesome information to juvenile in the information and communication network.

(2) The person responsible for protection of juvenile shall be chosen from among executive officers of the relevant business operator or the persons in a position equivalent to the head of a department responsible for business affairs related to protection of juvenile.

(3) The person responsible for protection of juvenile shall block and control unwholesome information for juvenile in the information and communications network, and shall perform business affairs for protection of juvenile, including establishment of a plan for protection of juvenile from unwholesome information for juvenile.

(4) Necessary matters concerning the designation of a person responsible for protection of juvenile under paragraph (1) shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 43 (Duty of Provider of Visual or Sound Information to Keep Information)

(1) An information provider specified by Presidential Decree among those who engage in a business of providing unwholesome media for juvenile as defined in subparagraph 3 of Article 2 of the Juvenile Protection Act among the media under subparagraph 2 (e) of Article 2 of the aforesaid Act in a way to make it impossible to store or record the unwholesome media in a user’s computer shall keep relevant information. (Amended by Act nº 11048, Sep. 15, 2011)

(2) The period of time during which an information provider under paragraph (1) is obligated to keep relevant information shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44 (Protection of Rights in Information and Communications Network)

(1) No user may circulate any information violative of other person’s rights, including invasion of privacy and defamation, through an information and communications network.

(2) Every provider of information and communications services shall make efforts to prevent any information under paragraph (1) from being circulated through the information and communications network operated and managed by it.

(3) The Korea Communications Commission may prepare a policy on technological development, education, public relations activities, and other activities to prevent violation of other persons’ rights by information circulated through information and communications networks, including invasion of privacy and defamation, and may recommend providers of information and communications services to adopt the policy. (Amended by Act nº 11690, Mar. 23, 2013; Act nº 12681, May 28, 2014)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-2 (Request for Deletion of Information)

(1) Where information provided through an information and communications network purposely to be made public intrudes on other persons’ privacy, defames other persons, or violates other persons’ right otherwise, the victim of such violation may request the provider of information and communications services who managed the information to delete the information or publish a rebuttable statement (hereinafter referred to as “deletion or rebuttal”), presenting explanatory materials supporting the alleged violation. (Amended by Act nº 14080, Mar. 22, 2016)

(2) A provider of information and communications services shall, upon receiving a request for deletion or rebuttal of the information under paragraph (1), delete the information, take a temporary measure, or any other necessary measure, and shall notify the applicant and the publisher of the information immediately. In such cases, the provider of information and communications services shall make it known to users that he or she has taken necessary measures by posting a public notification on the relevant message board or in any other way.

(3) A provider of information and communications services shall, if there is any unwholesome medium for juvenile published in violation of the labeling method under Article 42 in the information and communications network operated and managed by him or her or if a content advertising any unwholesome medium for juvenile is displayed in such network without any measures to restrict access by juvenile under Article 42-2, delete such content without delay.

(4) A provider of information and communications services may, if it is difficult to judge whether information violates any right or it is anticipated that there will probably be a dispute between interested parties, take a measure to block access to the information temporarily (hereinafter referred to as “temporary measures”), irrespective of a request for deletion of the information under paragraph (1). In such cases, the period of time for the temporary measure shall not exceed 30 days.

(5) Every provider of information and communications services shall clearly state the details, procedure, and other matters concerning necessary measures in its standardized agreement in advance.

(6) A provider of information and communications services may, if he or she takes necessary measures under paragraph (2) for the informations circulated through the information and communications network operated and managed by it, have its liability for damages caused by such informations mitigated or discharged.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-3 (Discretionary Temporary Measures)

(1) A provider of information and communications services may, if it finds that information circulated through the information and communications network operated and managed by him or her intrudes on someone’s privacy, defames someone, or violates someone’s rights, take temporary measures at its discretion.

(2) The latter part of Article 44-2 (2), the latter part of Article 44-2 (4), and Article 44-2 (5) shall apply mutatis mutandis to the temporary measures under paragraph (1).

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-4 (Self Regulation)

An organization of providers of information and communications services may establish and implement a code of conduct applicable to providers of information and communications services with an objective to protect users and render information and communications services in a safer and more reliable way.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-5 (Identity Verification of Users of Message Boards)

(1) Any of the following persons shall, if he or she intends to install and operate a message board, take necessary measures, as prescribed by Presidential Decree (hereinafter referred to as “measures for identity verification”), including preparation of methods and procedures for verifying identity of users of the message board:

1. A State agency, local government, public enterprise, quasi-government agency under Article 5 (3) of the Act on the Management of Public Institutions, or a local government-invested public corporation or a local government public corporation under the Local Public Enterprises Act (hereinafter referred to as “public institution”);

2. Deleted. (by Act nº 12681, May 28, 2014)

(2) Deleted. (by Act nº 12681, May 28, 2014)

(3) The Government shall prepare a policy to develop a safer and more reliable system to verify identity of users under paragraph (1).

(4) A public institution, etc. may have its liability for damages caused by fraudulent use of a user’s identity by a third party mitigated or discharged, if it has taken the measures for identity verification under paragraph (1) with care as a good manager. (Amended by Act nº 12681, May 28, 2014)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-6 (Claim to Furnish User’s Information)

(1) A person who alleges that information published or circulated by a specific user has intruded on his or her privacy, defamed him or her, or violated his or her rights may file a claim with the defamation dispute conciliation division under Article 44-10 to demand the relevant provider of information and communications services to furnish the information he or she possesses about the alleged offender (referring to the minimum information specified by Presidential Decree, including the name and address, necessary for filing a civil or criminal complaint), along with materials supporting his or her allegation of the violation, in order to file a civil or criminal complaint against the alleged offender.

(2) The defamation dispute conciliation division shall, upon receiving a claim under paragraph (1), make a decision on whether to furnish information, hearing the opinion of the relevant user, unless it is impossible to contact the relevant user or there is any particular reason otherwise.

(3) A person who receives information about the relevant user under paragraph (1) may not use the information for any purpose other than the purpose of filing a civil or criminal complaint.

(4) Other matters necessary for the contents of a claim to furnish information of a user and the procedure therefor shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 44-7 (Prohibition on Circulation of Unlawful Information)

(1) No one may circulate information falling under any of the following subparagraphs through an information and communications network: (Amended by Act nº 11048, Sep. 15, 2011; Act nº 14080, Mar. 22, 2016)

1. Information with an obscene content distributed, sold, rented, or displayed openly in the form of code, words, sound, image, or motion picture;

2. Information with a content that defames other persons by divulging a fact, false fact, openly and purposely to disparage the person’s reputation;

3. Information with a content that arouses fear or apprehension by reaching other persons repeatedly in the form of code, words, sound, image, or motion picture;

4. Information with a content that mutilates, destroys, alters, or forges an information and communications system, data, a program, or similar or that interferes with the operation of such system, data, program, or similar without a justifiable ground;

5. Information with a content that falls within an unwholesome medium for juvenile under the Juvenile Protection Act and that is provided for profit without fulfilling the duties and obligations under relevant statutes, including the duty to verify the opposite party’s age and the duty of labeling;

6. Information with a content that falls within speculative activities prohibited by statutes;

6-2. Information regarding content of transactions of personal information in violation of this Act or other statutes concerning the protection of personal information;

7. Information with a content that divulges a secret classified by statutes or any other State secret;

8. Information with a content that commits an activity prohibited by the National Security Act;

9. Other information with a content that attempts, aids, or abets to commit a crime.

(2) The Korea Communications Commission may order a provider of information and communications services or a manager or an operator of a message board to reject, suspend, or restrict management of information under paragraph (1) 1 through 6 and 6-2, subject to deliberation by the Communications Standards Commission: Provided, That if the information falls under paragraph (1) 2 or 3, the Commission shall not issue an order to reject, suspend, or restrict such management against the intention specifically manifested by the victim of the relevant information. (Amended by Act nº 14080, Mar. 22, 2016)

(3) The Korea Communications Commission shall order a provider of information and communications services or a manager or an operator of a message board to reject, suspend, or restrict management of information under paragraph (1) 7 through 9, if the information falls under all the following subparagraphs: (Amended by Act nº 14080, Mar. 22, 2016)

1. There was a request from the head of a related central administrative agency;

2. A demand for correction was made pursuant to subparagraph 4 of Article 21 of the Act on the Establishment and Operation of Korea Communications Commission after deliberation by the Communications Standards Commission within seven days from the date on which the request under subparagraph 1 had been received;

3. The provider of information and communications services or the manager or operator of the message board has not complied with the demand for correction.

(4) The Korea Communications Commission shall give an opportunity to the provider of information and communications services or the manager, operator, or relevant user of the message board to whom an order is to be issued pursuant to paragraph (2) or (3) to present his or her opinion in advance: Provided, That the Commission may not give an opportunity to present an opinion, if a case falls under any of the following subparagraphs:

1. If it is necessary to make an urgent disposition for public safety and welfare;

2. If there is a ground specified by Presidential Decree to believe that it is obviously impracticable or evidently unnecessary to hear an opinion;

3. If a person concerned clearly manifests his or her intent to give up the opportunity to present his or her opinion.

(Amended by Act nº 9119, Jun. 13, 2008)

Articles 44-8 and 44-9 Deleted. (by Act Nº 8867, Feb. 29, 2008)

Article 44-10 (Defamation Dispute Conciliation Division)

(1) The Communications Standards Commission shall have the defamation dispute conciliation division comprised of five members or less for efficient conciliation of disputes arising in connection with information that intrudes other persons’ privacy, defames other persons, or violates other persons’ rights including a member or more holding qualification of attorney-at-law.

(2) The members of the defamation dispute conciliation division shall be commissioned by the chairperson of the Communications Standards Commission with consent of the Communications Standards Commission.

(3) Articles 33-2 (2) and 35 through 39 shall apply mutatis mutandis to the procedure for conciliation of disputes by the defamation dispute conciliation division. In such cases, “Dispute Mediation Committee” shall be construed as “Communications Standards Commission,” and “disputes over personal information” as “disputes arising in connection with information that intrudes privacy, defames other persons, or violates other persons’ rights among information circulated through information and communications networks.”

(4) Necessary matters concerning the installation and operation of the defamation dispute conciliation division and the conciliation of disputes, and other related matters shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

CHAPTER VI.- SECURING OF STABILITY OF INFORMATION AND COMMUNICATIONS NETWORK

Article 45 (Securing of Stability of Information and Communications Network)

(1) Every provider of information and communications services shall take protective measures to secure the reliability of the information and security of the information and communications networks.

(2) The Minister of Science, ICT and Future Planning may prescribe and provide a public notice of guidelines for protective measures for information (hereinafter referred to as “information protection guidelines”), specifying details of the protective measures under paragraph (1), and may recommend providers of information and communications services to observe the guidelines. (Amended by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar. 23, 2013)

(3) The information protection guidelines shall contain descriptions of the following matters: (Amended by Act nº 14080, Mar. 22, 2016)

1. Technical and physical protective measures, including installation and operation of an information protection system, for a person with no due authorization to prevent or counteract access to invasion upon an information and communications network;

2. Technical protective measures for preventing unlawful leakage, forgery. alteration, or deletion of information;

3. Technical and physical protective measures for securing the state of enabling continuous use of information and communications networks;

4. Administrative protective measures for stabilization of information and communications networks and protection of information, including securing human resources, organization, and expenses and establishing related plans.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 45-2 (Preliminary Examination on Information Protection)

(1) A provider of information and communications services shall, if he or she intends to newly establish an information and communications network or to provide information and communications services, take the matters regarding information protection into account in planning or designing thereof.

(2) The Minister of Science, ICT and Future Planning may recommend a person who intends to implement the information and communications services or the telecommunications businesses falling under any of the following subparagraphs to take protective measures in accordance with the preliminary examination standards as determined by Presidential Decree: (Amended by Act nº 11690, Mar. 23, 2013)

1. The information and communications services or telecommunications businesses as determined by Presidential Decree, for which authorization or permission by the Minister of Science, ICT and Future Planning should be obtained or registration with or report to the Korea Communications Commission should be made pursuant to this Act or other Acts and subordinate statutes;

2. The information and communications services or the telecommunications businesses as determined by Presidential Decree and financed by the Minister of Science, ICT and Future Planning for all or part of the business expenses thereof.

(3) Standards, methods, procedures, fees for the preliminary examination on protection of information pursuant to paragraph (2) and other necessary matters shall be determined by Presidential Decree.

