Article 1 (Purpose) The purpose of this Ordinance is to protect the freedom and rights of individuals by providing for matters concerning the safe management of personal information and the guarantees of the rights of identifiable individuals pursuant to the Personal Information Protection Act.

Article 2 (Definitions) The definitions of terms used in this Ordinance shall be as follows:
1. The term "personal information" means information defined in subparagraph 1 of Article 2 of the Personal Information Protection Act (hereinafter referred to as the "Act");
2. The term "processing" means activities defined in subparagraph 2 of Article 2 of the Act;
3. The term "information subject" means a person defined in subparagraph 3 of Article 2 of the Act;
4. The term "personal information file" means a personal information file defined in subparagraph 4 of Article 2 of the Act;
5. The term "personal information processor" means a person defined in subparagraph 5 of Article 2 of the Act.

Article 3 (Principles for Protection of Personal Information) (1) Each personal information processor shall make the purpose of processing particular personal information clear and collect only the minimum personal information legitimately and lawfully necessary for such purpose.
(2) Each personal information processor shall endeavor to ensure the accuracy, completeness, and currency of personal information to the extent necessary for the purpose of processing such personal information.
(3) Each personal information processor shall manage personal information safely, through appropriate technical, administrative, and physical security measures against the possibility, and the level of risk, of the infringement of rights of an information subject.
(4) Each personal information processor shall generally disclose matters concerning the processing of personal information, such as policy on the processing of personal information, and guarantee the rights of an information subject, such as the right to request perusal, when he or she processes personal information.
(5) Even where a personal information processor processes personal information to the extent necessary for the purpose of the processing thereof, he or she shall process it as much as possible by means that minimize any infringement of the privacy of an information subject.
(6) Each personal information processor shall process personal information anonymously wherever possible.
(7) Each personal information processor shall process personal information appropriately to the extent necessary for the purpose of the processing thereof; and shall not use any personal information for other than such purpose.

Article 4 (Responsibility) The Mayor of the Seoul Metropolitan Government (hereinafter referred to as the "Mayor") shall formulate policies to promote human dignity and protect individual privacy, by preventing harmful effects caused by the collection of personal information for other than the purpose thereof, the misuse, abuse, thoughtless observation, pursuit, etc. of personal information.

Article 4-2 (Formulation of Master Plan to Protect Personal Information) (1) The Mayor shall formulate the Seoul Metropolitan Government master plan to protect personal information (hereinafter referred to as “master plan”) every three years for the effective and systematic management of personal information.
(2) The master plan shall include personal information protection plans established by autonomous Gus, City-invested or City-funded institutions, etc., and be confirmed after deliberation thereon by the Personal Information Protection Deliberative Committee of the Seoul Metropolitan Government (hereinafter referred to as the “Committee”).
[This Article Newly Inserted by Ordinance No. 6908, Oct. 4, 2018]

Article 5 (Designation of Persons Responsible for Protecting Personal Information) The Mayor shall designate persons responsible for protecting personal information, persons in charge of the protection of personal information, etc. under Article 31 of the Act and Article 32 (2) 1 of the Enforcement Decree of the Act.

Article 6 (Registration of Personal Information Files) The Mayor shall register the current status of the operation of personal information files under Article 32 of the Act with the Ministry of the Interior and Safety. The same shall also apply where any alteration is made to the matters registered. <Amended by Ordinance No. 6821, Mar. 22, 2018>

