(영문) 서울행정법원 2020.9.17. 선고 2020구합58311 판결

A. On June 26, 2009, the Plaintiff obtained authorization for a remote lifelong education facility under Article 33 of the Lifelong Education Act, and changed the name of the institution into a "D Lifelong Education Center" (hereinafter referred to as the "Lifelong Education Center of this case") on April 6, 2010, and received the assessment and approval from the Defendant every year.

B. On June 13, 2019, the Plaintiff filed an application for the assessment recognition with the Defendant for 35 learning courses (23 subjects of re-assessment, 12 subjects of new evaluation) (hereinafter “application for the assessment recognition of this case”).

C. On February 27, 2020, the Defendant issued a notice that the instant lifelong education institute failed to comply with the two items among the evaluation indexes of basic and operational conditions as follows (hereinafter “instant previous disposition”).

Institutional Name: Dental Lifelong Education Institute

A person shall be appointed.

1. The evaluation area of basic and operational conditions;

A person shall be appointed.

D. On April 24, 2020, the defendant revoked ex officio on the ground that there is a procedural defect that did not present a specific reason for the previous disposition and a method of appeal, and then notified the result of the assessment and assessment by specifying the reasons for the disposition as follows (hereinafter “instant disposition”).

1.2.2.1 of the evaluation index 1.2.2.2.2.2.1 whether remote education facilities are secured; 1.the evaluation index 1.2.2.2.2.2.2.the evaluation index 1.2.2.2.2.2.2.the data processing function of the remote education facilities and equipment standards (DBer 1) is judged as a temporary measure after the on-site evaluation; it is difficult to determine that the database has been submitted as 1) HA high-value - the method of application and contract; 2) the dualization of the method of application is not satisfied; 3) the application, contract, and the evaluation index 1.2.2.24 of the evaluation index 1.2. the identification method is inappropriate; the temporary manager 1. The data processing function of the personal information is determined as a supplementary measure after the on-site evaluation; 2) the data manager is determined as at the time of the on-site evaluation; 3) the data manager and the manager at the time of the on-site evaluation (2) is inappropriate at the outside manager at the time of access (3).

[Ground of recognition] Facts without dispute, Gap evidence Nos. 1, 3, 4, 9 (including branch numbers, hereinafter the same shall apply), Eul evidence No. 1, and the purport of the whole pleadings

2. Whether the disposition is lawful;

A. Whether the grounds for the disposition are recognized

1) Whether distance education facilities are installed

A) Party’s assertion

(1) Plaintiff

The Institute of Lifelong Education (hereinafter referred to as the "DB server") held two IP addresses via the database server (hereinafter referred to as the "E server") and IP addresses (hereinafter referred to as the "F server"). Since the above two servers are dualized by the display method, evaluation indices related to the securing of distance education facilities were satisfied.

(2) Defendant

(A) School administration for data submitted by the Plaintiff at the time of applying for the assessment recognition of this case

Inasmuch as the IP addresses of the DB server and the DB server are equally indicated as E, and the F server is written as the DB server, not the DB server, the DB server of the instant Lifelong Education Center is the first E server. At the time of filing the objection, the IP G server (hereinafter referred to as the “G server”) that the Plaintiff asserted as the backer was not written in the data submitted at the time of filing the instant application for the assessment and approval. Ultimately, the Lifelong Education Center of this case did not satisfy the remote education equipment assessment index by holding only one DB server.

(B) Even if the E server and the F server were dualized as the Plaintiff’s assertion, the instant lifelong education center failed to separately provide the DB server, and thus failed to meet the evaluation index relating to the distance education facilities.

(C) Even if the Plaintiff owns the number of servers that meet the evaluation index criteria for distance education facilities, the Plaintiff operated various sites, such as H, I, J, and K irrelevant to the Credit Bank System, and thus, it cannot be confirmed whether a server among the above servers is a server that actually used for the Credit Bank System.

B) the facts of recognition

(1) The part of the “basic and operational environment assessment field” among the application for assessment recognition submitted by the Plaintiff to the Defendant at the time of the application for assessment recognition of this case (hereinafter “application for assessment recognition of this case”) is indicated as follows as to the “OTP server of the lifelong education center of this case.”

A person shall be appointed.

(2) At the time of the application for the assessment and approval of this case, the part of the contract for the purchase of the "Stling and service use contract" (hereinafter referred to as the "the contract of this case") between the Plaintiff and L Co., Ltd. (hereinafter referred to as the "L") submitted by the Plaintiff at the time of the application for the assessment and approval of this case is indicated as follows that the lifelong education institute of this case has a total of 10 servers, including the data server (name M), database backer (N), and white server (registered name 0).