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 45-3 (Designation, etc. of Chief Information Protection Officers)

(1) A provider of information and communications services may designate a chief information protection officer at a level of an executive officer for security of information and communications system, etc. and for safe administration of information: Provided, That in cases of any provider of information and communications services whose number of employees, number of users, etc. meet standards prescribed by Presidential Decree, he or she shall report its designation of the chief information protection officer to the Minister of Science, ICT and Future Planning. (Amended by Act nº 12681, May 28, 2014)

(2) Methods and procedures for reporting under paragraph (1) shall be prescribed by Presidential Decree. (Inserted by Act nº 12681, May 28, 2014)

(3) A chief information protection officer shall be responsible for the following matters:

1. Establishment and administration/operation of an administrative system for information protection;

2. Analysis/evaluation and improvement of the weakness of information protection;

3. Prevention of and response to an intrusion;

4. Preparation of preliminary measures for information protection and designing/realization, etc. of security measures;

5. Review of a preliminary security for information protection;

6. Review of the encryption of an important information and the suitability of a security server;

7. Other matters, such as taking necessary measures for protection of information pursuant to this Act or other relevant statutes.

(4) A provider of information and communications services may establish and operate an association of chief information protection officers comprised of chief information protection officers prescribed in paragraph (1) in order to jointly perform prevention/response in cases of intrusion, sharing necessary information and other joint programs prescribed by Presidential Decree.

(5) The Government may provide financial support to the association of chief information protection officers under paragraph (4) for expenses, in whole or in part, incurred in conducting its activities. (Amended by Act nº 12681, May 28, 2014; Act nº 13343, Jun. 22, 2015)

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 46 (Protection of Clustered Information and Communications Facilities)

(1) Every business operator who operates and manages clustered information and communications facilities to render information and communications services on behalf of another person (hereinafter referred to as “business operator of clustered information and communications facilities”) shall take protective measures as prescribed by Presidential Decree to pérate the information and communications facilities stably.

(2) Every business operator of clustered information and communications facilities shall purchase insurance policies as prescribed by Presidential Decree to cover damages that may be caused by destruction or damage of the clustered information and communications facilities or any other trouble in operation.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 46-2 (Emergency Countermeasures of Business Operators of Clustered Information and Communications Facilities)

(1) A business operator of clustered information and communications facilities may, if any of the following events occurs, suspend rendering relevant services, in whole or in part, as stipulated in the standardized user agreement: (Amended by Act nº 9637, Apr. 22, 2009; Act nº 11690, Mar. 23, 2013)

1. If it is anticipated that an abnormality found in the information system of a person who uses clustered information and communications facilities (hereinafter referred to as “user of facilities”) will probably cause a serious trouble to the information system of other users of facilities or clustered information and communications facilities;

2. If it is anticipated that an intrusion from outside will probably cause a serious trouble to the clustered information and communications facilities;

3. If there occurs a serious intrusion and the Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency requests to suspend the services.

(2) A business operator of clustered information and communications facilities shall, when it suspends its services in accordance with paragraph (1), immediately notify users of facilities of the suspension of services, specifically stating the reasons for the suspension, the date, time, period, and details of the suspension, and other related matters.

(3) A business operator of clustered information and communications facilities shall, once the event that caused suspension of services terminates, resume its services immediately.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 46-3 Deleted. (by Act nº 11322, Feb. 17, 2012)

Article 47 (Certification of Information Security Management System)

(1) With respect to the person who has established and operates a comprehensive management system, including administrative and technical protective measures, for securing stability and reliability of an information and communications network (hereinafter referred to as “information security management system”), the Minister of Science, ICT and Future Planning may certify as to whether he or she meets the standards under paragraph (4). (Amended by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar. 23, 2013; Act nº 13520, Dec. 1, 2015)

(2) A telecommunication business operator under subparagraph 8 of Article 2 of the Telecommunications Business Act, or any of the following persons, who provides or intermediates the provision of information by using telecommunications services of any telecommunication business operator, shall receive the certification under paragraph (1): (Inserted by Act nº 11322, Feb. 17, 2012; Act nº 13520, Dec. 1, 2015)

1. A person who renders information and communications services as prescribed by Presidential Decree as a person who has obtained the permission pursuant to Article 6 (1) of the Telecommunications Business Act;

2. A business operator of clustered information and communications facilities;

3. A person falling under the standards determined by Presidential Decree, whose annual sales or tax revenue, etc. is not less than 150 billion won, whose sales of the sector of information and communications services of the previous year is not less than 10 billion won, or whose average number of daily users over the past three months is not less than one million.

(3) Where a person required to be certified in accordance with paragraph (2) is certified for conformity with international standards for information protection or takes measures for information protection, as prescribed by Ordinance of the Ministry of Science, ICT and Future Planning, the Minister of Science, ICT and Future Planning may omit part of certification examination under paragraph (1). In this case, the detailed scope of omitted certification examination shall be determined and publicly notified by the Minister of Science, ICT and Future Planning. (Inserted by Act nº 13520, Dec. 1, 2015)

(4) The Minister of Science, ICT and Future Planning may, for the purpose of certification for information security management system under paragraph (1), determine and give a public notice of other necessary matters such as certification criteria, including countermeasures for managerial, technical and physical protection. (Amended by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar.23. 2013; Act nº 13520, Dec. 1, 2015)

(5) The period of validity of the certification for an information security management system under paragraph (1) shall be three years: Provided, That upon the receipt of any rating for information protection and management in accordance with Article 47-5 (1), the certification under paragraph (1) shall be deemed effective during the period of validity of such rating. Act Nº (Inserted by Act nº 11322, Feb. 17, 2012; Act nº 13520, Dec. 1, 2015)

(6) The Minister of Science, ICT and Future Planning may have the Korea Internet Security Agency or any institution (hereinafter referred to as a “certification body of information security management systems”) designated by the Minister of Science, ICT and Future Planning perform the following affairs related to the certification under paragraphs (1) and (2): (Inserted by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar.23. 2013; Act Nº Act nº 13520, Dec. 1, 2015)

1. Examination (hereinafter referred to as an “examination of certification” of verifying whether the information security management systems by established by an applicant for certification meets the standards for certification under paragraph (4);

2. Review on the results of examination of certification;

3. Issuance and management of written certifications;

4. Ex post facto management of granted certifications;

5. Fosterage and qualification management of the certification examiners of information security management systems;

6. Other affairs concerning the certification for information security management systems.

(7) The Minister of Science, ICT and Future Planning may, if necessary for the efficient conduct of affairs related to certification, designate an institution for performing affairs related to examination of certification (hereinafter referred to as an “examination institution for information security management systems”). (Inserted by Act nº 13520, Dec. 1, 2015)

(8) The Korea Internet Security Agency, a certification body for information security management systems, and an examination institution for information security management systems shall, in order to enhance the efficiency of information security management systems, perform ex post facto management at least once a year and notify the Minister of Science, ICT and Future Planning of the results thereof. (Inserted by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar.23. 2013; Act nº 13520, Dec. 1, 2015)

(9) A person who has received certification of an information security management systems in accordance with paragraphs (1) and (2) may indicate or publicize the content of the certification, as prescribed by Presidential Decree. (Amended by Act nº 11322, Feb. 17, 2012; Act nº 13520, Dec. 1, 2015)

(10) The Minister of Science, ICT and Future Planning may revoke the certification where any of the following grounds are found: Provided, That for the cases falling under subparagraph 1, the Minister of Science, ICT and Future Planning shall revoke the certification: (Inserted by Act nº 11322, Feb. 17, 2012; Act nº 11690, Mar.23. 2013; Act nº 13520, Dec. 1, 2015)

1. Having received the certification of an information security management systems in a false or otherwise unjustifiable manner;

2. Falling short of the standards for certification under paragraph (4);

3. Refusing or obstructing the ex post facto management under paragraph (8).

(11) Methods and procedures for, and scope and fees of, certification under paragraphs (1) and (2), methods and procedures for ex post facto management under paragraph (8), methods and procedures for revoking certification under paragraph (10), and other necessary mattes shall be prescribed by Presidential Decree. (Amended by Act Nº 11322, Feb. 17, 2012; Nº 13520, Dec. 1, 2015)

(12) Standards and procedures for, and period of validity, the designation of a certification body for information security management systems and an examination institution for information security management systems shall be prescribed by Presidential Decree. (Amended by Act Nº 11322, Feb. 17, 2012; ct Nº 13520, Dec. 1, 2015)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 47-2 (Revocation of Designation of Certification Body of and Examination Institution for Information Security Management Systems)

(1) If a legal entity or organization designated as a certification body for information security management system or an examination institution for information security management systems pursuant to Article 47 falls under any of the following subparagraphs, the Minister of Science, ICT and Future Planning may revoke the designation or order it to suspend the relevant business, entirely or partially, for a prescribed period of time not exceeding one year: Provided, That the designation shall be revoked without an exception, if the legal entity or organization falls under subparagraph 1 or 2: (Amended by Act Nº 11322, Feb. 17, 2012; Act Nº 11690, Mar. 23, 2013; Act Nº 13520, Dec. 1, 2015)

1. If it has obtained the designation of a certification body or an examination institution for information security management systems by deceit or in any other fraudulent mean;

2. If it has granted or examined certification during a business suspension period;

3. If it has not performed certification or examination of certification without justifiable grounds;

4. If it has performed certification or examination of certification, in violation of Article 47 (11);

5. If it no longer meets the criteria for designation under Article 47 (12).

(2) Matters necessary for the revocation of designation and suspension of business under paragraph (1) and other related matters shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 47-3 (Certification of Personal Information Management System)

(1) With respect to a person who established and is operating a comprehensive management system including administrative, technical and physical protective measures in order to systematically and continuously perform the activities for protection of personal information in the information and communications network (hereinafter referred to as “personal information management system”), the Korea Communications Commission may certify as to whether the management system meets the standards pursuant to paragraph (2).

(2) The Korea Communications Commission may, for the certification of personal information management system pursuant to paragraph (1), determine and give a public notice of standards for the certification including administrative, technical and physical protective measures and other necessary matters.

(3) Concerning the institutions which implement the personal information management system and the follow-up management, etc., Article 47 (6) through (12) shall apply mutatis mutandis thereto. In this case, the term “paragraphs (1) and (2)” shall be deemed “paragraph (1)”. (Amended by Act Nº 13520, Dec. 1, 2015)

(4) Concerning the revocation of designation, etc. of a certifying institution of the personal information management system, Article 47-2 shall apply mutatis mutandis thereto.

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 47-4 (Protection of User Information)

(1) The Government may prescribe guidelines necessary for protection of information of users to recommend users to observe the guidelines, and may take necessary measures for preventing intrusions and precluding spread of intrusions, such as inspection of weaknesses and technical support.

(2) A major provider of information and communications services may, if it is foreseen that a serious problem is likely to occur in the information system of a user who uses the services, the information and communications network, or similar provided by it because of an occurrence of a serious intrusion on its information and communications network, request the user to take necessary protective measures as stipulated by the standard user agreement, and may place a temporary restriction on access to the relevant information and communications network if the user does not perform as requested.

(3) A software business operator under Article 2 of the Software Industry Promotion Act shall, when he or she produced a program that improves weaknesses in security, notify the Korea Internet and Security Agency of its production, and shall notify users of the software of the production at least twice within one month from the date of production. (Amended by Act Nº 9637, Apr. 22, 2009)

(4) Specific details that shall be stipulated by the standard user agreement with respect to the request for protective measures under paragraph (2) and other related matters shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 47-5 (Management Rating for Information Protection)

(1) A person who has obtained the certification for information security management system pursuant to Article 47 is entitled to receive the management rating for information protection from the Minister of Science, ICT and Future Planning in order to enhance level of a corporate’s management of its comprehensive information protection and to secure users’ reliability on information protection services. (Amended by Act Nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may authorize the Korea Internet and Security Agency to perform the affairs of rating under paragraph (1). (Amended by Act Nº 11690, Mar. 23, 2013)

(3) A person who has obtained the management rating for information protection pursuant to paragraph (1) may indicate the obtained rating or advertise details of such rating as determined by Presidential Decree.

(4) In cases where the Minister of Science, ICT and Future Planning finds causes falling under any of the following subparagraphs, the Minister may revoke the aforementioned rating: Provided, That for the cases falling under subparagraph 1, the Minister shall revoke the granted rating: (Amended by Act Nº 11690, Mar. 23, 2013; Act Nº 13520, Dec. 1, 2015)

1. Where a person obtained the management rating for information protection, by fraud or other improper means;

2. Where falling short of the standards of rating pursuant to paragraph (5).

(5) Standards of review in assigning the rating pursuant to paragraph (1), the method, procedure and fee of assigning the rating, the effective term of rating, the method/procedure of revocation of rating pursuant to paragraph (4) and other necessary matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 48 (Prohibition on Intrusive Acts, etc. on Information and Communications Network)

(1) No one shall intrude on an information and communications network without a rightful authority for access or beyond a permitted authority for access.