Article 7 (Countermeasures against Divulgence of Personal Information) (1) Where it is verified that personal information has actually been divulged, the Mayor shall notify without delay the relevant information subject of the following matters according to methods, such as in writing:
1. Items of personal information divulged;
2. Point in time when personal information was divulged and the details of divulgence;
3. Information about methods etc. that the information subject may use to mitigate loss that may be caused by the divulgence of personal information;
4. Countermeasures and procedures for relief from loss taken by the Seoul Metropolitan Government (hereinafter referred to as the "Seoul Government");
5. Where the information subject suffers from loss, the department in charge of the receipt of reports, etc. and the contact information thereof.
(2) Where personal information is divulged, the Mayor shall take necessary measures to mitigate loss caused by the divulgence of personal information. The Mayor may organize and operate the "Personal Information Infringement Countermeasures Center" according to the extent of the divulgence of personal information.
(3) Where personal information of at least 1,000 people is divulged, the Mayor shall publish the matters specified in the subparagraphs of paragraph (1) on the website for at least seven days along with methods, such as in writing, so that the information subject can readily recognize; and shall report the results of notification made under paragraph (1) and measures taken under paragraph (2) without delay, to the Minister of the Interior and Safety or a specialized institution (the Korea Internet and Security Agency). <Amended by Ordinance No. 6821, Mar. 22, 2018; Ordinance No. 6908, Oct. 4, 2018>

Article 8 (Charging and Payment of Fees) (1) Pursuant to Article 38 (3) of the Act and Article 47 (1) of the Enforcement Decree of the Act, the Mayor may charge an information subject (including agents referred to in Article 38 of the Act) fees and postage generated from the request for access under Article 35 of the Act; the request for correction or erasure under Article 36 of the Act; and the request for suspension, etc. of processing under Article 37 of the Act (hereinafter referred to as "request for access, etc.") in accordance with the attached Table of the Seoul Metropolitan Government Ordinance on Collection of Fees: Provided, That where any ground for the request for access, etc. pursuant to Article 47 (2) of the Decree lies in the Seoul Government, the Mayor shall not charge fees and postage referred to in paragraph (1). <Amended by Ordinance No. 7046, Mar. 28, 2019>
(2) The Seoul Government may receive fees and postage under paragraph (1) in the form of revenue stamps pursuant to Article 47 (3) of the Decree or by means of electronic payment under subparagraph 11 of Article 2 of the Electronic Financial Transactions Act.

Article 9 (Raising of Objections) (1) Where an information subject is dissatisfied with measures taken, such as rejection of a request for access, etc., he or she may raise an objection.
(2) The Mayor shall table an objection raised under paragraph (1), before the Deliberative Committee established under Article 10, for it to conduct deliberations and render advice thereon.
(3) After deliberations and seeking advice, the Mayor shall give a notice of decision on an objection, to the information subject who has raised the objection within 10 days in accordance with the relevant procedures.

Article 10 (Personal Information Protection Deliberative Committee) The Mayor shall establish the Personal Information Protection Deliberative Committee of the Seoul Metropolitan Government (hereinafter referred to as the "Committee") in order to deliberate on the following matters: <Amended by Ordinance No. 6908, Oct. 4, 2018>
1. Matters concerning objections raised under Article 9;
2. Matters concerning policies and institutional improvement with respect to personal information;
3. Formulation of master and action plans for protecting personal information or modification of important matters;
4. Other matters submitted by the Mayor for deliberation in relation to the protection of personal information.
[This Article Wholly Amended by Ordinance No. 6541, Jul. 13, 2017]

Article 11 (Composition of the Committee) (1) The Committee shall be composed of 15 members including one chairperson and one vice chairperson. <Amended by Ordinance No. 6908, Oct. 4, 2018>
(2) The Mayor may appoint or commission the following persons as Committee members. At least one person with a disability shall be included in the commissioned members, and members of a particular gender shall not exceed 6/10 of the total number of the commissioned members pursuant to the main sentence of Article 21 (2) of the Framework Act on Gender Equality: Provided, That this shall not apply where unavoidable causes are deemed to exist, such as the lack of professional personnel of a particular gender in the relevant field, and the Working Committee on Gender Equality passes a resolution thereon pursuant to the proviso of the same paragraph: <Amended by Ordinance No. 6908, Oct. 4, 2018>
1. A person responsible for protecting personal information under Article 5 of the Ordinance;
2. A member of a standing committee under the Seoul Metropolitan Council;
3. A person recommended by civil society organizations;
4. A person recommended by academic societies related to the protection of personal information;
5. A person with much knowledge and experience in the protection of personal information, including experts and professors;
6. Other persons deemed necessary by the Mayor.
(3) The chairperson of the Committee shall be responsible for protecting personal information, and the vice chairperson shall be elected among and by the commissioned members of the Committee. <Amended by Ordinance No. 6908, Oct. 4, 2018>
(4) The term of office of the commissioned members of the Committee shall be two years, and they may be consecutively recommissioned only once. <Amended by Ordinance No. 6821, Mar. 22, 2018>
(5) Where a commissioned member falls under any of the following, the Mayor may dismiss the member even before the expiration of the term of office of the member:
1. Where the member himself or herself wishes to be discharged from office;
2. Where the member is unable to perform his or her duties due to a disease requiring long-term treatment, at least six months of overseas travel, etc.;
3. Where the member has divulged confidential information learned in relation to his or her duties or has used such information for personal purposes;
4. Where the member engages in misconduct in relation to his or her duties, or misconduct that is deemed inappropriate for maintaining his or her position as a member;
5. Where the member is deemed unsuitable for a member due to neglect of duties, injury to dignity or other grounds.
[This Article Newly Inserted by Ordinance No. 6541, Jul. 13, 2017]
[Previous Article 11 moved to Article 13 <by Ordinance No. 6541, Jul. 13, 2017>]

