Article 1 (Purpose) The purpose of this Ordinance is to protect the freedom and rights of individuals by providing for matters concerning the safe management of personal information and the guarantees of the rights of identifiable individuals pursuant to the Personal Information Protection Act.

Article 2 (Definitions) The definitions of terms used in this Ordinance shall be as follows:
1. The term "personal information" means information defined in subparagraph 1 of Article 2 of the Personal Information Protection Act (hereinafter referred to as the "Act");
2. The term "management" means activities defined in subparagraph 2 of Article 2 of the Act;
3. The term "subject of information" means a person defined in subparagraph 3 of Article 2 of the Act;
4. The term "personal information file" means a personal information file defined in subparagraph 4 of Article 2 of the Act;
5. The term "personal information manager" means a person defined in subparagraph 5 of Article 2 of the Act.

Article 3 (Principles for Protection of Personal Information) (1) Each personal information manager shall make the purpose of managing particular personal information clear, and collect only the minimum personal information legitimately and lawfully necessary for such purpose.
(2) Each personal information manager shall endeavor to ensure the accuracy, completeness, and currency of personal information to the extent necessary for the purpose of managing such personal information.
(3) Each personal information manager shall manage personal information safely, through appropriate technical, administrative, and physical security measures against the possibility, and the level of risk, of the infringement of rights of a subject of information.
(4) Each personal information manager shall generally disclose matters concerning the management of personal information, such as policy on the management of personal information, and guarantee the rights of a subject of information, such as the right to request perusal, when he/she manages personal information.
(5) Even where a personal information manager manages personal information to the extent necessary for the purpose of the management thereof, he/she shall manage it as much as possible by means that minimize any infringement of the privacy of a subject of information.
(6) Each personal information manager shall manage personal information anonymously wherever possible.
(7) Each personal information manager shall manage personal information appropriately to the extent necessary for the purpose of the management thereof; and shall not use any personal information for other than the purpose of managing it.

Article 4 (Responsibility) The Mayor of the Seoul Metropolitan Government (hereinafter referred to as the "Mayor") shall formulate policies to promote human dignity and protect individual privacy, by preventing harmful effects caused by the collection of personal information for other than the purpose thereof, the misuse, abuse, thoughtless observation, pursuit, etc. of personal information.

Article 5 (Designation of Persons Responsible for Protecting Personal Information, etc.) The Mayor shall designate persons responsible for protecting personal information, persons in charge of the protection of personal information, etc. under Article 31 of the Act and Article 32 (2) 1 of the Enforcement Decree.

Article 6 (Registration of Personal Information Files) The Mayor shall register the current status of the management of personal information files under Article 32 of the Act, with the Ministry of the Interior and Safety. The same shall also apply where any alteration is made to the matters registered. <Amended by Ordinance No. 6821, Mar. 22, 2018>

Article 7 (Countermeasures against Divulgence of Personal Information) (1) Where it is verified that personal information has actually been divulged, the Mayor shall immediately notify the individual identifiable by such information of the following matters according to methods, such as in writing:
1. Items of personal information divulged;
2. Point in time when personal information was divulged and the details divulged;
3. Information about methods etc., the subject of information may use to mitigate loss that may be caused by the divulgence of personal information;
4. Countermeasures and procedures for relief from loss taken by the Seoul Metropolitan Government (hereinafter referred to as the "Seoul Government");
5. Where the subject of information suffers from loss, the department in charge of the receipt of reports, etc. and the contact information thereof.
(2) Where personal information is divulged, the Mayor shall take necessary measures to mitigate loss caused by the divulgence of personal information. The Mayor may organize and operate the "Personal Information Infringement Countermeasures Center" according to the extent of the divulgence of personal information.
(3) Where personal information of at least 10,000 people is divulged, the Mayor shall publish the matters specified in paragraph (1), on the website for at least seven days along with methods, such as in writing, so that individuals identifiable by such information can readily recognize; and shall immediately report the results of notification made under paragraph (1) and measures taken under paragraph (2), to the Minister of the Interior and Safety or a specialized institution (the Korea Internet and Security Agency). <Amended by Ordinance No. 6821, Mar. 22, 2018>

Article 8 (Charging and Payment of Fees) (1) The Mayor may charge a subject of information (including their agents referred to in Article 38 of the Act) fees and postage generated pursuant to Article 38 (3) of the Act and Article 47 (1) of the Enforcement Decree, from the request for perusal under Article 35 of the Act; the request for revision or deletion under Article 36 of the Act; and the request for suspension, etc. of management under Article 37 of the Act (hereinafter referred to as "request for perusal, etc.") in accordance with attached Table of the Seoul Metropolitan Government Ordinance on Collection of Fees: Provided, That where a ground to request perusal, etc. pursuant to Article 47 (2) of the Decree lies in the Seoul Government, the Mayor shall not charge fees and postage referred to in paragraph (1).
(2) The Seoul Government may receive fees and postage under paragraph (1) in the form of revenue stamps pursuant to Article 47 (3) of the Decree or by means of electronic payment under subparagraph 11 of Article 2 of the Electronic Financial Transactions Act.

