2012년 개인정보보호 상담사례집(130627공표)

Kisa에서 운영하는 118 서비스 센터가 있다.

기업들이 이 센터에 연락하여 개인정보와 관련한 상담내용을 수록한 사례집이다.

목차는 다음과 같다.

제1장 개 요 ··················································································································· 1

1. 개인정보침해신고센터 ······················································································· 3

가. 개인정보침해신고센터 소개 ············································································· 3

나. 개인정보침해신고센터의 업무 ········································································· 5

다. 개인정보침해신고센터의 조사 권한 ································································ 5

라. 침해신고 및 상담 업무처리 절차 ··································································· 7

2. 2012년도 개인정보 침해신고 및 상담 현황 ··················································· 10

가. 침해신고 및 상담 접수 개요 ········································································· 10

나. 접수 유형별 분석 ···························································································· 10

제2장 개인정보 보호 상담 주요사례 ····························································· 13

1. 개인정보 수집･이용 ····························································································· 15

1-1) 병원에서 초진 환자의 개인정보 수집시 동의 취득 여부 ························ 17

1-2) 기업에서 입사지원을 받기 위해 수집할 수 있는 최소한의 개인정보의 범위, 입사지원서 접수시 개인정보 수집 동의를 받아야 하는지 여부········ 19

1-3) 사내 복지 제공을 위한 직원 가족의 개인정보 수집시 동의 필요 여부 ······ 22

1-4) 직원 내선번호를 웹사이트에 공개할 수 있는지 여부 ···························· 24

1-5) 이벤트를 통해 수집한 명함정보를 홍보마케팅에 활용할 수 있는지 여부 ··· 26

1-6) 기업의 고객만족도 조사를 위한 개인정보 이용 ········································ 28

1-7) 눈이 가려진 피부과 시술 사진의 홈페이지 게재 가능 여부 ·················· 30

1-8) 직원의 지문을 이용한 출입통제시스템을 설치할 수 있는지 여부 ········· 32

1-9) 신용정보회사가 채권추심을 위해 개인정보를 알아내는 행위의 위법성 여부 ···· 34

1-10) 공공기관에서 개인정보 수집 동의를 받지 않는 경우의 위법성 여부 ······ 36

1-11) 포인트카드 발급신청서에 주민등록증 발급일자를 기재하도록 한 경우 ····· 38

1-12) 금융회사의 전화 상담 주민등록번호 입력을 요구하는 행위의 위법성 여부 ············· 40

2. 개인정보 제3자 제공 ··························································································· 43

2-1) 건설사 및 부동산중개업소 간의 개인정보 제3자 제공 ···························· 45

2-2) 보험사 및 의료기관 간의 개인정보 제3자 제공 위법성 여부 ················· 47

2-3) 병원에 대한 수사기관의 개인정보 제공 요구 ··········································· 49

2-4) 민원 처리를 위한다는 목적으로 제3자에게 개인정보를 제공하는 행위의 위법성 여부 ········· 51

2-5) 회원 가입시 제3자 제공에 대한 동의를 강제하는 경우의 위법성 여부 ······ 53

3. 처리위탁 및 영업양도 ························································································· 55

3-1) 개인정보 제3자 제공, 처리위탁, 영업양도의 구별 기준 ·························· 57

3-2) 사업을 양도하면서 개인정보 이전사실 통지를 하지 않은 경우 ············· 60

3-3) 영업양도･양수를 공지하였으나 정보주체 개개인에게 통지를 하지는 않는 경우 ··· 62

3-4) 영업양도･양수 과정에서 개인정보 이전거부 요구를 했음에도 받아들여지지 않은 경우 ··············· 64

4. 민감정보 및 고유식별정보 처리 ······································································· 67

4-1) 기부금 영수증 발급을 위해 주민등록번호를 수집하는 경우 ·················· 69

4-2) 주주명부 작성･비치를 위한 주민등록번호 이용 ········································ 71

4-3) 주차단속 견인차량 반환 과정에서 주민등록번호를 요구하는 행위의 위법성 여부 ················ 73

4-4) 주민등록번호가 기재된 공문서를 공개하는 경우의 위법성 여부 ··········· 75

4-5) 이벤트 경품 수령시에 주민등록번호를 요구하는 행위의 위법성 여부 ····· 77

5. 개인정보 안전성 확보조치 ················································································· 79