A person shall be appointed.

(3) At the time of October 11, 2019, the on-site evaluation of the instant lifelong education center was conducted, indicated that the E server, the F server, and the G server among the servers of the instant lifelong education center, which were supported by the IMO center, are included in the photographs capturing the screen of the service support status of the IMO center center, submitted by the Plaintiff by the Plaintiff.

(4) On December 3, 2019, L’s confirmation letter is written as follows:

A person shall be appointed.

[Ground of recognition] Facts without dispute, entry of Gap evidence Nos. 5, 6, 18, and the purport of the whole pleadings

C) Determination

(1) The work process guidelines concerning recognition of the contents of the relevant regulations (No. 2019-204 of the Ministry of Education’s notice on December 4, 2019; hereinafter referred to as “instant work process guidelines”) [Attachment 3-2] provide for the following matters with respect to “Sber and network equipment standards that must be equipped with distance education facilities:

A person shall be appointed.

(2) Specific determination

In light of the following facts and circumstances, it is reasonable to view that the instant lifelong education center was holding the E server and the F server as the DB server, and the said two servers were dualized by the HU method. Therefore, it is reasonable to view that the Plaintiff’s assertion on this part is with merit.

(A) The instant contract submitted by the Plaintiff at the time of the application for the assessment recognition of the instant case, stating that the E server (based on the model M), the “data server,” the “data server (based on the model P),” and the “G server (based on the model name P),” are “the white server,” and it is reasonable to view that the Plaintiff indicated that the E server and the F server were dualized from the time of the application for the assessment recognition of the instant case, and that the G server was the white server.

(B) The work process guidelines of this case stipulate that it is possible to consolidate school administration DB and DB of DB of DB of DB of DB of DB, and in the event that the school administration DB and DB of DB of DB of DB of DB of DB of DB of DB of DB of DB of DB of DB, both IP addresses are bound to be identical. Therefore, the Plaintiff cannot be deemed to have failed to meet the requirements for dualization of DB server solely on the ground that the Plaintiff used

(C) In addition, while the F server stated the data submitted by the Plaintiff at the time of the application for the assessment recognition of the instant case as “the database back server” or “DB for back-up,” the F server’s method of double-formation as “one master server and one or more Slave servers,” considering that the method of double-formation was the method of continuing the service as the Slave server in the event that the damage to the Mve server occurs, the Plaintiff appears to be indicated as “the database back server” or “DB for back-up use” in the sense that the F server is the Mve server among the DB server where the F server was dualized, in view of the fact that the F server was written as “the database back-up server or “DB” or “B for back-up use.” Therefore, it cannot be deemed as a back-up server rather than the DB server.

(D) According to the photographs and videos taken by the Internet Lifelong Education Center’s servers, which are managed by the IDC Center, there are a total of 10 servers, including the E server, the F server, and the G servers, as the credit bank servers of the instant Lifelong Education Center, and the said ten servers are confirmed separately from the Plaintiff’s other businesses (H, I, etc.).

(E) Meanwhile, the new notice letter of the results of the assessment and assessment sent by the Defendant to the Plaintiff indicates that “HA high-priced - fluoring dualization does not satisfy the decentralization function.” However, the documents related to doubleization (Evidence A 15) written by the system DNA, which were drafted by AB, include doubleization method and HArush method. While the HArush method has a divated function, while the HArush method has no divation function, it stated that the HArush method has no divation function; ② there is no content that dualization method is limited by HArush method or excludes the application form from doubleization method without meeting the 2019 Fluxation method. ③ From 2013 to 2018 to 2018 to 2018 to 300 to 2018 to 200 to 2018 to 300 to 2018 to 2018 to 200.

2) Whether the password violates the password method

A) Party’s assertion

(1) The plaintiff;

Since the lifelong education center of this case uses the password crypt method, which is a one-way coding method, mixed with the AES method, which is a two direction coding method, Article 7(2) of the Criteria for Measures to Secure the Safety of Personal Information (No. 2019-47, Jun. 7, 2019; hereinafter the same shall apply) is satisfied.

(2) Defendant

According to the data submitted by the Plaintiff at the time of the application for the instant recognition and the results of field assessment, it was confirmed that the lifelong education center of the instant case was using the AES method rather than the crypryp method by the cryp method, which is the two direction coding methods. The Plaintiff asserted that the Plaintiff was used by mixing the HA256 method, but the HA256 method is not recognized as the data submitted by the Plaintiff at the time of the application for

B) Determination

(1) Contents of the relevant provisions

Article 7 (2) of the Criteria for Measures to Secure the Safety of Personal Information provides that "the personal information manager shall store the password and bio-information in encryption: Provided, That where he/she stores the password, he/she shall store the password in one direction so that it does not decry it."

