1. The defendant's appeal of this case is dismissed.

2. The costs of appeal shall be borne by the Defendant.

Purport of claim and appeal

1..

1. The reasoning of the judgment of this court citing the judgment of the court of first instance is the same as that of the court of first instance, except for the addition of the judgment of the defendant to the new argument that the defendant made in this court in addition to the following 2. Additional judgment, thereby citing it by the main sentence of

2. Additional determination

A. The defendant asserts to the effect that most of the plaintiffs' members issued a card as a off-line, cannot be "user" under the Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (i.e., "Information and Communications Network Act", and thus, the Act on Information and Communications Network Utilization and Information Protection, etc.

However, in light of all the provisions of the Information and Communications Network Act, it is reasonable to view that the Plaintiffs using the Defendant’s credit cards, etc. as the users of information and communications services provided by the Defendant, regardless of their subscription methods (the issuance of credit cards, etc. as an Lao), are users of information and communications services under the Information and Communications Network Act.

B. The defendant asserts that Article 9 of the Criteria for Measures to Secure the Safety of Personal Information is not a provision that is not a premise for the establishment of a security program with the function of preventing the leakage of personal information using USB joints.

However, if the above provision is comprehensively interpreted in light of Article 6(3) of the Personal Information Security Standard and Article 15(2) of the Enforcement Decree of the Information and Communications Network Act, it is deemed that the defendant can be able to take measures to block access to the USB meta, etc. which can be read and used to the defendant, so this part of the defendant's assertion is without merit.

C. Article 13(1)13 of the Electronic Financial Supervision Regulations prohibits multiple persons from using a device physically, and does not limit the use of “shared”, and Article 6(3) and (4) of the Personal Information Safety Measures Standard directly to a person who does not have access to the device.