• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.591-605
• /
• 2017

The right to informational self-determination refers to the constitutional right for an individual, which is approved by the constitutional court, to decide what contents the collected information comprises and to control the circulation of information relation to oneself. It contains claim for inspection of personal information(The right to informational self-access) as a right for individual to review information of current state and processing history which information holders have. To assure the right to informational self-access, individual must be notified of the processing history of information by information holders regardless of individual's request(The unconditional right to informational self-access). This study will analyse current status of domestic and foreign legislation and global regulation which are related to the unconditional right to informational self-access. In addition, the action of domestic corporations will be introduced. Finally, it will be concluded with relevant problems and solutions to solve the problems.

• The Journal of Information Systems
• /
• v.28 no.4
• /
• pp.65-103
• /
• 2019

Purpose The purpose of this study is to find out in extent to which the companies in Korea and oversea, which has been subjected by different laws of their country, have guaranteed the personal information rights and have provided proper 'right to access' to the information subjects. Design/methodology/approach This study compared Korean laws with 'General Data Protection Regulation (GDPR)' of EU and 'California Consumer Privacy Act (CCPA)' to check each of the level of 'right to access' guarantee. In terms of the difference in guaranteeing the right, this study compared Korean IT leading companies with US global leading IT companies to find out how much 'right to access' are properly implemented in their policies and functions they provide. Findings The result of the study shows that 'right to access' has not been well guaranteed by Korean law, as it does not provide the right to choose method and medium by information subjects and does not clarify the types of diverse information. This was clearly opposite with the other laws providing the right to choose what method and medium that subjects want with clarifying every types of personal information possible to be more. In addition, 'right to access' has not been well guaranteed by Korean companies in comparison with by the oversea companies which proactively guarantee the right by setting the function enabling subjects to browse their information through their websites or applications.

• The Korean Society of Law and Medicine
• /
• v.13 no.1
• /
• pp.359-395
• /
• 2012

In a broad term, health and medical data means all patient information that has been generated or circulated in government health and medical policies, such as medical research and public health, and all sorts of health and medical fields as well as patients' personal data, referred as medical data (filled out as medical record forms) by medical institutions. The kinds of health and medical data in medical records are prescribed by Articles on required medical data and the terms of recordkeeping in the Enforcement Decree of the Medical Service Act. As EMR, OCS, LIS, telemedicine and u-health emerges, sharing and protecting digital health and medical data is at issue in these days. At medical institutions, health and medical data, such as medical records, is classified as "sensitive information" and thus is protected strictly. However, due to the circulative property of information, health and medical data can be public as well as being private. The legal grounds of health and medical data as such are based on the right to informational self-determination, which is one of the fundamental rights derived from the Constitution. In there, patients' rights to refuse the collection of information, to control recordkeeping (to demand access, correction or deletion) and to control using and sharing of information are rooted. In any processing of health and medical data, such as generating, recording, storing, using or disposing, privacy can be violated in many ways, including the leakage, forgery, falsification or abuse of information. That is why laws, such as the Medical Service Act and the Personal Data Protection Law, and the Guideline for Protection of Personal Data at Medical Institutions (by the Ministry of Health and Welfare) provide for technical, physical, administrative and legal safeguards on those who handle personal data (health and medical information-processing personnel and medical institutions). The Personal Data Protection Law provides for the collection, use and sharing of personal data, and the regulation thereon, the disposal of information, the means of receiving consent, and the regulation of processing of personal data. On the contrary, health and medical data can be inspected or delivered of the copies, based on the principle of restriction on fundamental rights prescribed by the Constitution. For instance, Article 21(Access to Record) of the Medical Service Act, and the Personal Data Protection Law prescribe self-disclosure, the release of information by family members or by laws, the exchange of medical data due to patient transfer, the secondary use of medical data, such as medical research, and the release of information and the release of information required by the Personal Data Protection Law.

• THE INTERNATIONAL COMMERCE & LAW REVIEW
• /
• v.23
• /
• pp.155-219
• /
• 2004

This paper focuses on two recent legislative developments in electronic commerce: the "Uniform Computer Information Transactions Act" ("UCITA") of USA and the "preliminary draft convention on the use of data message in [international trade] [the context of international contracts]" ("preliminary draft Convention") of UNCITRAL. UCITA provides rules contracts for computer information transactions. UCITA supplies modified contract formation rules adapted to permit and to facilitate electronic contracting. UCITA also adjusts commonly recognized warranties as appropriate for computer information transactions; for example, to recognize the international context in connection with protection against infringement and misappropriation, and First Amendment considerations involved with informational content. Furthermore, UCITA adapts traditional rules as to what is acceptable performance to the context of computer information transactions, including providing rules for the protection of the parties concerning the electronic regulation of performance to clarify that the appropriate general rule is one of material breach with respect to cancellation (rather than so-called perfect tender). UCITA also supplies guidance in the case of certain specialized types of contracts, e.g., access contracts and for termination of contracts. While for the most part carrying over the familiar rules of Article 2 concerning breach when appropriate in the context of the tangible medium on which the information is fixed, but also adapting common law rules and rules from Article 2 on waiver, cure, assurance and anticipatory breach to the context of computer information transactions, UCITA provides a remedy structure somewhat modeled on that of Article 2 but adapted in significant respects to the different context of a computer information transaction. For example, UCITA contains very important limitations on the generally recognized common law right of self-help as applicable in the electronic context. The UNCITRAL's preliminary draft Convention applies to the use of data messages in connection with an existing or contemplated contract between parties whose places of business are in different States. Nothing in the Convention affects the application of any rule of law that may require the parties to disclose their identities, places of business or other information, or relieves a party from the legal consequences of making inaccurate or false statements in that regard. Likewise, nothing in the Convention requires a contract or any other communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract to be made or evidenced in any particular form. Under the Convention, a communication, declaration, demand, notice or request that the parties are required to make or choose to make in connection with an existing or contemplated contract, including an offer and the acceptance of an offer, is conveyed by means of data messages. Also, the Convention provides for use of automated information systems for contract formation: a contract formed by the interaction of an automated information system and a person, or by the interaction of automated information systems, shall not be denied on the sole ground that no person reviewed each of the individual actions carried out by such systems or the resulting agreement. Further, the Convention provides that, unless otherwise agreed by the parties, a contract concluded by a person that accesses an automated information system of another party has no legal effect and is not enforceable if the person made an error in a data message and (a) the automated information system did not provide the person with an opportunity to prevent or correct the error; (b) the person notifies the other party of the error as soon as practicable when the person making the error learns of it and indicates that he or she made an error in the data message; (c) The person takes reasonable steps, including steps that conform to the other party's instructions, to return the goods or services received, if any, as a result of the error or, if instructed to do so, to destroy such goods or services.