(2) No one shall mutilate, destroy, alter, or forge an information and communications system, data, program, or similar without a justifiable grounds, nor shall convey or spread a program that is likely to interrupt operation of such system, data, program, or similar (hereinafter referred to as “malicious program”).

(3) No one shall cause a trouble to an information and communications network to interfere with stable operation of the information and communications network in purpose by sending a large amount of signals or data, letting the network process an illegitimate order or doing the similar actions.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 48-2 (Countermeasures, etc. against Intrusion Cases)

(1) The Minister of Science, ICT and Future Planning shall perform the following business affairs to take proper countermeasures against intrusion, and may have the Korea Internet and Security Agency perform all or part of the business affairs, if necessary to do so: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

1. Collection and spread of information about intrusion;

2. Precaution and warning of intrusion;

3. Emergency measures against intrusion;

4. Other countermeasures against intrusion prescribed by Presidential Decree.

(2) A person falling under any of the following subparagraphs shall furnish the Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency with the information related to intrusion cases, including statistics by type of intrusion cases, statistics of traffic of the relevant information and communications network, and statistics of use by access channel, as prescribed by Presidential Decree: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

1. A major provider of information and communications services;

2. A business operator of clustered information and communications facilities;

3. Other persons specified by Presidential Decree among those who operate an information and communications network.

(3) The Korea Internet and Security Agency shall analyze the information under paragraph (2) and report it to the Minister of Science, ICT and Future Planning. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

(4) If a business operator who is obligated to furnish the information in accordance with paragraph (2) refuses to do without a justifiable ground or furnishes false information, the Minister of Science, ICT and Future Planning may order the business operator to make a correction within a reasonable period of time prescribed by the Commission. (Amended by Act Nº 11690, Mar. 23, 2013)

(5) The Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency shall use the information furnished in accordance with paragraph (2) properly within the extent necessary for taking countermeasures against intrusion. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

(6) The Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency may, if necessary to take countermeasures against intrusion, request a person falling under any subparagraph of paragraph (2) to provide human resources for assistance. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 48-3 (Report, etc. on Intrusion Cases)

(1) A person falling under any of the following subparagraphs shall, where he or she discovers an intrusion, immediately report it to the Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency. In such cases, a notice given in accordance with Article 13 (1) of the Act on the Protection of Information and Communications Infrastructure shall be deemed a report under the foregoing sentence: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

1. A provider of information and communications services;

2. A business operator of clustered information and communications facilities.

(2) The Minister of Science, ICT and Future Planning or the Korea Internet and Security Agency shall, upon receiving a report of intrusion under paragraph (1) or being aware of an intrusion, take necessary measures under subparagraphs of Article 48-2 (1). (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11690, Mar. 23, 2013)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 48-4 (Analysis, etc. of Cause of Intrusion Cases)

(1) A person who operates an information and communications network, including a provider of information and communications services, shall analyze causes of intrusion and keep damage from intrusion at bay, whenever an intrusion occurs.

(2) The Minister of Science, ICT and Future Planning may, when a serious intrusion occurs in an information and communications network operated by a provider of information and communications services, organize a private-public joint investigation team having expertise in protection of information to conduct an analysis on causes of such intrusion in order to preclude spread of damage, take countermeasures against the intrusion, recover from damage and prevent recurrence of such intrusion. (Amended by Act Nº 11690, Mar. 23, 2013)

(3) The Minister of Science, ICT and Future Planning may, if deemed necessary for analyzing causes of an intrusion pursuant to paragraph (2), order a provider of information and communications services and a business operator of clustered information and communications facilities to preserve relevant data, such as access records of the relevant information and communications network. (Amended by Act Nº 11690, Mar. 23, 2013)

(4) The Minister of Science, ICT and Future Planning may, if deemed necessary for analyzing causes of an intrusion, demand a provider of information and communications services and a business operator of clustered information and communications facilities to submit data related to the intrusion, and also may order the private-public joint investigation team under paragraph (2) to enter into a place of business of a person involved to conduct investigation into the causes of the intrusion: Provided, That submission of data corresponding to access log data under subparagraph 11 of Article 2 of the Protection of Communications Secrets Act shall be governed by the provisions of the aforesaid Act. (Amended by Act Nº 11690, Mar. 23, 2013)

(5) The Minister of Science, ICT and Future Planning or the private-public joint investigation team shall not use the information learned through the data submitted and the investigation conducted in accordance with paragraph (4) for any purpose other than analysis of causes of the intrusion and preparation of countermeasures, and shall destroy it immediately after the analysis of causes is completed. (Amended by Act Nº 11690, Mar. 23, 2013)

(6) Necessary matters concerning the organization of the private-public joint investigation team under paragraph (2) and the protection of data submitted in relation to an intrusion in accordance with paragraph (4), and other related matters shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 49 (Protection of Secrets, etc.)

No one shall mutilate another person’s information processed, stored, or transmitted through an information and communications network, nor shall infringe, misappropriate, or divulge another person’s secret.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 49-2 (Prohibition on Collection, etc. of Personal Information by Acts of Deceit)

(1) No one shall collect another person’s information through an information and communications network by an act of deceit, nor shall entice another person by an act of deceit to furnish information.

(2) A provider of information and communications services shall, whenever it discovers a violation of paragraph (1), immediately report it to the Minister of Science, Information and Communications Technology (ICT) and Future Planning, the Korea Communications Commission, or the Korea Internet and Security Agency. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 14080, Mar. 22, 2016)

(3) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, the Korea Communications Commission, or the Korea Internet and Security Agency shall, upon receiving a report under paragraph (2) or becoming aware of a violation of paragraph (1), take the following measures as may be necessary: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 14080, Mar. 22, 2016)

1. Collection and diffusion of the information related to the violation;

2. Precaution and warning of similar damage;

3. Emergency Measures to prevent damage and spread thereof, including requesting the relevant provider of information and communications services to block access paths or to inform the users of the fact that they are exposed to an act of violating paragraph (1).

(4) The Minister of Science, Information and Communications Technology (ICT) and Future Planning, or the Korea Communications Commission may, for taking measures referred to in paragraph (3) 3, order providers of information and communications services to take necessary measures, such as sharing among themselves information regarding acts of deceit through information and communications networks. (Inserted by Act nº 14080, Mar. 22, 2016)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 50 (Restrictions on Transmission of Advertising Information for Profit)

(1) If any person intends to transmit advertising information for profit by using an electronic transmission medium, he or she shall obtain explicit prior consent from an addressee to whom such information is addressed: Provided, That where he or she falls under any of the following, he or she need not obtain prior consent: (Amended by Act Nº 14080, Mar. 22, 2016)

1. Where a person who has directly collected contact details from the addressee in his or her dealings of goods, etc. intends to transmit advertising information for profit on the same kinds of goods, etc. as those he or she manages and has dealt with the addressee within a period prescribed by Presidential Decree;

2. Where a telemarketer under the Act on Door-to-Door Sales, Etc. informs prospective customers of the collection source of their personal information by voice, and solicits them to buy products or services by means of telephone call.

(2) Notwithstanding paragraph (1), where an addressee expresses his or her intention to refuse to receive information or revokes his or her prior consent, no person who intends to transmit advertising information for profit by using an electronic transmission medium shall transmit advertising information for profit.

(3) Notwithstanding paragraph (1), a person who intends to transmit advertising information for profit by using an electronic transmission medium during the time between 9:00 pm and 8:00 am of the following day shall obtain express prior consent from the addressee of such information: Provided, That in cases of media prescribed by Presidential Decree, the forgoing shall not apply thereto.

(4) A person who transmits advertising information for profit by using an electronic transmission medium shall specify the following matters in advertising information, as prescribed by Presidential Decree:

1. The name and contact details of a sender;

2. Matters concerning measures and methods by which an addressee can easily express his or her intention to refuse to receive information or to revoke his or her consent to receive information.

(5) No person who transmits advertising information for profit by using an electronic transmission medium shall take any of the following measures:

1. Measures to avoid or interfere with an addressee’s refusal to receive or revocation of his or her consent to receive advertising information;

2. Measures to automatically generate an addressee’s contact information, such as telephone numbers and email addresses, by combining figures, codes, or letters;

3. Measures to automatically register telephone numbers or email addresses for the purpose of transmitting advertising information for profit;

4. Various measures to hide the identity of the sender of advertising information or the source from which advertising is transmitted;

5. Various measures to induce an addressee to reply by deceiving him or her for the purpose of transmitting advertising information for profit.

(6) A person who transmits advertising information for profit by using an electronic transmission medium shall take necessary measures so that an addressee does not incur any cost, such as telephone charges, when the addressee refuses to receive or revokes his or her consent to receive such information, as prescribed by Presidential Decree.

(7) Where an addressee gives prior consent under paragraph (1) or expresses his or her intention to refuse to receive or revoke his or her consent to receive advertising information under paragraph (2), a person who intends to transmit advertising information for profit by using an electronic transmission medium shall inform the relevant addressee of the outcomes of measures taken in relation to consent to receive, refusal to receive, or revocation of consent to receive advertising information, as prescribed by Presidential Decree.

(8) A person who obtains consent to receive advertising information pursuant to paragraph (1) or (3) shall regularly verify whether an addressee of advertising information consents to receive such information, as prescribed by Presidential Decree.

(This Article Wholly Amended by Act Nº 12681, May 28, 2014)

Article 50-2 Deleted. (by Act Nº 12681, May 28, 2014)

Article 50-3 (Commissioned Transmission of Advertising Information for Profit)

(1) A person who has commissioned a third party to transmit advertising information for profit on his or her behalf shall control and oversee the person to whom the transmission was commissioned to ensure that the person does not violate Article 50. (Amended by Act Nº 12681, May 28, 2014)

(2) A person to whom transmission of advertising information for profit has been commissioned under paragraph (1) shall be deemed an employee of the person who has commissioned the transmission of information in determining liability for damages caused by a violation of an Act related to such business affair.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 50-4 (Restrictions on Rendering Information Transmission Services)

(1) A provider of information and communications services may take measures to refuse rendering corresponding services in any of the following cases:

1. If transmission or reception of advertising information hinders or is likely to hinder rendering the services;

2. If a user does not want to receive advertising information;

3. Deleted. (by Act Nº 12681, May 28, 2014)

(2) If a provider of information and communications services intends to take any measure for refusal under paragraph (1) or (4), he or she shall include matters concerning the refusal of the relevant services in the terms and conditions of a contract for use of information and communications services which he or she concludes with the user of such services. (Amended by Act Nº 12681, May 28, 2014)

(3) A provider of information and communications services shall inform interested persons, such as users to whom such services are provided, of the fact that he or she has taken measures for refusal under paragraph (1) or (4): Provided, That where it is impracticable to inform them of the fact in advance, he or she shall inform them of the fact immediately after it has taken measures for refusal. (Amended by Act Nº 12681, May 28, 2014)

(4) Where services which a provider of information and communications services provides to users under a contract for use are used for transmitting advertising information for profits, in violation of Article 50 or 50-8, the relevant provider of information and communications services shall formulate necessary measures, such as refusal to provide the relevant services or fix of problmes of information and communications networks or services. (Inserted by Act nº 12681, May 28, 2014)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 50-5 (Installation of Advertising Program for Profit)

A provider of information and communications services shall, when it intends to install a program designed to display advertising information or collect personal information in a user’s computer or any other information processing device specified by Presidential Decree, obtain consent from the user. In such cases, it shall notify the purpose of use of the program and the method of deletion.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 50-6 (Distribution of Software Designed to Block Transmission of Advertising Information for Profit)

(1) The Korea Communications Commission may develop and distribute software or computer programs designed for addressees to conveniently block or report any advertising information for profit when it is transmitted in violation of Article 50.

(2) The Korea Communications Commission may provide necessary support to related public agencies, legal entities, organizations, or similar for facilitating the development and distribution of software or computer programs for cutting off or reporting transmission under paragraph (1).

(3) If telecommunications services rendered by a provider of information and communications services are used in transmitting advertising information for profit in violation of Article 50, the Korea Communications Commission may recommend the provider of information and communications services to take necessary measures, such as development of technology, education, and public relations activities to protect addressees.

(4) The method of the development and distribution under paragraph (1) and the matters necessary for the support under paragraph (2) shall be prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 50-7 (Restrictions on Posting of Advertising Information for Profit)

(1) Where any person intends to post advertising information for profit on an Internet website, he or she shall obtain prior consent from the operator or the manager of an Internet website: Provided, That in cases of a message board to which any person can have easy access without special authority and on which any person can post his or her message, he or she need not obtain prior consent.

(2) Notwithstanding paragraph (1), where the operator or the manager of an Internet website explicitly expresses his or her intention to refuse to post a notice or to revoke his or her prior consent, no person who intends to post advertising information for profit shall post advertising information for profit.

