Article 1 (Purpose) The purpose of this Ordinance is to protect the freedom and rights of individuals by providing for matters concerning the safe management of personal information and the guarantees of the rights of identifiable individuals pursuant to the Personal Information Protection Act.

Article 2 (Definitions) The definitions of terms used in this Ordinance shall be as follows:
1. The term "personal information" means information defined in subparagraph 1 of Article 2 of the Personal Information Protection Act (hereinafter referred to as the "Act");
2. The term "management" means activities defined in subparagraph 2 of Article 2 of the Act;
3. The term "subject of information" means a person defined in subparagraph 3 of Article 2 of the Act;
4. The term "personal information file" means a personal information file defined in subparagraph 4 of Article 2 of the Act;
5. The term "personal information manager" means a person defined in subparagraph 5 of Article 2 of the Act.

Article 3 (Principles for Protection of Personal Information) (1) Each personal information manager shall make the purpose of managing particular personal information clear, and collect only the minimum personal information legitimately and lawfully necessary for such purpose.
(2) Each personal information manager shall endeavor to ensure the accuracy, completeness, and currency of personal information to the extent necessary for the purpose of managing such personal information.
(3) Each personal information manager shall manage personal information safely, through appropriate technical, administrative, and physical security measures against the possibility, and the level of risk, of the infringement of rights of a subject of information.
(4) Each personal information manager shall generally disclose matters concerning the management of personal information, such as policy on the management of personal information, and guarantee the rights of a subject of information, such as the right to request perusal, when he/she manages personal information.
(5) Even where a personal information manager manages personal information to the extent necessary for the purpose of the management thereof, he/she shall manage it as much as possible by means that minimize any infringement of the privacy of a subject of information.
(6) Each personal information manager shall manage personal information anonymously wherever possible.
(7) Each personal information manager shall manage personal information appropriately to the extent necessary for the purpose of the management thereof; and shall not use any personal information for other than the purpose of managing it.

Article 4 (Responsibility) The Mayor of the Seoul Metropolitan Government (hereinafter referred to as the "Mayor") shall formulate policies to promote human dignity and protect individual privacy, by preventing harmful effects caused by the collection of personal information for other than the purpose thereof, the misuse, abuse, thoughtless observation, pursuit, etc. of personal information.

Article 5 (Designation of Persons Responsible for Protecting Personal Information, etc.) The Mayor shall designate persons responsible for protecting personal information, persons in charge of the protection of personal information, etc. under Article 31 of the Act and Article 33 (2) 1 of the Enforcement Decree.

Article 6 (Registration of Personal Information Files) The Mayor shall register the current status of the management of personal information files under Article 32 of the Act, with the Ministry of the Interior. The foregoing shall also apply where any alteration is made to the matters registered.

Article 7 (Countermeasures against Divulgence of Personal Information) (1) Where it is verified that personal information has actually been divulged, the Mayor shall immediately notify the individual identifiable by such information of the following matters according to methods, such as in writing:
1. Items of personal information divulged;
2. Point in time when personal information was divulged and the details divulged;
3. Information about methods etc., the subject of information may use to mitigate loss that may be caused by the divulgence of personal information;
4. Countermeasures and procedures for relief from loss taken by the Seoul Metropolitan Government (hereinafter referred to as the "Seoul Government");
5. Where the subject of information suffers from loss, the department in charge of the receipt of reports, etc. and the contact information thereof.
(2) Where personal information is divulged, the Mayor shall take necessary measures to mitigate loss caused by the divulgence of personal information. The Mayor may organize and operate the "Personal Information Infringement Countermeasures Center" according to the extent of the divulgence of personal information.
(3) Where personal information of at least 10,000 people is divulged, the Mayor shall publish the matters specified in paragraph (1), on the Internet website for at least seven days along with methods, such as in writing, so that individuals identifiable by such information can readily recognize; and shall immediately report the results of notification made under paragraph (1) and measures taken under paragraph (2), to the Minister of the Interior or a specialized institution (the Korea Internet and Security Agency).

Article 8 (Charging and Payment of Fees) (1) The Mayor may charge a subject of information (including their agents referred to in Article 38 of the Act) fees and postage generated pursuant to Article 38 (3) of the Act and Article 47 (1) of the Enforcement Decree, from the request for perusal under Article 35 of the Act; the request for revision or deletion under Article 36 of the Act; and the request for suspension, etc. of management under Article 37 of the Act (hereinafter referred to as "request for perusal, etc.") in accordance with attached Table of the Seoul Metropolitan Government Ordinance on Collection of Fees: Provided, That where a ground to request perusal, etc. pursuant to Article 47 (2) of the Decree lies in the Seoul Government, the Mayor shall not charge fees and postage referred to in paragraph (1).
(2) The Seoul Government may receive fees and postage under paragraph (1) in the form of revenue stamps pursuant to Article 47 (3) of the Decree or by means of electronic payment under subparagraph 11 of Article 2 of the Electronic Financial Transactions Act.

Article 9 (Filing Formal Objections) (1) Where a subject of information is dissatisfied with measures taken, such as rejection of a request for perusal, etc., he/she may file a formal objection.
(2) The Mayor shall table a formal objection filed under paragraph (1), before the Deliberative Committee established under Article 10, for it to conduct deliberations and provide advice and suggestions thereon.
(3) After deliberations and seeking advice and suggestions, the Mayor shall notify the subject of information who has filed a formal objection, of his/her decision on the formal objection in writing within ten days in accordance with the relevant procedures.

Article 10 (Personal Information Protection Deliberative Committee) (1) The Mayor shall establish a Seoul Metropolitan Government Personal Information Deliberative Committee (hereinafter referred to as the "Committee") in order to deliberate on the following matters:
1. Matters concerning formal objections filed under Article 9;
2. Matters concerning measures and the improvement of systems concerning personal information;
3. Other matters the Mayor tables before the Committee in relation to the protection of personal information.
(2) Detailed matters concerning the composition and operation of the Committee shall be provided by the Detailed Rules for Operation.

Article 11 (Supervision of Personal Information Processors) (1) The Mayor shall exercise appropriate supervision and oversight over persons who process personal information under his/her supervision and direction (hereinafter referred to as "personal information processor"), so that personal information is managed safely.
(2) At least annually, the Mayor shall conduct regular education on the protection of personal information for personal information processors, in order to ensure the appropriate processing thereof.

Article 12 (Purchasing Insurance, Entering into Mutual Aid Agreements, etc.) The Mayor may subscribe insurance, enter into a mutual aid agreement, etc., within the budget, in order to prepare for loss and compensation for loss due to infringement of personal privacy while processing personal information.

ADDENDUM
This Ordinance shall enter into force on the date of its promulgation.