|
Article 14
|
When the competent authority, the agency receiving reports on the implementation of cyber security maintenance plans as specified in Article 14 of this Act, or the central competent authority in charge of the relevant sector becomes aware of a major cyber security incident and announces the necessary contents and response measures related to the incident pursuant to Paragraph 5, Article 17 and Paragraph 5, Article 24 of this Act, it shall specify the time of occurrence or discovery of the incident, its cause, the extent of impact, the control status, and subsequent improvement measures.<br/>Where the necessary content and response measures related to the incident in the preceding paragraph fall under any of the following circumstances, they shall not be publicly announced:<br/>1. The information involving trade secrets or relating to business operations of an individual, juristic person, or group, the disclosure of which might infringe upon the rights or other legitimate interests of the government agency, individual, juristic person, or group, unless it is otherwise provided by law, necessary for the public interest or for the protection of the lives, bodies, or health of the people, or with the consent of the parties involved.<br/>2. Other circumstances where the information shall be kept confidential, or its disclosure restricted or prohibited, pursuant to laws and regulations.<br/>Where the necessary content and response measures related to the incidents in Paragraph 1 contain infor-mation that falls under the non-disclosure circumstances described in the preceding paragraph, only the remaining parts may be publicly announced.
|