Background

      Agencies are required to comply with regulations on the collection, processing, and use of personal data for epidemic prevention.

I.  In order to prevent the epidemic from spreading, all agencies must collect, process, or utilize personal data to assist with epidemic prevention. In order to prevent damage to people’s right of identity and to utilize data in a reasonable manner, all agencies must properly implement and execute personal data protection.

II. In addition to complying with the Special Act for Prevention, Relief and Revitalization Measures for Severe Pneumonia with Novel Pathogens and Communicable Disease Control Act, agencies must also comply with the Personal Data Protection Act when collecting, processing, and using personal data for epidemic prevention.
III. People's rights and interests must be protected when collecting, processing or using their personal data, which must comply with the principle of minimality and may not exceed the scope necessary for epidemic prevention.

IV. Government agencies must fulfill their obligation to protect the safety of personal data that is collected, and adopt suitable technological and organizational security measures to prevent personal data from being stolen, tampered with, damaged, destroyed, or leaked.

V. After the specific purpose for personal data collection no longer exists, agencies must actively delete personal data that is no longer required.

VI. When citizens exercise their rights in accordance with the Personal Data Protection Act, such as request to access, cease processing and use, or delete their data, agencies must comply and handle the request in accordance with the law