Article 9 (Filing Formal Objections) (1) Where a subject of information is dissatisfied with measures taken, such as rejection of a request for perusal, etc., he/she may file a formal objection.
(2) The Mayor shall table a formal objection filed under paragraph (1), before the Deliberative Committee established under Article 10, for it to conduct deliberations and provide advice and suggestions thereon.
(3) After deliberations and seeking advice and suggestions, the Mayor shall notify the subject of information who has filed a formal objection, of his/her decision on the formal objection in writing within ten days in accordance with the relevant procedures.

Article 10 (Personal Information Protection Deliberative Committee) The Mayor shall establish a Personal Information Protection Deliberative Committee of the Seoul Metropolitan Government (hereinafter referred to as the "Committee") in order to deliberate on the following matters:
1. Matters concerning formal objections filed under Article 9;
2. Matters concerning policies and institutional improvement with respect to personal information;
3. Other matters submitted by the Mayor for deliberation in relation to the protection of personal information.
[This Article Wholly Amended by Ordinance No. 6541, Jul. 13, 2017]

Article 11 (Composition of the Committee) (1) The Committee shall be composed of nine members including one chairperson and one vice chairperson.
(2) Two of the members of the Committee shall be the Vice-Mayor I for Administrative Affairs and a person responsible for protecting personal information under Article 5, and the remaining members may be commissioned from among the following persons. In commissioning members, three females and one disabled person shall be included in such members: <Amended by Ordinance No. 6821, Mar. 22, 2018>
1. A person recommended by the Seoul Metropolitan Council;
2. A person recommended by civil society organizations;
3. A person recommended by academic societies related to the protection of personal information.
(3) The Vice-Mayor I for Administrative Affairs shall be the chairperson of the Committee, and the vice chairperson shall be elected from among the commissioned members of the Committee.
(4) The term of office of the commissioned members of the Committee shall be two years, and they may be consecutively recommissioned only once. <Amended by Ordinance No. 6821, Mar. 22, 2018>
(5) Where a commissioned member falls under any of the following, the Mayor may dismiss the member even before the expiration of the term of office of the member:
1. Where the member himself/herself wishes to be discharged from office;
2. Where the member is unable to perform his/her duties due to a disease requiring long-term treatment, at least six months of overseas travel, etc.;
3. Where the member has divulged confidential information learned in relation to his/her duties or has used such information for personal purposes;
4. Where misconduct is discovered in relation to the member's duties, or misconduct has occurred that is deemed inappropriate for maintaining his/her position as a member;
5. Where the member is deemed unsuitable for a member due to neglect of duties, injury to dignity or other grounds.
[This Article Newly Inserted by Ordinance No. 6541, Jul. 13, 2017]
[Previous Article 11 moved to Article 13]

Article 12 (Operation of the Committee) (1) The chairperson of the Committee shall represent the Committee and exercise overall control over the affairs of the Committee. When the chairperson is unable to perform his/her duties due to any unavoidable reason, the vice chairperson shall act on behalf of the chairperson; when the vice chairperson is also unable to perform the duties of the chairperson due to any unavoidable reason, a member designated by the chairperson in advance shall act on behalf of the chairperson.
(2) Meetings of the Committee shall be divided into regular meetings and extraordinary meetings. A regular meeting shall be held once a year, and an extraordinary meeting shall be convened by the chairperson of the Committee where deliberation is necessary on a formal objection filed under Article 9 or where requested by at least 1/2 of the members of the Committee or deemed necessary by the chairperson.
(3) The chairperson shall notify the members of the Committee of the schedule, agenda, etc. of a meeting by seven days before the meeting is held.
(4) A majority of the members of the Committee shall constitute a quorum, and any decision thereof shall require the concurring vote of a majority of those present.
(5) Deliberation shall be made in writing where an agenda item subject to deliberation is an insignificant matter or where such agenda item is a matter of urgency and thus time is not sufficient to hold a meeting attended by members.
(6) The Committee shall have one executive secretary and one clerk to handle its affairs, and the officer in charge of information and communication security shall serve as executive secretary while the deputy director of the personal information protection team shall serve as clerk.
(7) The minutes of meetings of the Committee, other than personal information provided for in the Personal Information Protection Act, shall be open to the public: Provided, That such minutes may not be open to the public where deemed necessary by the chairperson.
(8) Allowances and travel expenses may be paid to the members who have attended meetings of the Committee within the budget according to the Seoul Metropolitan Government Ordinance on Committee Allowances and Expenses.
(9) Other matters necessary for the operation of the Committee shall be determined by a resolution of the Committee.
[This Article Newly Inserted by Ordinance No. 6541, Jul. 13, 2017]
[Previous Article 12 moved to Article 14]

Article 13 (Supervision of Personal Information Processors) (1) The Mayor shall exercise appropriate supervision and oversight over persons who process personal information under his/her supervision and direction (hereinafter referred to as "personal information processor"), so that personal information is managed safely.
(2) At least annually, the Mayor shall conduct regular education on the protection of personal information for personal information processors, in order to ensure the appropriate processing thereof.

Article 14 (Purchasing Insurance, Entering into Mutual Aid Agreements, etc.) The Mayor may subscribe insurance, enter into a mutual aid agreement, etc. within the budget, in order to prepare for loss and compensation for loss due to infringement of personal privacy while processing personal information.