개인정보_영향평가_수행안내서(2018년_4월_개정).pdf

개인정보의_기술적_관리적_보호조치_기준_해설서(2017.12.).pdf

개인정보의+안전성+확보조치+기준(2016-35호)+해설서(개정).pdf

개인정보_영향평가_수행안내서(2018년_4월_개정).pdf

1 개념
개인정보 영향평가 이하 영향평가()
-개인정보파일을 운용하는 새로운 정보시스템의 도입이나 기존에 운영 중인 개인정보 처리시스템의 중대한 변경 시
- 시스템의 구축 운영 변경 등이 개인정보에 미치는 영향 을 사전에 조사 예측 검토하여 (impact) ᛫ ᛫ ᛫ ᛫ 개선방안을 도출하는 체계적인 절차
2 목적 및 필요성
개인정보 처리가 수반되는 사업 추진시 해당 사업이 개인정보에 미치는 영향을 사전에 분석하고 이에 대한 개선방안을 수립하여 개인정보 침해사고를 사전에 예방
3 평가 대상
일정규모 이상의 개인정보를 전자적으로 처리하는 개인정보파일을 구축운영 또는 변경하려는 ‧ 공공기관은 개인정보 보호법 이하 ( ｢｣ “법”이라 한다 제 조 및 개인정보 보호법 시행령 이하 ) 33 ( ｢｣ “영”이라 한다 제 조에 근거하여 영향평가를 수행 ) 35
- 만명 조건 만명 이상의 정보주체의 민감정보 또는 고유식별정보의 처리가 수반되는 (5 ) 5 개인정보파일
- 만명 조건 해당 공공기관의 내부 또는 외부의 다른 개인정보파일과 연계하려는 경우로서 (50 ) , 연계 결과 정보주체의 수가 만 명 이상인 개인정보파일 50
- 만명 조건 만 명 이상의 정보주체 수를 포함하고 있는 개인정보파일 (100 ) 100
※ 현시점 기준으로 영향평가 대상은 아니나 가까운 시점 년 이내 에 정보주체의 수가 기준을 초과할 (1 ) 것이 확실한 경우 영향평가를 수행할 것을 권고 ,
- 변경 시 영제 조에 근거하여 영향평가를 실시한 기관이 개인정보 검색체계 등 개인정보파일의 ( ) 35 운용체계를 변경하려는 경우 변경된 부분에 대해서는 영향평가를 실시 ,
※법령상 규정된 대상시스템이 아니더라도 대량의 개인정보나 민감한 개인정보를 수집이용하는 기관은 ᛫ 개인정보 유출 및 오 남용으로 인한 사회적 피해를 막기 위해 영향평가 수행 가능 ᛫
 

개인정보의_기술적_관리적_보호조치_기준_해설서(2017.12.).pdf

개인정보의 안전성 확보조치 기준 해설
[제1조] 목적     16

[제2조] 정의     18 

[제3조] 안전조치 기준 적용     31

[제4조] 내부 관리계획의 수립·시행     33

[제5조] 접근 권한의 관리     45

[제6조] 접근 통제     49

[제7조] 개인정보의 암호화     57

[제8조] 접속기록의 보관 및 점검     66

[제9조] 악성프로그램 등 방지     68

[제10조] 관리용 단말기의 안전조치     70

[제11조] 물리적 안전조치     72

[제12조] 재해·재난 대비 안전조치     74

[제13조] 개인정보의 파기     76

[부칙]      78

[별표]      79

개인정보의+안전성+확보조치+기준(2016-35호)+해설서(개정).pdf

Ⅰ. 개인정보의 기술적․관리적 보호조치 기준 개요 ······················1

1. 개 요 ·····················································································································2 2.

법적 근거 ·············································································································3 3.

제․개정 연혁 ····································································································6 4.

신․구조문 대비표 ····························································································7
Ⅱ. 개인정보의 기술적․관리적 보호조치 기준 전문 ····················12
Ⅲ. 개인정보의 기술적․관리적 보호조치 기준 해설 ····················19
제 1조 (목적) ···········································································································20

제 2조 (정의) ···········································································································27

제 3조 (내부관리계획의 수립․시행) ·······························································35

제 4조 (접근통제) ··································································································48

제 5조 (접속기록의 위․변조방지) ···································································60

제 6조 (개인정보의 암호화) ················································································62

제 7조 (악성프로그램 방지) ················································································68

제 8조 (물리적 접근 방지) ··················································································71

제 9 조 (출력․복사시 보호조치) ······································································73

제10조 (개인정보 표시 제한 보호조치) ··························································75

제11조 (규제의 재검토) ·······················································································76

[부칙] ·······················································································································76
Ⅳ. 부록 ············································································································77
1. 정보통신서비스 제공자등을 위한 망분리 해설 ······································78

2. FAQ ····················································································································91