• Font Size:
  • S
  • M
  • L

Relevant Laws

Title:Personal Data Protection Act (2015.12.30)
Article 6     Personal information of medical records, medical treatment, genetic information, sexual life, health examination and criminal records should not be collected, processed or used. However, the following situations are not subject to the limits set in the preceding sentence:
  1. when in accordance with law;
  2. when it is necessary for a government agency to perform its legal duties or for a non- government agency to fulfill its legal obligation, and proper security measures are adopted prior or subsequent to such collection, processing or use;
  3. when the Party has made public such information by himself, or when the information concerned has been publicized legally;
  4. where it is necessary to perform statistical or other academic research, a government agency or an academic research institution collects, processes, or uses personal information for the purpose of medical treatment, public health, or crime prevention. The information may not lead to the identification of a specific person after its processing by the provider, or from the disclosure by the collector;
  5. where it is necessary to assist a government agency in performing its legal duties or a non-government agency in fulfilling its legal obligations, and proper security measures are adopted prior or subsequent to such collection, processing, or use;
  6. where the Party has consented in writing; unless such consent exceeds the necessary scope of the specific purpose; the collection, processing or use merely with the consent of the Party is prohibited by other statutes; or such consent is against the Party’s will.
    Article 8 and Article 9 shall apply mutatis mutandis to the collection, processing, or use of personal information in accordance with the preceding Paragraph; Paragraphs 1, 2 and 4 of Article 7 shall apply mutatis mutandis to the written consent specified in Item 6 of the preceding Paragraph. The notification should be in written form.
Article 18     The government agency which keeps personal information files should assign personnel(s) on security and maintenance of those files to prevent them from being stolen, altered, damaged, destroyed or disclosed.
Article 19     Except the information stated in Paragraph 1 of Article 6, the non-government agency should not collect or process personal information unless there is a specific purpose and should comply with one of the following conditions:
  1. it is in accordance with law;
  2. there is a contractual or quasi-contractual relationship between the Parties, and proper security measures have been adopted;
  3. the Party has made public such information by himself or when the information has been publicized legally;
  4. it is necessary for public interests on statistics or the purpose of academic research conducted by a research institution. The information may not lead to the identification of a specific person after its processing by the provider, or from the disclosure by the collector;
  5. consent has been given by the Party;
  6. it is necessary to promote public interests;
  7. the personal information is obtained from publicly available resources. However, it is exempted if the information is limited by the Party on the processing or use and the interests of the Party should be protected;
  8. the rights and interests of the Party are not harmed.
    By the time when the collector or processor realizes or has been notified of the provision in Item 7 of the preceding Paragraph by the Party, he should delete, stop processing or using the personal information, ex officio or upon the request of the Party.
Article 27     The non-government agency which keeps personal information files should adopt proper security measures to prevent them from being stolen, altered, damaged, destroyed or disclosed.
    The government authority in charge of subject industry at the central government level may designate a non-government agency for setting up the plan of security measures for the personal information file or the disposal measures for the personal information after termination of business.
    The rules of the fore-mentioned plan and processing methods should be set up by the government authority in charge of subject industry at the central government level.