Article 12 (Operation of the Committee) (1) The chairperson of the Committee shall represent the Committee and exercise general supervision over the affairs of the Committee. When the chairperson is unable to perform his or her duties due to any unavoidable reason, the vice chairperson shall act on behalf of the chairperson; and when the vice chairperson is also unable to perform the duties of the chairperson due to any unavoidable reason, a member designated in advance by the chairperson shall act on behalf of the chairperson.
(2) Meetings of the Committee shall be divided into regular meetings and special meetings. A regular meeting shall be held once a year, and a special meeting shall be convened by the chairperson of the Committee where deliberation is necessary on an objection raised under Article 9 or where requested by at least 1/2 of the members of the Committee or deemed necessary by the chairperson.
(3) The chairperson shall notify the members of the Committee of the schedule, agenda, etc. of a meeting not later than seven days before the meeting is held.
(4) A majority of the members of the Committee shall constitute a quorum, and any decision thereof shall require the concurring vote of a majority of those present.
(5) Deliberation shall be made in writing where an agenda item subject to deliberation is an insignificant matter or where such agenda item is a matter of urgency and thus time is not sufficient to hold a meeting attended by members. In such cases, deliberation may be conducted electronically. <Amended by Ordinance No. 6908, Oct. 4, 2018>
(6) The Committee shall have one executive secretary and one clerk to handle its affairs, and the Director of Information Communication & Security Division shall serve as the executive secretary while the deputy director of the personal information protection team shall serve as the clerk.
(7) The minutes of meetings of the Committee, other than personal information provided for in the Personal Information Protection Act, shall be open to the public: Provided, That such minutes may not be open to the public where deemed necessary by the chairperson.
(8) Allowances and travel expenses may be paid to the members who have attended meetings of the Committee within the budget according to the Seoul Metropolitan Government Ordinance on Committee Allowances and Expenses.
(9) Other matters necessary for the operation of the Committee shall be determined by a resolution of the Committee.
[This Article Newly Inserted by Ordinance No. 6541, Jul. 13, 2017]
[Previous Article 12 moved to Article 14 <by Ordinance No. 6541, Jul. 13, 2017>]

Article 13 (Supervision of Personal Information Handlers) (1) The Mayor shall exercise appropriate supervision and oversight over persons who process personal information under his or her supervision and direction (hereinafter referred to as "personal information handler"), so that personal information is managed safely.
(2) The Mayor shall conduct at least once a year regular education on the protection of personal information for personal information handlers of the Seoul Government, in order to ensure the appropriate handling thereof.
[Moved from Article 11 <by Ordinance No. 6541, Jul. 13, 2017>]

Article 14 (Purchasing Insurance and Entering into Mutual Aid Agreements) The Mayor may subscribe insurance, enter into a mutual aid agreement, etc. within the budget, in order to prepare for loss and compensation for damages due to the infringement of personal information while handling personal information.
[Moved from Article 12 <by Ordinance No. 6541, Jul. 13, 2017>]