(3) The operator or the manager of the Internet website may take measures, such as deletion of advertising information for profit posted, in violation of paragraph (1) or (2).

(This Article Wholly Amended by Act Nº 12681, May 28, 2014)

Article 50-8 (Prohibition on Transmission of Advertising Information for Unlawful Act)

No one shall transmit any advertising information for goods or services prohibited by this Act or any other Act through an information and communications network.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 51 (Restriction, etc. on Outflow of Important Information to Abroad)

(1) The Government may have providers or users of information and communications services to take necessary measures to prevent outflow abroad of any important information about industry, economy, science, technology, etc. of this county through information and communications networks.

(2) The scope of the important information under paragraph (1) shall be as follows:

1. Information related to the national security and major policies;

2. Information about details of cutting-edge science and technology or equipment developed within this country.

(3) The Government may have the providers of information and communications services that manage the information under subparagraphs of paragraph (2) take the following measures: (Amended by Act Nº 14080, Mar. 22, 2016)

1. Installation of a systematic or technical device for preventing unlawful use of information and communications networks;

2. Systematic and technical measures for preventing unlawful destruction or manipulation of information;

3. Measures for preventing leakage of important information that providers of information and communications services have learned while managing the information.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 52 (Korea Internet and Security Agency)

(1) The Government shall establish the Korea Internet and Security Agency (hereinafter referred to as the “Internet and Security Agency”) to upgrade the information and communications network (excluding matters concerning establishment, improvement and management of information and telecommunications network), encourage the safe use thereof, and promote the international cooperation and advancement into the overseas market in relation to broadcasting and communications. (Amended by Act Nº 9637, Apr. 22, 2009)

(2) The Internet and Security Agency shall be a legal entity. (Amended by Act Nº 9637, Apr. 22, 2009)

(3) The Internet and Security Agency shall perform the following business affairs: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 11322, Feb. 17, 2012; Act Nº 11690, Mar. 23, 2013; Act Nº 12844, Nov. 19, 2014; Act Nº13343 Jun. 22, 2015)

1. Survey and research of laws, policies and systems for the use and protection of the information and telecommunications network, promotion of the international cooperation and advancement into the overseas market in relation to broadcasting and communications, etc.;

2. Survey and research of statistics concerning the use and protection of the information and telecommunications network;

3. Analysis of negative effects arising from the use of the information and telecommunications network and research on countermeasures;

4. Public relations activities, education, and training for using and protecting the information and telecommunications network;

5. Information protection for the information and telecommunications network, development of technologies concerning the Internet address resources and standardization thereof;

6. Support for policies for the information security industry, development of relevant technology and fostering of human resources;

7. Certification of the information security management system, implementation of and support for certification, evaluation, etc. of the information protection, such as evaluation or certification of the information security system;

8. Research of measures to protect personal information and support for development and proliferation of protection technology;

9. Support for the operation of the Dispute Mediation Committee and operation of the privacy call center;

10. Transmission of promotional information and consultation on and processing of complaints related to Internet advertisements;

11. Operation of a system to deal with intrusion cases of information and telecommunications network, analyze the causes thereof, and respond thereto;

12. Management of certification of digital signatures under Article 25 (1) of the Digital Signature Act;

13. Support for an efficient operation of the Internet and encouragement of wider use thereof;

14. Support for the protection of stored information of the Internet users;

15. Support for service policies pertaining to the Internet;

16. Protection of users and support for the proliferation of sound information on the Internet;

17. Affairs related to the management of Internet address resources under the Internet Address Resources Act;

18. Support for the operation of the Internet Address Dispute Resolution Committee under Article 16 of the Internet Address Resources Act;

19. Support for operation of the conciliation committee under Article 25 (7) of the Act on the Promotion of Information Security Industry;

20. Support for such international cooperation, overseas expansion and overseas publicity activities as are concerning broadcasting and communications;

21. Businesses incidental to those referred to in subparagraphs 1 through 20;

22. Other businesses determined to fall under the affairs of, or entrusted to, the Internet and Security Agency in accordance with this Act, or any other statute, or other businesses entrusted by the Minister of Science, ICT and Future Planning, the Minister of Interior, the Korea Communications Commission, or the head of any other administrative agency.

(4) Expenses necessary for the business affairs of the Internet and Security Agency shall be funded by the following financial resources: (Amended by Act Nº 14080, Mar. 22, 2016)

1. Government’s contributions;

2. Revenues accrued from businesses referred to in each subparagraph of paragraph (3);

3. Other revenues accrued from operating the Internet and Security Agency.

(5) The provisions governing incorporated foundations under the Civil Act shall apply mutatis mutandis to any matter not provided for in this Act with respect to the Internet and Security Agency. (Amended by Act Nº 9637, Apr. 22, 2009)

(6) Any person, other than the Internet and Security Agency, shall not use the name called “Korea Internet and Security Agency.” (Amended by Act Nº 9637, Apr. 22, 2009)

(7) Matters necessary for the operation of the Internet and Security Agency and performance of its business affairs shall be prescribed by Presidential Decree. (Amended by Act Nº 9637, Apr. 22, 2009) (Amended by Act nº 9119, Jun. 13, 2008)

CHAPTER VII.- TELECOMMUNICATIONS BILLING SERVICES

Article 53 (Registration, etc. of Provider of Telecommunications Billing Services)

(1) A person who intends to render telecommunications billing services shall meet the following requirements and complete registration with the Minister of Science, ICT and Future Planning as prescribed by Presidential Decree: (Amended by Act Nº 8867, Feb. 29, 2008; Act Nº 11690, Mar. 23, 2013)

1. Financial soundness;

2. A plan for protection of users of telecommunications billing services;

3. Human resources and physical facilities required for carrying on the business;

4. A business plan.

(2) A person eligible for the registration under paragraph (1) shall be either a company under Article 170 of the Commercial Act or a legal entity under Article 32 of the Civil Act and the total amount of its capital, contributions, or fundamental property shall not be less than the amount specified by Presidential Decree and more than 500 million won.

(3) Notwithstanding Article 22 of the Telecommunications Business Act, a provider of telecommunications billing services may omit reporting as a value-added telecommunications business operator. (Amended by Act Nº 10166, Mar. 22, 2010)

(4) Articles 23 through 26 of the Telecommunications Business Act shall apply mutatis mutandis to a revision to registration of a provider of telecommunications billing services, the transfer or acquisition of business, or the merger or inheritance of business, the succession to business, the cessation, discontinuance, dissolution, or similar of business of a provider of telecommunications billing services. In such cases, “special telecommunications business operator” shall be construed as “provider of telecommunications billing services,” and “special telecommunications business” as “telecommunications billing services.” (Amended by Act Nº 10166, Mar. 22, 2010)

(5) Detailed requirements and procedure for the registration under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.

(Article Inserted by Act Nº 8778, Dec. 21, 2007)

Article 54 (Disqualification from Registration)

A person falling under any of the following subparagraphs shall be disqualified for the registration under Article 53: (Amended by Act Nº 8867, Feb. 29, 2008; Act Nº 11690, Mar. 23, 2013)

1. A legal entity in which case one year has not elapsed since its business was discontinued pursuant to Article 53 (4) or a person who was a major shareholder of such legal entity at the time when its business was discontinued (referring to an investor specified by Presidential Decree; hereinafter the same shall apply), if one year has not elapsed since the date of discontinuance;

2. A legal entity in which case three years have not elapsed since its registration was revoked pursuant to Article 55 (1) or a person who was a major shareholder of such legal entity at the time when its registration was revoked, if three years have not elapsed since the date of revocation;

3. A legal entity that are still under rehabilitation proceedings under the Debtor Rehabilitation and Bankruptcy Act or a major shareholder of such legal entity;

4. A person who did not perform his or her obligations within an agreed time limit in a banking transaction or any other commercial transaction and who is specified by the Minister of Science, ICT and Future Planning;

5. A legal entity any of whose major shareholders falls under any provision of subparagraphs 1 through 4.

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 55 (Order to Revoke Registration)

(1) Where a provider of telecommunications billing services makes a registration by fraud or other improper means, the Minister of Science, ICT and Future Planning shall revoke the registration. (Amended by Act nº13343 Jun.22, 2015)

(2) The procedure for the disposition under paragraph (1) and other necessary matters shall be prescribed by Presidential Decree.

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 56 (Reporting on Standard Contract Form)

(1) Every provider of telecommunications billing services shall prepare a standard contract form on telecommunications billing services and report it to the Minister of Science, ICT and Future Planning (including reporting on a revision thereto). (Amended by Act Nº 8867, Feb. 29, 2008; Act Nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may, if it is found that a standard contract form under paragraph (1) is likely to undermine users’ interest of telecommunications billing services, recommend the relevant provider of telecommunications billing services to revise the standard contract form. (Amended by Act Nº 8867, Feb. 29, 2008; Act Nº 11690, Mar. 23, 2013)

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 57 (Securing Safety in Telecommunications Billing Services)

(1) Every provider of telecommunications billing services shall perform his or her duty to pay attention as a good manager so that telecommunications billing services may be provided in a safe manner. (Amended by Act Nº 12681, May 28, 2014)

(2) Every provider of telecommunications billing services shall take administrative measures, including formulation of guidelines for work process and classification of accounts, and technical measures, including establishment of an information protection system, to secure safety and reliability of transactions through telecommunications billing services as prescribed by Presidential Decree.

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 58 (Rights of Providers of Telecommunications Billing Services)

(1) When the price for goods, etc. sold or provided must be paid, or a provider of telecommunications billing services charges the price therefor, it shall notify the users of telecommunications billing services of the following matters: (Amended by Act nº 10560, Apr. 5, 2011; Act nº 12681, May 28, 2014)

1. Date and time telecommunications billing services are used;

2. Trade name and contact information of the other party (referring to a person who sells and/or provides goods/services in a transaction through telecommunications billing services; hereinafter referred to as “other party to a transaction”);

3. Amount purchased/used through telecommunications billing services and details thereof;

4. Methods of raising an objection and contact information.

(2) A provider of telecommunications billing services shall provide users of telecommunications billing services with a method by which users can verify the details of purchase and use, and shall also furnish a user, upon request, with a written statement on the details of purchase and use (including an electronic document; hereinafter the same shall apply) within two weeks from the date requested.

(3) A user of telecommunications billing services discovers that the telecommunications billing services have been rendered against his or her will, he or she may request the provider of telecommunications billing services to make corrections (excluding cases where there is an intentional act or negligence on the part of the user of the telecommunications billing services), and where the provider of telecommunications billing services finds that the user’s request for making corrections is reasonable, he or she shall withhold the payment of the price for use to a seller and notify the user of the results thereof within two weeks from the date such correction was requested. (Amended by Act Nº 12681, May 28, 2014)

(4) Every provider of telecommunications billing services shall preserve records of telecommunications billing services during the period, within the limit of five years, prescribed by Presidential Decree.

(5) Where a provider of telecommunications billing services (a person who provides services under Article 2 (1) 10 (a)) provides telecommunications billing services or increases the upper limits of use, it shall obtain consent from a user of the relevant telecommunications billing services in advance. (Inserted by Act nº 12681, May 28, 2014)

(6) When a provider of telecommunications billing services (a person who provides services under Article 2 (1) 10 (a)) amends any of the contractual terms and conditions, he or she shall notify users of the amendment thereof one month prior to the effective date of the amended contractual terms and conditions. In such cases, a user who has an objection to the amended contractual terms and conditions may terminate the contract for telecommunications billing services. (Inserted by Act nº 12681, May 28, 2014)

(7) The period, types, and scope of the details of purchase and use which a provider of telecommunications billing services should provide pursuant to paragraph (2), types and methods of preservation of the records which a provider of telecommunications billing services should preserve pursuant to paragraph (4), and matters necessary for the termination of the contract, such as methods of notifying amendment to the contractual terms and conditions, the period and procedures for raising an objection, shall be prescribed by Presidential Decree. (Amended by Act Nº 12681, May 28, 2014)

(8) The Minister of Science, ICT, and Future Planning shall prescribe and provide a public notice of matters necessary for methods for giving consent, etc. under paragraph (5). (Inserted by Act nº 12681, May 28, 2014)

(9) The Minister of Science, ICT, and Future Planning may prescribe and give a public notice of detailed matters concerning methods for settling accounts, etc. so that telecommunications billing services are not provided against the will of users of telecommunications billing services. (Inserted by Act nº 12681, May 28, 2014)

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 59 (Dispute Resolution)

(1) Every provider of telecommunications billing services may install and operate an institution or organization that voluntary resolves disputes to protect rights and interests of users.

