Kisa에서 운영하는 118 서비스 센터가 있다.
기업들이 이 센터에 연락하여 개인정보와 관련한 상담내용을 수록한 사례집이다.
목차는 다음과 같다.
제1장 개 요 ··················································································································· 1
1. 개인정보침해신고센터 ······················································································· 3
가. 개인정보침해신고센터 소개 ············································································· 3
나. 개인정보침해신고센터의 업무 ········································································· 5
다. 개인정보침해신고센터의 조사 권한 ································································ 5
라. 침해신고 및 상담 업무처리 절차 ··································································· 7
2. 2012년도 개인정보 침해신고 및 상담 현황 ··················································· 10
가. 침해신고 및 상담 접수 개요 ········································································· 10
나. 접수 유형별 분석 ···························································································· 10
제2장 개인정보 보호 상담 주요사례 ····························································· 13
1. 개인정보 수집・이용 ····························································································· 15
1-1) 병원에서 초진 환자의 개인정보 수집시 동의 취득 여부 ························ 17
1-2) 기업에서 입사지원을 받기 위해 수집할 수 있는 최소한의 개인정보의 범위, 입사지원서 접수시 개인정보 수집 동의를 받아야 하는지 여부········ 19
1-3) 사내 복지 제공을 위한 직원 가족의 개인정보 수집시 동의 필요 여부 ······ 22
1-4) 직원 내선번호를 웹사이트에 공개할 수 있는지 여부 ···························· 24
1-5) 이벤트를 통해 수집한 명함정보를 홍보마케팅에 활용할 수 있는지 여부 ··· 26
1-6) 기업의 고객만족도 조사를 위한 개인정보 이용 ········································ 28
1-7) 눈이 가려진 피부과 시술 사진의 홈페이지 게재 가능 여부 ·················· 30
1-8) 직원의 지문을 이용한 출입통제시스템을 설치할 수 있는지 여부 ········· 32
1-9) 신용정보회사가 채권추심을 위해 개인정보를 알아내는 행위의 위법성 여부 ···· 34
1-10) 공공기관에서 개인정보 수집 동의를 받지 않는 경우의 위법성 여부 ······ 36
1-11) 포인트카드 발급신청서에 주민등록증 발급일자를 기재하도록 한 경우 ····· 38
1-12) 금융회사의 전화 상담 주민등록번호 입력을 요구하는 행위의 위법성 여부 ············· 40
2. 개인정보 제3자 제공 ··························································································· 43
2-1) 건설사 및 부동산중개업소 간의 개인정보 제3자 제공 ···························· 45
2-2) 보험사 및 의료기관 간의 개인정보 제3자 제공 위법성 여부 ················· 47
2-3) 병원에 대한 수사기관의 개인정보 제공 요구 ··········································· 49
2-4) 민원 처리를 위한다는 목적으로 제3자에게 개인정보를 제공하는 행위의 위법성 여부 ········· 51
2-5) 회원 가입시 제3자 제공에 대한 동의를 강제하는 경우의 위법성 여부 ······ 53
3. 처리위탁 및 영업양도 ························································································· 55
3-1) 개인정보 제3자 제공, 처리위탁, 영업양도의 구별 기준 ·························· 57
3-2) 사업을 양도하면서 개인정보 이전사실 통지를 하지 않은 경우 ············· 60
3-3) 영업양도・양수를 공지하였으나 정보주체 개개인에게 통지를 하지는 않는 경우 ··· 62
3-4) 영업양도・양수 과정에서 개인정보 이전거부 요구를 했음에도 받아들여지지 않은 경우 ··············· 64
4. 민감정보 및 고유식별정보 처리 ······································································· 67
4-1) 기부금 영수증 발급을 위해 주민등록번호를 수집하는 경우 ·················· 69
4-2) 주주명부 작성・비치를 위한 주민등록번호 이용 ········································ 71
4-3) 주차단속 견인차량 반환 과정에서 주민등록번호를 요구하는 행위의 위법성 여부 ················ 73
