Defendant shall be punished by a fine of KRW 3,000,000.

If the defendant does not pay the above fine, 100,000 won shall be one day.

Punishment of the crime

The defendant collected personal information, such as the names, addresses, telephone numbers of union members and general buyers, from the heads of B Housing Redevelopment Project Association consisting of 772 members (637 households) and 503 general buyers (343 households), and processed them for the affairs of the association.

From July 15, 2019 to July 18, 2019, from July 10, 2019 to July 17:30, 2019, the Defendant provided three employees of the “D”, who are the advertising company for commercial options contract, at the office of the said union located in Seodaemun-gu Seoul, Seodaemun-gu, Seoul, to the list of 628 members, 628 members’ names, present addresses, contact numbers, and 503 members’ names, present addresses, cell phone numbers, and home numbers, and recommended them to enter into an agreement for commercial options.

The Defendant, as a person who manages personal information, divulged 1131 personal information that he/she became aware of in the course of performing his/her duties, or provided it to another person without authority.

Summary of Evidence

1. The Defendant asserts to the effect that “the Defendant did not have any doubt” in his/her partial statement at the time, and that the Defendant’s act does not constitute “providing” under the Personal Information Protection Act, since he/she strictly prohibited D employees from copying a list or creating digital data upon return of personal information provided and allowed them to pursue civil and criminal liability in cases where members’ personal information were used after the exercise period. The employees worked in a partnership office and handled personal information, and the list was returned and kept at the time of retirement.

However, as long as the above employees handle personal information of the union members at an isolated space within the office with a resolution of the board of directors of the union, it cannot be deemed as “providing personal information.”

The consent letter submitted by the above employees is also the "personal information provided".