(2) Specific determination

In light of the following facts, it is reasonable to view that the lifelong education center of this case complies with Article 7(2) of the standards for measures to ensure the safety of personal information, since it uses both a one-way coding method and a two-way coding method by the password method, in light of the following facts, which can be recognized by the respective descriptions of Gap 7, 16, and Eul 4 and the purport of the whole pleadings. Therefore, this part of the

(A) The personal information protection guidelines submitted by the Plaintiff at the time of the application for the assessment recognition of the instant case stated as follows not only the AES method, which is a two-way coding method, but also the “one-way coding storage.”

A person shall be appointed.

(B) The written opinion of the AC, the holder of the qualifications for CISDP (International Authorized Information System Security Experts) and CISD (International Authorized Information System Security Auditor), stated, “The relevant institution (the instant Lifelong Education Center) encrypteds its password and unique identification numbers, and its unique identification numbers are AES algorithm, and its passwords are identified as AES algorithm, and the AHA-256 algorithm. As a result, it satisfies the first direction-crym coding standards for passwords and satisfies the requirements of Article 7(2) of the Criteria for Measures to Secure the Safety of Personal Information.”

(C) According to the cryptive photo of the cryptive screen of the instant lifelong education center, it can be confirmed that both the AES method and the SHA-256 method are being used, a one-way coding method.

3) Whether an unauthorized person’s personal information has been accessed

A) Party’s assertion

(1) The plaintiff;

The Plaintiff did not permit access to the personal information processing system of an outside person without authorization. The IP claimed by the Defendant as an external IP is an internal IP of the Lifelong Education Center of this case. The Plaintiff’s worker during the training period employed by the Plaintiff, the part-time worker, and the part-time worker’s ID merely access to the area where personal information is not handled among the school affairs management system of the Lifelong Education Center of this case, and their access to personal information is impossible. The log records confirmed by the evaluation committee at the time of the on-site evaluation are recorded in both the personal information handler and the U.S. handler’s ID. As such, there is no choice but to be any difference between the personal information handler and the U.S. handler’s ID, which the Plaintiff submitted to the Defendant. Since the Plaintiff restricted access to the IP address and restricted access to the personal information processing system of the unauthorized Person, the criteria for securing the safety of personal information did not violate Articles 6 and 10.

(2) Defendant

As a result of the verification of D’s access to the school affairs management system at the time of the on-site evaluation of the instant lifelong education center, it was confirmed that several ID, which were not entered in the list of the managers submitted by the Plaintiff, had access to the school affairs management system in other IP areas during the same time period. Since the Plaintiff permitted access to the personal information processing system of an outside person not authorized, it violated Articles 6 and 10 of the Criteria for Measures to Secure the Safety of Personal Information.

B) Determination

(1) Contents of the relevant provisions

According to the standards for securing the safety of personal information, a personal information manager shall restrict access to the personal information processing system to prevent illegal access and intrusion through an information and communications network and restrict unauthorized access (Article 6(1)1) by limiting access to the personal information processing system to IP addresses, etc. (Article 6(1)1), and take measures to prevent unauthorized access by a person who has not obtained authorization to prevent personal information intrusion, such as leakage of personal information, from arbitrarily accessing a device for management (Article 10 Subparag.

(2) Specific determination

In light of the following facts, it is reasonable to view that the Plaintiff satisfies the requirements under subparagraphs 6 and 10 of the criteria for measures to ensure the safety of personal information, since it limits the right to access to the school management system of the lifelong education center of this case to the internal IP address of the lifelong education center of this case and limits access to the personal information processing system of outside persons, who are not personal information handlers, to the internal IP address of the lifelong education center of this case. Accordingly, this part of the Plaintiff’s assertion is with merit.

(A) An IP address AD and AE presented as evidence that the Defendant had access to the outside is not an external IP address but an internal IP address of the instant lifelong education center.

(B) If you attempt to access the page of the instant Lifelong Education Center to the external IP address, I indicate a guide "it is impossible to use the page at that location."

(C) The AC’s opinion confirms that “the relevant institute (the instant lifelong education institute) has restricted the right to access to the IP address. However, in using the Internet network, it was supplied by the network supplier (AF) with a network with different breadths. The 2nd and 3th floor of the building used by the relevant institute were using a network IP station different from each other, and the 2nd and third floor of the building used by the relevant institution was using the Outbdododododododododododododododododododododomen (referring to the IP address recorded in the log when accessing the personal information processing system via the Internet network at the relevant institution, i.e., the IP address used when communicating from the internal network to the external network) was used in the same time, and it was confirmed that only two IP stations (AE, AD) were used in the personal information processing system, and that only the relevant two IP stations were controlled by the manager of the relevant personal information processing system, and thus, it was confirmed that the safety requirement of the access authority was satisfied.