(2) Every provider of telecommunications billing services shall prepare a procedure for raising an objection by users of telecommunications billing services in connection with the services and redressing damages to their rights, as prescribed by Presidential Decree, and where he or she enters into a contract for telecommunications billing services, he or she shall stipulate such procedure in the terms and conditions of the contract. (Amended by Act Nº 12681, May 28, 2014)

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 60 (Liability for Damages)

(1) A provider of telecommunications billing services shall be liable for damages caused to a user of the telecommunications billing services while rendering the services: Provided, That the same shall not apply in cases where the damages were caused by an intentional act or gross negligence on the part of the user of the telecommunications billing services.

(2) A provider of telecommunications billing services shall negotiate with the claimant to damages for agreement on compensation for the damages under paragraph (1).

(3) If parties fail to or are unable to reach an agreement on compensation for damages under paragraph (2), either party may file an application for decision with the Korea Communications Commission. (Amended by Act Nº 8867, Feb. 29, 2008)

(Article Inserted by Act nº 8778, Dec. 21, 2007)

Article 61 (Restriction on Use of Telecommunications Billing Services)

The Minister of Science, ICT and Future Planning may order a provider of telecommunications billing services to deny, suspend, or place a restriction on the services against a person falling under any of the following subparagraphs: (Amended by Act Nº 8867, Feb. 29, 2008; Act Nº 11048, Sep. 15, 2011; Act Nº 11690, Mar. 23, 2013)

1. A person who sells, lends, provides any unwholesome medium for juvenile to juvenile in violation of Article 16 of the Juvenile Protection Act;

2. A person who undermines interests of users of telecommunications billing services seriously by enticing the users to purchase or use goods or services in any of the following means:

(a) Transmitting any advertising information for profit in violation of Article 50;

(b) Deceiving or enticing users of telecommunications billing services wrongfully;

3. A person who sells or renders goods or services prohibited by this Act or any other Act.

(Article Inserted by Act nº 8778, Dec. 21, 2007)

CHAPTER VIII INTERNATIONAL COOPERATION

Article 62 (International Cooperation)

The Government shall maintain cooperate reciprocally with other nations or international organizations in carrying out the following affairs:

1. Affairs related to the transfer of personal information between nations and the protection of personal information;

2. Affairs for the protection of juvenile in information and communications networks;

3. Affairs for the prevention of acts that undermine safety of information and communications networks;

4. Other affairs for the facilitation of sounder and safer use of information and communications services.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 63 (Protection of Personal Information Transferred Abroad)

(1) Any provider of information and communications services or similar shall not conclude an international contract with any term or condition in violation of this Act with respect to personal information of users.

(2) A provider, etc. of information and communications services shall obtain consent of the users in the case of intending to provide (including being inquired of), entrust management of, or deposit, such users’ personal information, to overseas (hereafter referred to as “transfer” in this Article): Provided, That the said provider, etc. of information and communications services may not go through a procedure for consent to either entrustment of management, or deposit, of the relevant personal information where such transfer is necessary for implementing a contract on the provision of information and communications services and promoting the users’ convenience, and such provider, etc. discloses all the matters referred to in each subparagraph of paragraph (3) pursuant to Article 27-2 (1) or informs such matters to the users in a manner prescribed by Presidential Decree, including by means of email. (Amended by Act Nº 14080, Mar. 22, 2016)

(3) A provider of information and communications services or similar who desires to obtain the consent under paragraph (2) shall notify the relevant user of all the following matters in advance:

1. Items of the personal information transferred;

2. A nation to which the personal information is to be transferred, the date and time, and methods of transfer;

3. The name of the person to whom the personal information is to be transferred (referring to the name of a legal entity and the contact information of the person responsible for management of information, if the person is a legal entity);

4. The purposes of use of the person to whom the personal information is to be transferred, and the period of time for possession and use of the personal information.

(4) A provider of information and communications services or similar shall, when it transfers personal information to abroad with consent under paragraph (2), take protective measures, as prescribed by Presidential Decree.

(Amended by Act nº 9119, Jun. 13, 2008)

CHAPTER IX SUPPLEMENTARY PROVISIONS

Article 64 (Submission of Data)

(1) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may require a provider of information and communications services or similar (including a person to whom this Article shall apply mutatis mutandis pursuant to Article 67; hereafter the same shall apply in this Article) to submit related articles, documents, and others in any of the following cases: (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11322, Feb. 17, 2012; Act Nº 11690, Mar. 23, 2013)

1. If he or she becomes aware of a violation or suspected violation of this Act;

2. If he or she receives a report or petition on a violation of this Act;

2-2. If it occurs, or is likely to occur, an event/accident or others which noticeably damages safety and reliability of users’ information;

3. If there is any other ground specified by Presidential Decree to believe that it is necessary for the protection of users.

(2) The Korea Communications Commission may, when it intends to take the following measures against a person who transmitted any advertising information for profit in violation of this Act, request a provider of information and communications services or similar to let it peruse or to submit data of the person who transmitted the advertising information, such as the name, address and national identification number of the person and the period of time of access:

1. Corrective measures under paragraph (4);

2. Imposition of administrative fines under Article 76;

3. Any similar measures.

(3) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may, if a provider, etc. of information and communications services fails to submit data under paragraph (1) or (2) or if it is found that a provider of information and communications services or similar has violated this Act, assign public officials under his or her control to enter the place of business of the person concerned related to the such violation of this Act, including the provider, etc. of information and communications services, to inspect the current status of business, account books, documents, and others. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013; Act Nº 14080, Mar. 22, 2016)

(4) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may order a provider of information and communications services or similar who violated this Act to take corrective measures as may be necessary to stop or correct the violation, and may also require a provider of information and communications services or similar to whom it was ordered to take corrective measures to announce to the public the fact that it received the order to take such corrective measures. In such cases, the matters necessary for the method, guidelines, and procedure for the public announcement and other related matters shall be prescribed by Presidential Decree. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(5) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may, when he or she issued an order to take corrective measures as may be necessary pursuant to paragraph (4), disclose to the public the fact that he or she issued the order to take corrective measures. In such cases, the matters necessary for the method, guidelines, and procedure for the public disclosure and other related matters shall be prescribed by Presidential Decree. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(6) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall, when he or she demands submission or inspection of data or other materials pursuant to paragraph (1) or (2), give a written notice (including an electronic document), specifically stating the reasons and legal authority for such demand, the time limit for submission or the date and time for inspection, the details of data subject to the submission or inspection, and other related matters. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(7) When a inspection under paragraph (3) is to be conducted, the plan for the inspection, including the date and time of, and the reasons for and details of the inspection, shall be notified to the relevant provider of information and communications services or similar no later than seven days before the commencement of the inspection: Provided, That the plan for such inspection shall not be notified in an emergency case or if it is deemed impossible to accomplish the purposes of the inspection because of anticipated destruction of evidence or any other factor if a prior notice is given.

(8) The public officials who inspect pursuant to paragraph (3) shall carry an identification indicating their authority with them to present it to people concerned, and shall deliver to the people concerned a document stating their names, the time and purposes of access, and other related matters, whenever they access to a place of business.

(9) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall, where he or she receives, peruses, or inspects data or any other material submitted pursuant to any provision of paragraphs (1) through (3), notify the relevant provider of information and communications services or similar of the results thereof (including the details of disposition, in cases where he or she intends to make a disposition, such as an order to take corrective measures, as a result of the inspection) in writing. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(10) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may ask technical advice or any other support of the head of the Internet and Security Agency as may be necessary in demanding submission of data or conducting an inspection pursuant to paragraphs (1) through (4). (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(11) The demand for submission of data or any other materials and the inspections under paragraphs (1) through (3) shall be limited to the least extent necessary for the enforcement of this Act, and shall be not abused for any other purpose.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 64-2 (Protection and Destruction of Data, etc.)

(1) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall not, if asked by a provider of information and communications services or similar to protect documents, data, or any other materials submitted or collected pursuant to Article 64, furnish them to a third party or disclose them to the general public. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall, when having received data submitted through an information and communications network or converted collected data or any other materials into an electronic format, take systematic and technical measures for security to protect personal information, trade secret, or similar from being leaked. (Amended by Act Nº 10465, Mar 29, 2011; Act Nº 11690, Mar. 23, 2013)

(3) The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall, if any of the following events occurs, immediately destroy documents, data, or any other materials submitted or collected pursuant to Article 64, except as specifically provided for otherwise by any other Act. The same shall apply to a person to whom the authority of the Minister of Science, ICT and Future Planning or the Korea Communications Commission has been delegated or entrusted in whole or in part under Article 65: (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

1. If the objectives of demanding submission of data, conducting a field inspection, or issuing an order to take corrective measures pursuant to Article 64 have been achieved;

2. If an administrative trial or administrative litigation is filed against an order issued to take corrective measures pursuant to Article 64 (4), when proceedings of such administrative trial are completed;

3. If a disposition is made to impose an administrative fine under Article 76 (4) and there is no objection to it, when the time period to raise an objection under paragraph (5) ends;

4. If there is an objection filed against disposition of an administrative fine under Article 76 (4), when the proceedings for the non-contentious case procedure are closed at the competent court.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 64-3 (Imposition, etc. of Penalty Surcharges)

(1) The Korea Communications Commission may impose, on a provider of information and communications services or similar, an amount equivalent to 3/100 or less of its sales related to a violation as a penalty surcharge, where he or she performs any of the following acts: (Amended by Act Nº 11322, Feb. 17, 2012; Act Nº 12681, May 28, 2014; Act Nº 14080, Mar. 22, 2016)

1. Where he or she collects personal information without consent of the relevant user in violation of Article 22 (1) (including cases where Article 22 (1) shall apply mutatis mutandis pursuant to Article 67);

2. Where he or she collects personal information that is likely to seriously undermine rights, interests, or privacy of a person without consent of the relevant user in violation of Article 23 (1) (including cases where Article 23 (1) shall apply mutatis mutandis pursuant to Article 67);

3. Where he or she uses personal information in violation of Article 24 (including cases where Article 24 shall apply mutatis mutandis pursuant to Article 67);

4. Where he or she furnishes a third party with personal information in violation of Article 24-2 (including cases where Article 24-2 shall apply mutatis mutandis pursuant to Article 67);

5. Where he or she entrusts a third party with the management of personal information without consent of the relevant user in violation of Article 25 (1) (including cases where Article 25 (1) shall apply mutatis mutandis pursuant to Article 67);

5-2. Where a trustee violates the provisions of Chapter IV because it has neglected its control, supervision or education under Article 25 (4) (including cases where Article 25 (4) shall apply mutatis mutandis pursuant to Article 67);

6. Where he or she has lost, stolen, divulged, forged, altered, or mutilated a user’s personal information, and not taken measures under Article 28 (1) 2 through 5 (including cases where Article 28 (1) 2 through 5 shall apply mutatis mutandis pursuant to Article 67);

7. Where he or she collects personal information of a child under 14 years old without consent of his or her legal representative in violation of Article 31 (1) (including cases where Article 31 (1) shall apply mutatis mutandis pursuant to Article 67);

8. Where he or she provides any user’s personal information to overseas without obtaining consent from the user in violation of the main sentence of Article 63 (2).

(2) Where a provider of information and communications services or similar on whom penalty surcharge under paragraph (1) has been imposed refuses to submit data for computation of its sales or submits any false data, the sales may be estimated on the basis of accounting records such as financial statements, and the current status of business, such as the number of subscribers and the service charges of other providers of information and communications services which is similar in size: Provided, That penalty surcharge not exceeding 400 million won may be imposed where there was no sales or it is impracticable to compute the sales and where there is a ground specified by Presidential Decree. (Amended by Act Nº 11322, Feb. 17, 2012)

(3) The Korea Communications Commission shall, when it intends to impose penalty surcharge under paragraph (1), take the following factors into consideration:

1. The substance and degree of the violation;

2. The duration and frequency of the violation;

3. The amount of profits acquired by the violation.

(4) The penalty surcharge under paragraph (1) shall be computed by taking the factors under paragraph (3) into consideration, but the specific guidelines and procedures for the computation shall be prescribed by Presidential Decree.

(5) The Korea Communications Commission shall, if a person who is obligated to pay penalty surcharges under paragraph (1) fails to pay them by a deadline, collect an additional charge equivalent to 6/100 of the unpaid penalty surcharge per annum beginning on the day immediately following the deadline.

(6) The Korea Communications Commission shall, if a person who is obligated to pay penalty surcharges under paragraph (1) fails to pay them by a deadline, remind the person to pay them within a period of time prescribed by the Commission, and shall collect them in accordance with the precedents for disposition against default on national taxes, if the person fails to pay the penalty surcharges and the additional charges under paragraph (5) within the prescribed period of time.

(7) Where penalty surcharges imposed pursuant to paragraph (1) shall be refunded due to a judgment of a court or any other reason, an additional amount equivalent to 6/100 of the penalty surcharge per annum shall be paid from the date the penalty surcharges are paid and until the date they are refunded.