4-4) 주민등록번호가 기재된 공문서를 공개하는 경우의 위법성 여부 ··········· 75
4-5) 이벤트 경품 수령시에 주민등록번호를 요구하는 행위의 위법성 여부 ····· 77
5. 개인정보 안전성 확보조치 ················································································· 79
5-1) 인터넷 검색사이트에서 사진 등의 개인정보가 계속 검색되는 문제 ····· 81
5-2) 인터넷 게시판에 고객 스스로가 개인정보를 게재하여 개인정보가 ······· 83
노출되는 경우
5-3) 인터넷 공동구매 관리자가 구매자의 개인정보 명단을 노출한 경우 ····· 85
5-4) 웹사이트 로그인 비밀번호를 일방향 암호화하지 않은 경우 ·················· 87
5-5) 영업 대리점에서 가입신청서 서류 보관시 안전성 확보조치 ·················· 90
5-6) 비회원 주문 비밀번호도 암호화를 해야 하는지 여부 ······························ 92
5-7) 인터넷에서 개인정보가 모두 조회 가능한 관리자메뉴가 공개된 경우 ····· 94
6. 개인정보 관리체계 ······························································································· 99
6-1) 기업 그룹에서 개인정보 보호책임자의 지정 범위 ·································· 101
6-2) 개인정보 보호책임자 직통 연락처를 게시하지 않은 행위의 ················· 103
위법성 여부
6-3) 개인정보 보호책임자가 퇴사한 후에도 이를 수정하지 않은 사례 ······· 105
7. 개인정보 파기 ····································································································· 107
7-1) 웹사이트에서 탈퇴 메뉴가 따로 마련되어 있지 않은 경우 ·················· 109
7-2) 퇴사한 직원의 개인정보 보관 기간 ··························································· 111
7-3) 입사지원자 정보를 미파기한 경우의 위법성 여부 ·································· 113
7-4) ‘지체 없는 개인정보 파기’의 구체적 기간 ················································ 115
7-5) 보험 상담 후 미가입에도 불구하고 지속적으로 보험 TM을 받은 ········ 117
경우의 위법성 여부
8. 정보주체 권리 ····································································································· 119
8-1) 웹사이트 회원 탈퇴시 주민등록등본 요구 ··············································· 121
8-2) 개인정보 삭제 및 처리정지 요구 대응 ····················································· 123
8-3) 콜센터에서 고객과의 통화 내용을 녹취할 수 있는 지 여부 ················· 125
8-4) 웹사이트에서 회원 탈퇴 메뉴가 갖춰져 있지 않은 경우 ······················ 127
8-5) 개인정보 삭제요구에 대한 조치 기간 ······················································· 129
8-6) 개인정보가 포함된 게시글의 삭제 요구에 불응하는 경우 ···················· 131
9. 영상정보처리기기(CCTV) ··················································································· 135
9-1) 휴대전화 카메라로 개인영상정보를 촬영하는 경우의 위법성 여부 ····· 137
9-2) 공공도서관에 설치한 CCTV에 녹음기능을 사용해도 되는지 여부 ········ 140
9-3) 찜질방 휴게실(마루)에 CCTV를 설치해도 되는지 여부 ·························· 142
9-4) 학원 내부 강의실에 CCTV를 설치할 수 있는지 여부 ····························· 144
9-5) 병원 진료실 내부에 CCTV 설치 가능한 지 여부 ···································· 146
9-6) 공공기관이 설치한 CCTV를 새로 추가하거나 촬영범위를 변경하는 ···· 148
경우 반드시 의견수렴 절차를 거쳐야 하는지 여부
9-7) 사업장 내의 근로자 모니터링을 위하여 CCTV를 설치할 수 있는지 여부 ······ 150
9-8) CCTV 안내판의 적정한 크기에 관한 문의 ················································ 152
9-9) 병원 응급실에 CCTV를 설치할 수 있는지 여부 ······································ 154
10. 기타 사례 ··········································································································· 157
10-1) 언론의 취재목적 개인정보 수집의 위법성 여부 ···································· 159
10-2) 교회 웹사이트에 개인정보 암호화를 적용해야 하는지 여부 ··············· 161
2012년_개인정보보호_상담사례집(130627공표).pdf
출처 : KISA