(D) Considering the fact that the log records confirmed by the evaluation committee at the time of field evaluation are deemed to have been recorded without the classification of the non-personal information handler as well as the log records, and that all of the IP addresses recorded in the log records are the internal IP addresses of the lifelong education center of this case, and that the plaintiff is part-time workers employed by the part-time worker or the worker during the management period for the content inspection and management, and the plaintiff is claiming that the access to the personal information is impossible, considering the fact that the log records are the access records of the non-personal information handler, which do not fall under the log records of this case, are connected to the personal information processing system.

4) Whether the authority to access the personal information processing system is differentiated

A) Party’s assertion

(1) Plaintiff

The Plaintiff granted differential classification to A, B, C, and D according to the duties of the Plaintiff’s authority to access the personal information processing system of the instant Lifelong Education Institute. This can be confirmed when considering the function of the manager among the school affairs management system of the instant Lifelong Education Institute. The entry of only 1 and 1 million on the inquiry screen is 100,000 in the highest manager, and the other person is 10,000 in the highest manager’s authority.

(2) Defendant

The Plaintiff stated that the access authority to the personal information processing system was granted to the data submitted at the time of the application for the assessment and approval of the instant case. However, as a result of the on-site assessment of the instant lifelong education center, the access authority to the personal information processing system was confirmed to be divided into class A and class 100 only. Therefore, the instant lifelong education center cannot be deemed to have granted differential access authority to the personal information processing system.

B) Determination

(1) Contents of the relevant provisions

Article 5 (1) of the Personal Information Protection Act provides that "the personal information manager shall give differential access to the personal information processing system to the minimum extent necessary for performing his/her duties."

(2) Specific determination

In light of the following facts and circumstances, it is reasonable to view that the instant lifelong education center granted access authority to the personal information processing system to Class A, B, C, and D, in view of the respective descriptions of the evidence Nos. 5, 7, and 16 and the overall purport of the pleadings.

Therefore, this part of the plaintiff's assertion is justified.

(A) The written application for the assessment and approval of this case states that “personal information processing system (school affairs management system): differentiated authority by grade and department.”

(B) The Guidelines for the Protection of Personal Information of Lifelong Education Institute stated as follows that the access authority to the school management system (Lms) for each department is granted differentiated levels A, B, C, and D.

3. Technical measures: Access control of personal information and limited 1) Transmittal transmission via an information and communications medium (ucoding) 2) Access control system (learning management system) ;

A person shall be appointed.

3) Personal information management system (personal information management system)

A person shall be appointed.

4. (1) Physical Restrictions on physical storage and access control 2) Procedures for access to the document storage room 3) Personal information collection (documents) and preservation period;

A person shall be appointed.

(C) In relation to the list of managers among the school affairs management system of the instant Lifelong Education Institute, the Plaintiff asserts that the “100” or “100” is merely the “10” or “1” to promptly identify the highest manager, and that the “1” or “100” is irrelevant to the establishment of access authority to the personal information processing system, and there is no other evidence to deem that the said “1” or “100” is related to the establishment of access authority to the personal information.

(D) The AC’s opinion confirmed that “the level of the manager was differentiated as a result of confirming the internal data of the relevant institution (the instant lifelong education center)’s system, and that the manager’s authority was granted differentially in terms of the “manager’s authority” function. The indication in the list of managers in 1,100 was confirmed to be simple that only the highest manager can be identified. Accordingly, it is stated that “I meet the requirements for the measures to ensure the safety of personal information.”

B. Sub-determination

The instant disposition is unlawful without any need to further examine the Plaintiff’s assertion of deviation or abuse of discretionary power, since the grounds for the instant disposition are not recognized.

3. Conclusion

Therefore, the plaintiff's claim of this case is reasonable, and it is decided as per Disposition.

Judges

Judges of the presiding judge, Hong-soo

Judges Kim Jae-sik

Judges Kim Gin-han

Attached Form

A person shall be appointed.

참조조문

-평생교육법 제33조

유사 판례

-대전지방법원 2014.8.14.선고 2012가합101743 판결

-서울서부지방법원 2014.4.17.선고 2013가합30752 판결

-서울고등법원 2015.3.20.선고 2013나20047 판결

-서울고등법원 2018. 8. 24. 선고 2016누64533 판결

-대법원 2018.10.25 2018다219406