(Article Inserted by Act nº 9119, Jun. 13, 2008)

Article 64-4 (Hearing)

The Minister of Science, ICT and Future Planning or the Korea Communications Commission shall hold a hearing in cases falling under any of the following subparagraphs:

1. in the case of intending to revoke the designation of a certification body in accordance with Article 9 (2);

2. in the case of intending to revoke the designation of an identification service agency in accordance with Article 23-4 (1);

3. in the case of intending to revoke certification of an information security management system in accordance with Article 47 (10) (including cases where Article 47 (10) applies mutatis mutandis in accordance with Article 47-3 (3));

4. in the case of intending to revoke the designation of a certification body for information security management system in accordance with Article 47-2 (1) (including cases where Article 47-2 (1) applies mutatis mutandis in accordance with Article 47-3 (4));

5. in the case of intending to revoke any rate of information security management system in accordance with Article 47-5 (4);

6. in the case of intending to revoke the registration in accordance with Article 55 (1).

(Article Inserted by Act nº 13520, Dec. 1, 2015)

Article 65 (Delegation and Entrustment of Authority)

(1) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may delegate or entrust part of his or her authority under this Act to the heads of agencies under the control of the Ministry of Science, ICT and Future Planning or the presidents of the regional Korea posts, as prescribed by Presidential Decree. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(2) The Minister of Science, ICT and Future Planning may entrust projects under Article 13 for facilitating the use of information and communications networks to the National Information Society Agency under Article 14 of the Framework Act on National Informatization, as prescribed by Presidential Decree. (Amended by Act Nº 11690, Mar. 23, 2013)

(3) The Minister of Science, ICT and Future Planning or the Korea Communications Commission may entrust the Internet and Security Agency with business affairs related to demanding submission of data and conducting inspections pursuant to Article 64 (1) and (2), as prescribed by Presidential Decree. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(4) Article 64 (8) shall apply mutatis mutandis to employees of the Internet and Security Agency under paragraph (3). (Amended by Act Nº 9637, Apr. 22, 2009)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 65-2 Deleted. (by Act nº 7812, Dec. 30, 2005)

Article 66 (Confidentiality. etc.)

A person who engages or engaged in a job related to any of the following business affairs shall not divulge to another person any secret that he or she has learned while performing his or her duties, nor use it for any purpose other than performance of his or her duties: Provided, That the same shall not apply if any other Act specifically provides otherwise: (Amended by Act Nº 11322, Feb. 17, 2012)

1. Deleted; (by Act nº 10465, Mar. 29, 2011);

2. Certification of information security management system under Article 47;

2-2. Affairs of the certification of personal information management system pursuant to Article 47-3;

3. Assessment of information protection systems under Article 52 (3) 4;

4. Deleted; (by Act nº 11322, Feb. 17, 2012) ;

5. Conciliation of disputes by the defamation dispute conciliation division under Article 44-10.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 67 (Application Mutatis Mutandis to Broadcasting Business Operator)

(1) Chapter 4 shall apply mutatis mutandis to the cases where a person falling under subparagraph 3 (a) through (e) of Article 2, subparagraph 6, 9, 12 and 14 of the Broadcasting Act collects/uses or provides personal information of viewers. In this case, the term “provider of information and communications services” or “provider of information and communications services or similar” shall be construed as “person falling under subparagraph 3 (a) through (e) of Article 2, subparagraph 6, 9, 12 and 14 of the Broadcasting Act” and the term “users” shall be construed as “viewers”.

(2) Articles 22, 23, 23-2 through 23-4, 24, 24-2, 26, 26-2, 27, 27-2, 27-3, 28, 28-2, 29, 30, 30-2 and 31 shall apply mutatis mutandis to the trustees under Article 25 (1).

(Article Inserted by Act nº 11322, Feb. 17, 2012)

Article 68 Deleted. (by Act nº 10165, Mar. 22, 2010)

Article 68-2 Deleted (by Act nº 13343, Jun. 22, 2015)

Article 69 (Legal Fiction as Public Official in Application of Penalty Provisions)

Executives and employees of the National Information Society Agency and the Internet and Security Agency who engage in the business affairs entrusted by the Minister of Science, ICT and Future Planning or the Korea Communications Commission pursuant to Article 65 (2) or (3) shall be deemed public officials in applying Articles 129 through 132 of the Criminal Act. (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 69-2 (Accusation)

(1) In cases where an act falling under any subparagraph of Article 64-3 (1) is deemed existing, the Korea Communications Commission may accuse the responsible provider of information and communications services or similar to the local prosecutor’s office or other investigative agencies.

(2) The Korea Communications Commission may recommend a provider, etc. of information and communications services violating this Act with respect to the protection of personal information to take disciplinary action against the responsible person (including its representative and responsible executive officers). In this case, the person in receipt of such recommendation shall have regard thereto and notify the Korea Communications Commission of the result thereof. (Inserted by Act nº 14080, Mar. 22, 2016)

(Article Inserted by Act nº 11322, Feb. 17, 2012)

CHAPTER X.- PENALTY PROVISIONS

Article 70 (Penalty Provisions)

(1) A person who commits defamation of another person by disclosing a fact to the public through an information and communications network purposely to disparage his or her reputation shall be punished by imprisonment with labor for up to three years, or by fine not exceeding 30 million won. (Amended by Act Nº 12681, May 28, 2014)

(2) A person who commits defamation of another person by disclosing a false fact to the public through an information and communications network purposely to disparage his or her reputation shall be punished by imprisonment with labor for up to seven years, by suspension of qualification for up to ten years, or by fine not exceeding 50 million won.

(3) The public prosection may not prosecute a person who committed a crime under paragraph (1) or (2) against the victim’s will explicitly manifested.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 70-2 (Penalty Provisions)

A person who conveys or spread a malicious program in violation of Article 48 (2) shall be punished by imprisonment with labor of up to seven years or by fine not exceeding 70 million won.

(Article Inserted by Act nº 14080, Mar. 22, 2016)

Article 71 (Penalty Provisions)

Any of the following persons shall be punished by imprisonment with labor for up to five years or by fine not exceeding 50 million won: (Amended by Act Nº 14080, Mar. 22, 2016)

1. A person who collects personal information without consent of the relevant user in violation of Article 22 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

2. A person who collects personal information that is likely to seriously undermine rights, interests, or privacy of an individual without consent of the relevant user in violation of Article 23 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

3. A person who uses or furnishes a third party with personal information, or who knowingly received such personal information for profit or for any other wrongful purpose, in violation of Article 24, 24-2 (1) or (2), or 26 (3) (including cases to which any of the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);

4. A person who entrusts someone with management of personal information without consent of the relevant user in violation of Article 25 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

5. A person who mutilates, infringes, or divulges personal information in violation of Article 28-2 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

6. A person who knowingly receives any divulged personal information for profit or for any other wrongful purpose in violation of Article 28-2 (2);

7. A person who furnishes someone with personal information or uses thereof without taking necessary measures in violation of Article 30 (5) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Articles 30 (7), 31 (3), or 67);

8. A person who collects personal information of a child under 14 years old without consent of his or her legal representative in violation of Article 31 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

9. A person who intrudes on an information and communications network in violation of Article 48 (1);

10. A person who causes a trouble to an information and communications network in violation of Article 48 (3);

11. A person who mutilates another person’s information or who infringes, misappropriates, or divulges another person’s secret in violation of Article 49.

(2) An attempt to commit a crime referred to in paragraph (1) 9 shall be punished. (Inserted by Act nº 14080, Mar. 22, 2016)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 72 (Penalty Provisions)

(1) A person falling under any of the following subparagraphs shall be punished by imprisonment with labor for up to three years or by a fine not exceeding 30 million won: (Amended by Act Nº 12014, Jan. 20, 2015; Act No .13343 Jun. 22, 2015)

1. Deleted; (by Act nº 14080, Mar. 22, 2016)

2. A person who collects another person’s personal information in violation of Article 49-2 (1);

2-2. A person who transmits any advertising information in violation of Article 50-8 by using the situation of any large-scale disaster under Article 14 (1) of the Framework Act on the Management of Disasters and Safety;

3. A person who carries on a business without the registration under Article 53 (1);

4. A person who lends a loan to someone or intermediates such loan by committing any of the following acts:

(a) Conducting, or engaging someone to conduct vicariously, a transaction through telecommunications billing services by pretending sale or supply of goods or services or billing more than an actual selling price;

(b) Engaging a user of telecommunications billing services to purchase or use certain goods or services through telecommunications billing services and then purchasing, at a discount, the goods or services purchased or used by the user of telecommunications billing services;

5. A person who divulges to another person any secret known to him or her while performing his or her duties or uses such secret for any purpose other than his or her duties in violation of Article 66.

(2) Deleted. (by Act nº 14080, Mar. 22, 2016)

(Amended by Act nº 9119, Jun. 13, 2008)

Article 73 (Penalty Provisions)

Any of the following persons shall be punished by imprisonment with labor for not more than two years or by a fine not exceeding 20 million won: (Amended by Act Nº 12681, May 28, 2014; Act Nº 14080, Mar. 22, 2016)

1. A person who has a user’s personal information lost, stolen, leaked, forged, altered, or damaged because he or she has not taken technical and administrative measures under any provision of Article 28 (1) 2 through 5 (including cases where the aforesaid provision is applied mutatis mutandis pursuant to Article 67);

1-2. A person who fails to destroy personal information, in violation of Article 29 (1) (including cases where the aforesaid provision is applied mutatis mutandis pursuant to Article 67);

2. A person who provides an unwholesome medium for juveniles for profit without labeling it as an unwholesome medium in violation of Article 42;

3. A person who transmits to a juvenile any information containing advertisement of an unwholesome medium for juveniles or displays such information openly without taking any measures to restrict access by juveniles in violation of Article 42-2;

4. A person who uses a user’s information for any purpose other than filing a civil or criminal lawsuit in violation of Article 44-6 (3);

5. A person who fails to perform an order of the Korea Communications Commission under Article 44-7 (2) or (3);

6. A person who fails to preserve relevant data in violation of an order issued pursuant to Article 48-4 (3);

7. A person who entices another person to furnish him or her with personal information in violation of Article 49-2 (1);

8. A person who fails to perform an order issued pursuant to Article 61.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 74 (Penalty Provisions)

(1) Any of the following persons shall be punished by imprisonment with labor for up to one year or by a fine not exceeding 10 million won: (Amended by Act Nº 11322, Feb. 17, 2012; Act Nº 12681, May 28, 2014)

1. A person who puts any similar label on a product or sells a product bearing any similar label, or who displays such product with intent to sell it, in violation of Article 8 (4);

2. A person who distributes, sells, lends, or openly displays any obscene codes, letters, sound, images, or motion pictures in violation of Article 44-7 (1) 1;

3. A person who makes any codes, letters, sound, images, or motion pictures arousing fear or apprehension reach another person repeatedly in violation of Article 44-7 (1) 3;

4. A person who takes measures, in violation of Article 50 (5);

5. Deleted. (by Act nº 12681, May 28, 2014)

6. A person who transmits any advertising information, in violation of Article 50-8;

7. A person who fails to file for any revision to registration, or who fails to file a report on transfer, acquisition, merger, or inheritance of business, in violation of Article 53 (4).

(2) The public prosecution may not prosecute a person who committed a crime under paragraph (1) 3 against the victim’s will explicitly manifested.

(Amended by Act nº 9119, Jun. 13, 2008)

Article 75 (Joint Penalty Provisions)

If a representative of a corporation, or an agent, an employee, or other servant of the corporation commits a violation under Articles 71 through 73 or 74 (1) in connection with the business of the corporation or the individual, not only shall such violator be punished accordingly, but the corporation or the individual shall be punished by a fine under the relevant Article: Provided, That this shall not apply where the corporation or individual has not been negligent in giving the due attention and supervision concerning the relevant duties to prevent such violation.

(This Article Amended by Act Nº 10138, Mar. 17, 2010)

Article 75-2 (Confiscation and Additional Collection)

Money and goods, or other profits received by a person committing any offence referred to in Article 71 (1) 1 through 8, Article 72 (1) 2, and subparagraphs 1, 1-2 and 7 of Article 73 with respect to the relevant violation may be confiscated, and if impossible to confiscate such money and goods or other profits, the value thereof may be additionally collected. In this case, the penalty of confiscation or additional collection may be imposed in addition to any other penalty.