5-1) 인터넷 검색사이트에서 사진 등의 개인정보가 계속 검색되는 문제 ····· 81

5-2) 인터넷 게시판에 고객 스스로가 개인정보를 게재하여 개인정보가 ······· 83

노출되는 경우

5-3) 인터넷 공동구매 관리자가 구매자의 개인정보 명단을 노출한 경우 ····· 85

5-4) 웹사이트 로그인 비밀번호를 일방향 암호화하지 않은 경우 ·················· 87

5-5) 영업 대리점에서 가입신청서 서류 보관시 안전성 확보조치 ·················· 90

5-6) 비회원 주문 비밀번호도 암호화를 해야 하는지 여부 ······························ 92

5-7) 인터넷에서 개인정보가 모두 조회 가능한 관리자메뉴가 공개된 경우 ····· 94

6. 개인정보 관리체계 ······························································································· 99

6-1) 기업 그룹에서 개인정보 보호책임자의 지정 범위 ·································· 101

6-2) 개인정보 보호책임자 직통 연락처를 게시하지 않은 행위의 ················· 103

위법성 여부

6-3) 개인정보 보호책임자가 퇴사한 후에도 이를 수정하지 않은 사례 ······· 105

7. 개인정보 파기 ····································································································· 107

7-1) 웹사이트에서 탈퇴 메뉴가 따로 마련되어 있지 않은 경우 ·················· 109

7-2) 퇴사한 직원의 개인정보 보관 기간 ··························································· 111

7-3) 입사지원자 정보를 미파기한 경우의 위법성 여부 ·································· 113

7-4) ‘지체 없는 개인정보 파기’의 구체적 기간 ················································ 115

7-5) 보험 상담 후 미가입에도 불구하고 지속적으로 보험 TM을 받은 ········ 117

경우의 위법성 여부

8. 정보주체 권리 ····································································································· 119

8-1) 웹사이트 회원 탈퇴시 주민등록등본 요구 ··············································· 121

8-2) 개인정보 삭제 및 처리정지 요구 대응 ····················································· 123

8-3) 콜센터에서 고객과의 통화 내용을 녹취할 수 있는 지 여부 ················· 125

8-4) 웹사이트에서 회원 탈퇴 메뉴가 갖춰져 있지 않은 경우 ······················ 127

8-5) 개인정보 삭제요구에 대한 조치 기간 ······················································· 129

8-6) 개인정보가 포함된 게시글의 삭제 요구에 불응하는 경우 ···················· 131

9. 영상정보처리기기(CCTV) ··················································································· 135

9-1) 휴대전화 카메라로 개인영상정보를 촬영하는 경우의 위법성 여부 ····· 137

9-2) 공공도서관에 설치한 CCTV에 녹음기능을 사용해도 되는지 여부 ········ 140

9-3) 찜질방 휴게실(마루)에 CCTV를 설치해도 되는지 여부 ·························· 142

9-4) 학원 내부 강의실에 CCTV를 설치할 수 있는지 여부 ····························· 144

9-5) 병원 진료실 내부에 CCTV 설치 가능한 지 여부 ···································· 146

9-6) 공공기관이 설치한 CCTV를 새로 추가하거나 촬영범위를 변경하는 ···· 148

경우 반드시 의견수렴 절차를 거쳐야 하는지 여부

9-7) 사업장 내의 근로자 모니터링을 위하여 CCTV를 설치할 수 있는지 여부 ······ 150

9-8) CCTV 안내판의 적정한 크기에 관한 문의 ················································ 152

9-9) 병원 응급실에 CCTV를 설치할 수 있는지 여부 ······································ 154

10. 기타 사례 ··········································································································· 157

10-1) 언론의 취재목적 개인정보 수집의 위법성 여부 ···································· 159

10-2) 교회 웹사이트에 개인정보 암호화를 적용해야 하는지 여부 ··············· 161

2012년_개인정보보호_상담사례집(130627공표).pdf

출처 : KISA