(Article Inserted by Act nº 14080, Mar. 22, 2016)

Article 76 (Administrative Fines)

(1) Any of the following persons and a person who made a third party commit an act falling under subparagraphs 7 through 11, shall be punished by an administrative fine not exceeding 30 million won: (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11322, Feb. 17, 2012; Act Nº 11690, Mar. 23, 2013; Act Nº 12681, May 28, 2014; Act Nº 13520, Dec. 1, 2015; Act Nº 14080, Mar. 22, 2016)

1. A person who refuses to provide services, in violation of Article 22-2 (2), or Article 23 (3) (including where the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);

1-2. A person who fails to take measures necessary to protect users’information such as devising methods for users to give or revoke consent to access authority, in violation of Article 22-2 (3) (including where the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

2. A person who collects or uses resident registration numbers in violation of Article 23-2 (1) or fails to take necessary measures in violation of Article 23-2 (2) (including cases where the aforesaid provision applies mutatis mutandis pursuant to Article 67);

2-2. A person who either fails, in obtaining consent to provision of personal information or entrustment of management thereof, to obtain it separately from consent to collection and use of personal information, or refuses to provide services on the ground that there exists no consent to such provision or entrustment, in violation of Article 24-2 (3) (including cases where Article 24-2 (3) shall apply mutatis mutandis in accordance with Article 67);

2-3. A person who fails to give notice or report to users, the Korea Communications Commission, and the Korea Internet Security Agency, in violation of Article 27-3 (1) (including where the aforesaid provision shall apply mutatis mutandis pursuant to Article 67), or gives notice or reports thereto after 24 hours have elapsed without just cause;

2-4. A person who fails to provide an explanation under Article 27-3 (3) or makes a false explanation;

3. A person who fails to take technical and administrative measures under Article 28 (1) (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);

4. A person who fails to take measures, such as the destruction of personal information, in violation of Article 29 (2) (including cases where the aforesaid provision apply mutatis mutandis pursuant to Article 67);

5. A person who fails to take necessary measures, in violation of Article 30 (3), (4), or (6) (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 30 (7), 31 (3), or 67);

5-2. A person who fails to notify details of personal information used, in violation of the main sentence of Article 30-2 (1) (including cases to which the aforesaid provisions shall apply mutatis mutandis pursuant to Article 67);

6. Deleted. (by Act Nº 12681, May 28, 2014)

6-2. A person who fails to report the designation of the chief information protection officer, in violation of Article 45-3 (1);

6-3. A person who fails to receive certification of an information security management system in violation of Article 47 (2);

7. A person who transmits any advertising information for profit, in violation of Article 50 (1) through (3);

8. A person who fails to state the matters required to be stated, or who states false information on such matters, when he or she transmitted any advertising information, in violation of Article 50 (4);

9. A person who makes an addressee bear the burden of any expense, in violation of Article 50 (6);

9-2. A person who fails to verify whether an addressee gives consent to receive advertising information, in violation of Article 50 (8);

10. A person who installs a program without consent of the relevant user, in violation of Article 50-5;

11. A person who posts any advertising information for profit on an Internet webpage, in violation of Article 50-7 (1) or (2);

12. A person who fails to observe an order issued by the Minister of Science, ICT and Future Planning or the Korea Communications Commission pursuant to Article 64 (4) in violation of this Act.

(2) Any of the following persons shall be punished by an administrative fine not exceeding 20 million won: (Amended by Act Nº 14080, Mar. 22, 2016)

1. A person who fails to disclose or notify the matters concerning the entrustment of management of personal information to users, in violation of Article 25 (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

1-2. A person who re-entrusts a third party with the management of personal information without obtaining a consent from a provider, etc. of information and communications, in violation of Article 25 (7) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

2. A person who fails to notify a user of transfer of personal information in violation of Article 26 (1) or (2) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

3. A person who fails to designate a person responsible for protection of personal information, in violation of Article 27 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

4. A person who fails to disclose the policy on managing personal information, in violation of Article 27-2 (1) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

5. A person who discloses all the matters referred to in each subparagraph of Article 63 (3) in violation of the proviso to Article 63 (2) or entrusts the management of, or deposits, user’s personal information, to overseas without informing the user.

(3) Any of the following persons shall be punished by an administrative fine not exceeding 10 million won: (Amended by Act Nº 9637, Apr. 22, 2009; Act Nº 10560, Apr. 5, 2011; Act Nº 11322, Feb. 17, 2012; Act Nº 12681, May 28, 2014; Act Nº 13520, Dec. 1, 2015; Act Nº 14080, Mar. 22, 2016)

1. and 2. Deleted; (by Act Nº Act Nº13343 Jun. 22, 2015)

2-2. A person who engages in the identification service without being designated as the identification service agency, in violation of Article 23-3 (1);

2-3. A person who fails to notify the suspension of identification service under Article 23-3 (2) or the discontinuation of identification service under Article 23-3 (3) to users or report the same to the Korea Communications Commission;

2-4. A person who continuously engages in identification service notwithstanding disposition for suspension of identification service and cancelation of the identification service agency under Article 23-4 (1);

2-5. A person who fails to entrust in writing the management of personal information in violation of Article 25 (6) (including cases to which the aforesaid provision shall apply mutatis mutandis pursuant to Article 67);

3. A person who fails to designate a person responsible for protection of juveniles in violation of Article 42-3 (1);

4. A person who fails to preserve information, in violation of Article 43;

5. A person who fails to be subscribed insurance, in violation of Article 46 (2);

6. Deleted; (by Act Nº 13520, Dec. 1, 2015);

7. A person who falsely advertises details of the certification he or she has obtained, in violation of Article 47 (9);

8. and 9. Deleted; (by Act Nº 11322, Feb. 17, 2012)

10. A person who fails to give notice to users of software, in violation of Article 47-4 (3);

11. A person who fails to comply with an order issued pursuant to Article 48-2 (4) to take corrective measures;

11-2. A person who fails to report any intrusion, in violation of Article 48-3 (1);

12. A person who interferes with, refuses, or evades access to the place of business to conduct an inspection under Article 48-4 (4);

12-2. A person who fails to comply with an order issued by the Minister of Science, Information and Communications Technology (ICT) and Future Planning, or the Korea Communications Commission, in violation of Article 49-2 (4);

12-3. A person who fails to inform the results of handling the consent to receive, refusal to receive, or revocation of consent to receive, advertising information, in violation of Article 50 (7);

12-4. A person who fails to take necessary measures, in violation of Article 50-4 (4);

13. A person who uses the name of the Korea Internet and Security Agency, in violation of Article 52 (6);

14. A person who fails to file a report on cessation, discontinuance, or dissolution of business, in violation of Article 53 (4);

15. A person who fails to report a standard contract form, in violation of Article 56 (1);

16. A person who fails to take administrative or technical measures, in violation of Article 57 (2);

17. A person who fails to notify a user of telecommunications billing services of the date and time, etc. when the aforementioned services are used, in violation of Article 58 (1);

18. A person who fails to provide a user of telecommunications billing services with the method by which the user can verify the details of purchase or use, or who fails to comply with a request by a user of telecommunications billing services to provide such method, in violation of Article 58 (2);

19. A person who fails to withhold the payment of the price though a request for making a correction on a telecommunications bill which he or she has received from a user of telecommunications billing services is reasonable or to notify the user of telecommunications billing services of the results of the measures taken in response to a request of the user, in violation of Article 58 (3);

20. A person who fails to preserve records of telecommunications billing services, in violation of Article 58 (4);

20-2. A person who provides telecommunications billing services or increases the amount of the upper limits of use without obtaining consent from a user of telecommunications billing services, in violation of Article 58 (5);

20-3. A person who fails to give notice concerning amendment to the contractual terms and conditions of telecommunications billing services, in violation of Article 58 (6);

21. A person who fails to prepare the procedure for raising an objection by users of telecommunications billing services and redressing their infringed rights, or to stipulate such procedure when he or she enters into a contract for telecommunications billing services, in violation of Article 59 (2);

22. A person who fails to submit, or who falsely submitted, goods, documents, or any other material under Article 64 (1);

23. A person who fails to comply with a request for inspection or submission of data under Article 64 (2);

24. A person who refuses, interferes with, or evades the access and inspection under Article 64 (3).

(4) The administrative fines prescribed in paragraphs (1) through (3) shall be imposed and collected by the Minister of Science, ICT and Future Planning or the Korea Communications Commission, as prescribed by Presidential Decree. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(5) A person who is dissatisfied with disposition to impose a fine for negligence under paragraph (4) may file an objection with the Minister of Science, ICT and Future Planning or the Korea Communications Commission within 30 days from the date which he or she is notified of such disposition. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(6) The Minister of Science, ICT, and Future Planning, or the Korea Communications Commission shall, upon receiving an objection filed in accordance with paragraph (5) by a person dissatisfied with the disposition for an administrative fine under paragraph (4), notify the competent court of the objection without delay, and the competent court shall, upon receiving such notice, put the case to trial on fines for negligence pursuant to the Non-Contentious Case Procedure Act. (Amended by Act Nº 10465, Mar. 29, 2011; Act Nº 11690, Mar. 23, 2013)

(7) Where neither objection is raised nor an administrative fine paid within a period prescribed in paragraph (5), the administrative fine shall be collected in the same manner as delinquent national taxes are collected.

(Amended by Act nº 9119, Jun. 13, 2008)

ADDENDA

Article 1 (Enforcement Date)

This Act shall enter into force on July 1, 2001.

Article 2 (Transitional Measures following Change of Basis for Establishing Korea Information Security Center and of Its Name)

(1) The Korea Information Security Center established pursuant to Article 14-2 of the Framework Act on National Informatization at the time that this Act enters into force shall be deemed the Korea Information Security Agency established pursuant to Article 52 of this Act.

(2) Any act performed by and any legal relations maintained by the Korea Information Security Center at the time when this Act enters into force shall be deemed performed and maintained by the Korea Information Security Agency.

(3) The name of the Korea Information Security Center on the register book and other public registers at the time when this Act enters into force shall be deemed the name of the Korea Information Security Agency.

Article 3 (Transitional Measures Following Change of Name of Korea Information and Communications Promotion Association)

(1) The Korea Information and Communications Promotion Association as at the time when this Act enters into force shall be deemed the Korea Association of Information and Telecommunication.

(2) Any act performed and any legal relations maintained by the Korea Information and Communications Promotion Association at the time when this Act enters into force shall be deemed performed and maintained by the Association.

(3) The name of the Korea Information and Communications Promotion Association on the register book and other public registers at the time that this Act enters into force shall be deemed the name of the Korea Association of Information and Telecommunication.

Article 4 (Transitional Measures concerning Application of Penalty Provisions)

The application of the penal provisions to any act committed prior to the enforcement of this Act shall be governed by the previous provisions.

Article 5 Omitted.

Article 6 (Relations to Other Statutes)

If other Acts and subordinate statutes cite the former Act on Promotion, etc. of Utilization of Information System or the provisions thereof at the time this Act enters into force and if there exist corresponding provisions thereto in this Act, this Act or the corresponding provisions in this Act shall be regarded as being cited.

ADDENDA (Act Nº 6585, Dec. 31, 2001)

Article 1 (Enforcement Date)

This Act shall enter into force on April 1, 2002.

Articles 2 through 4 Omitted.

ADDENDA (Act Nº 6797, Dec. 18, 2002)

(1) (Enforcement Date) This Act shall enter into force after the lapse of one month from the date of its promulgation: Provided, That the amended provisions of Articles 50 (2) and (5), 56 (3) and (4), 60 and 67 (1) (limited to the provisions of subparagraphs 15-2 and 15-4) shall enter into force after the lapse of six months from the date of its promulgation.

(2) (Transitional Measures concerning Application of Administrative Fine) The application of the administrative fine to the act of violation committed prior to the enforcement of this Act shall be governed by the previous provisions.

ADDENDA (Act Nº 7139, Jan. 29, 2004)

(1) (Enforcement Date) This Act shall enter into force on the date of its promulgation: Provided, That the amended provisions of Articles 28, 45 (4), 46-3, 47-2 (4) and 48-4 (6) shall enter into force on the date on which six months lapse from the date of promulgation of this Act.

(2) (Transitional Measures concerning Application of Administrative Fines) The application of the administrative fine to the act of violation committed prior to the enforcement of this Act shall be governed by the previous provisions.

ADDENDA (Act Nº 7142, Jan. 29, 2004)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 4 Omitted.

ADDENDUM (Act Nº 7262, Dec. 30, 2004)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act Nº 7796, Dec. 29, 2005)

Article 1 (Enforcement Date)

This Act shall enter into force on July 1,2006.

Articles 2 through 6 Omitted.

ADDENDUM (Act Nº 7812, Dec. 30, 2005)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act Nº 7917, Mar. 24, 2006)

(1) (Enforcement Date) This Act shall enter into force three months after the date of its promulgation.

(2) (Transitional Measures concerning Safety Check of Information Protection) Where a company specializing in information protection consulting under Article 17 of the Act on the Protection of Information and Communications Infrastructure has commenced the works of safety check of information protection before the enforcement of this Act, it may continue to perform the works of safety check of information protection pursuant to the previous provisions, notwithstanding the amended provisions of Article 46-3 (1).

ADDENDUM (Act Nº 8030, Oct. 4, 2006)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act Nº 8031, Oct. 4, 2006)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 6 Omitted.

ADDENDA (Act Nº 8289, Jan. 26, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Transitional Measures for Prohibition on Illegal Communications)

The orders issued by the Minister of Information and Communication to reject, suspend or restrict handling of telecommunications services pursuant to Article 53 of the Telecommunications Business Act before this Act enters into force shall be deemed to have been issued pursuant to the amended provisions of Article 44-7 of this Act.

Article 3 (Transitional Measures for Change in Authority for Establishment of Information and Communications Ethics Committee)

(1) The Information and Communications Ethics Committee established pursuant to Article 53-2 of the former Telecommunications Business Act as of the enforcement date of this Act shall be deemed the Information and Communications Ethics Committee established pursuant to the amended provisions of Article 44-8 of this Act.

(2) The acts done by or against the Information and Communications Ethics Committee and other legal relationships with the Information and Communications Ethics Committee under the former provisions before this Act enters into force shall be deemed the acts done by or against the Information and Communications Ethics Committee and other legal relationships with the Information and Communications Ethics Committee under the amended provisions of Article 44-8 of this Act.

Article 4 (Transitional Measures for Collection, Use, and Provision of Personal Information)

(1) Consent obtained from a user in relation to collection, use, provision, or similar of personal information in accordance with the former provisions of Article 22, 23, 24, or 54 as of the enforcement date of this Act shall be deemed consent obtained lawfully in accordance with the amended provisions of Article 22, 23, 24, 24-2, or 54.

(2) Handling of personal information, which has been entrusted lawfully in accordance with the former provisions of Article 25 as of the enforcement date of this Act shall be deemed to have been entrusted with consent obtained lawfully in accordance with the amended provision of Article 25 (1).

(3) An act performed by a person who succeeded rights and obligations of a provider of information and communications services or similar in accordance with the former provisions of Article 26 as of the enforcement of this Act to use or provide personal information shall be deemed to have been performed with consent obtained lawfully in accordance with the amended provision of Article 26 (3).

Article 5 (Transitional Measures for Application of Penalty Provisions)

Acts committed before this Act enters into force shall be governed by the former penal provisions.

Article 6 Omitted.

ADDENDA (Act Nº 8486, May 25, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force one year after the date of its promulgation.

Articles 2 through 10 Omitted.

ADDENDA (Act Nº 8778, Dec. 21, 2007)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Article 2 (Transitional Measures for Registration of Providers of Telecommunications Billing Services)

(1) A person who renders telecommunications billing services at the time when this Act enters into force shall complete the registration with the Minister of Information and Communication in accordance with the amended provision of Article 53 (1) within three months from the date this Act enters into force.

(2) A provider of telecommunications billing services who is registered in accordance with Article 28 (2) of the Electronic Financial Transaction Act at the time when this Act enters into force shall submit a written statement certifying the registration with the Minister of Information and Communication within three months from the date this Act enters into force.

(3) A person who submits a written statement in accordance with paragraph (2) shall be deemed to have been registered in accordance with the amended provision of Article 53 (1).

ADDENDA (Act Nº 8852, Feb. 29, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act Nº 8867, Feb. 29, 2008)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation. (Proviso Omitted.)

Articles 2 through 12 Omitted.

ADDENDA (Act Nº 9119, Jun. 13, 2008)

(1) (Enforcement Date) This Act shall enter into force six months after the date of its promulgation.

(2) (Transitional Measures for Application of Penalty Provisions and Administrative Fines) An act committed before this Act enters into force shall be governed by the former penal provisions and the former provisions concerning administrative fines.

ADDENDA (Act Nº 9637, Apr. 22, 2009)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Article 2 (Preparation for Establishment of Korea Internet and Security Agency)

(1) The Korea Communications Commission may perform preparatory activities to establish the Korea Internet and Security Agency by commissioning not less than five incorporators before this Act enters into force.

(2) The incorporators shall prepare the articles of incorporation of the Korea Internet and Security Agency and obtain approval from the Korea Communications Commission.

(3) The incorporators, upon obtaining approval under paragraph (2), shall register the incorporation of the Korea Internet and Security Agency by joint signature and turn over the administrative responsibility to the President of Korea Internet and Security Agency.

(4) The incorporators shall be deemed decommissioned at the time the take-over of the administrative responsibility is complete pursuant to paragraph (3).

Article 3 (Transitional Measures concerning Succession of Korea Information Security Agency, Korea Internet and Security Agency and Korea IT International Cooperation Agency)

(1) The administrative responsibilities of the Korea Information Security Agency under Article 52 of the Act on Promotion of Information and Communications Infrastructure (hereinafter referred to as the “Korea Information Security Agency”), the Korea Internet and Security Agency under Article 9 of the Internet Address Resources Act (hereinafter referred to as the “Korea Internet and Security Agency”), and the Korea IT International Cooperation Agency under Article 24-2 of the Framework Act on Informatization Promotion (hereinafter referred to as the “Korea IT International Cooperation Agency”), which are governed by the previous provisions at the time this Act enters into force, shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.

(2) The previous rights, obligations, properties of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.

(3) The previous employment relationship covering the employees of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be comprehensively succeeded to the Korea Internet and Security Agency under this Act.

(4) The previous activities performed by or in relation to the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency as at the time this Act enters into force shall be deemed to have been performed by or in relation to the Korea Internet and Security Agency under this Act.

(5) The titles of the Korea Information Security Agency, the Korea Internet and Security Agency and the Korea IT International Cooperation Agency indicated on the register as at the time this Act enters into force or other public books shall be deemed to be those of the Korea Internet and Security Agency under this Act.

Article 4 Omitted.

Article 5 (Relations with Other Statutes)

Where the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. or the provisions thereof are cited in other statutes as at the time this Act enters into force, and any provision corresponding thereto exists in this Act, this Act or the corresponding provision of this Act shall be deemed to have been cited in lieu of the previous provision.

ADDENDUM (Act Nº 10138, Mar. 17, 2010)

This Act shall enter into force three months after the date of its promulgation.

ADDENDA (Act Nº 10165, Mar. 22, 2010)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation. (Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act Nº 10166, Mar. 22, 2010)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 9 Omitted.

ADDENDA (Act Nº 10465, Mar. 29, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

(Proviso Omitted.)

Articles 2 through 7 Omitted.

ADDENDA (Act Nº 10560, Apr. 5, 2011)

Article 1 (Enforcement Date)

This Act shall enter into force three months after the date of its promulgation.

Article 2 (General Transitional Measures)

Previous acts of the identification service agency which developed and provided the previous identification affairs as at the time of enforcement of this Act shall be deemed to have been legitimately developed and provided if the agency obtains the designation of identification service agency pursuant to this Act.

Article 3 (Transitional Measures concerning Designation of Identification Service Agency)

A person who was conducting the identification service as at the time of enforcement of this Act shall be designated, within three months after enforcement date of this Act, as an identification service agency by the Korea Communications Commission pursuant to the amended provision of Article 23-3 (1).

ADDENDA (Act Nº 11048, Sep. 15, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force one year after the date of its promulgation.

(Proviso Omitted.)

Articles 2 through 5 Omitted.

ADDENDA (Act nº 11322, Feb. 17, 2012)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation: Provided, That the amended provisions of Articles 45, 45-2, 45-3, 46-3, 47, 47-2, 47-3, 47-5, 52 (3) 7, 66 and 76 (3) 6 through 9 shall enter into force after the lapse of one year from the date of its promulgation.

Article 2 (Transitional Measures concerning Restriction on Collection/Use of Resident Registration Number)

(1) A provider of information and communications services who provides methods of subscription for membership by using the subscriber’s resident registration number as at the time of enforcement of this Act shall destroy all the resident registration numbers possessed by the provider within two years after enforcement date of this Act: Provided, That this shall not apply in cases where falling under any of the subparagraphs under Article 23-2 (1).

(2) In cases where a provider of information and communications services fails to destroy the resident registration numbers possessed by him or her within the period under paragraph (1), the amended provisions of Article 23-2 (1) shall be deemed violated.

Articles 3 (Transitional Measures concerning Abolition of the Safety Inspection on Protection of Information)

A business operator who received a safety inspection on the protection of information pursuant to previous provisions as at the time of enforcement of this Act shall be deemed, during the concerning year in which he or she received the safety inspection on the protection of information, as the business operator who received the certification of an information security management system pursuant to the amended provisions of Article 47 (2).

Articles 4 (Transitional Measures concerning Certification of Personal Information Management System)

A person who received the certification personal information management system from the Korea Internet and Security Agency as at the time of enforcement of this Act shall be deemed to have received the certification of personal information management system pursuant to the amended provisions of Article 47-3.

Articles 5 (Transitional Measures concerning Administrative Fine)

Upon imposing administrative fine with respect to any violative acts committed before enforcement of this Act, the previous provisions shall apply thereto.

ADDENDA (Act Nº 11690, Mar. 23, 2013)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation.

Articles 2 through 7 Omitted.

ADDENDA (Act Nº 12681, May 28, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation:

Provided, That the amended provisions of Articles 44 (3), 44-5 and 76 (1) 6 shall enter into force on the date of their promulgation.

Article 2 (Transitional Measures concerning Penalty Surcharges and Penalty Provisions)

When penalty surcharges and penalty provisions apply to offenses committed before this Act enters into force, the former provisions shall apply thereto.

ADDENDA (Act Nº 12844, Nov. 19, 2014)

Article 1 (Enforcement Date)

This Act shall enter into force on the date of its promulgation: Provided That, among the Acts amended pursuant to Article 6 of Addenda, the amended parts of the Acts that were promulgated before this Act enters into force but their enforcement dates have yet to arrive shall enter into force on their respective dates of enforcement.

Articles 2 through 7 Omitted.

ADDENDUM (Act Nº 13014, Jan. 20, 2015)

This Act shall enter into force three months after the date of its promulgation.

ADDENDUM (Act Nº 13280, Mar. 27, 2015)

This Act shall enter into force on the date of its promulgation.

ADDENDA (Act Nº 13343, Jun. 22, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Articles 2 through 3 Omitted.

ADDENDA (Act Nº 13344, Jun. 22, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation.

Article 2 (Applicability concerning Administrative Dispositions)

The amended provisions of Article 55 (1) shall apply even to administrative dispositions against violations committed before this Act enters intro force.

ADDENDA (Act nº 13520, Dec. 1, 2015)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation:

Provided, That the amended provisions of Articles 29 (2) and (3) shall enter into force on the date of its promulgation.

Article 2 (Applicability concerning Destruction, etc. of Personal Information)

The amended provisions of Article 29 (2) and (3) shall apply even to the personal information collected or provided before such amended provisions enter into force.

Article 3 (Applicability concerning Omission of Examination of Certification for Information Security Management System)

The amended provisions of Article 47 (3) shall apply even to persons who have made an application for the certification for an information security management system, procedures for which are underway.

Article 4 (Transitional Measures concerning Certification of Information Security Management System)

A person who has not received the certification for an information security management system shall receive the certification within six months after this Act enters into force, in accordance with the amended provisions of Article 47 (2).

Article 5 (Transitional Measures concerning Administrative Fines)

When applying administrative fines to the violations committed before this Act enters into force, the previous provisions of this Act shall apply.

ADDENDA (Act Nº 14080, Mar. 22, 2016)

Article 1 (Enforcement Date)

This Act shall enter into force six months after the date of its promulgation:

Provided, That the amended provisions of Articles 22-2 and 76 (1) 1 and 1-2 shall enter into force one year after the date of its promulgation, the amended provisions of Article 32 (2) and (3) and 32-2 (3) shall enter into force on July 25, 2016, and the amended provision of Article 52 (4) shall enter into force on the date of its promulgation.

Article 2 (Applicability concerning Compensation for Damage)

The amended provisions of Articles 32 (2) and (3), and 32-2 (3) shall apply beginning from the first claim for compensation for damage against any information lost, stolen, leaked, forged, altered or damaged after the said amended provisions enter into force.

Article 3 (Transitional Measures concerning Informing Fact of Exposure to Act of Violation)

A provider of information and communications services shall, no later than six months after this Act enters into force, establish equipment, by means of which informing messages can be sent to users pursuant to the amended provisions of Article 49-2 (3).

Article 4 (Transitional Measures concerning Penalty Provision)

The former provisions shall govern when applying penalty provisions to the act committed before this Act enters into force.

Article 5 Omitted.

Etiqueta: electronic document