1. The part of the judgment of the court below against Defendant A is reversed.

2. The defendant A shall be punished by imprisonment with prison labor for ten months;

3.Provided, That.

1. Summary of grounds for appeal;

A. The defendants' punishment (the defendant A, C: imprisonment with prison labor for 10 months, defendant B, and D: one year) is too unreasonable.

B. The prosecutor’s sentence of the lower court is too unhued and unreasonable.

2. Determination

A. Personal information leakage accident has reached a number of victims, and the number of damages is huge, which is caused by the leakage accident, such as that the number of damages is up to a 00 million unit, and the leakage of the leaked information causes a wide range of damages again due to the occurrence of a second accident (such as scam, etc.) and the occurrence of a second accident. The information leaked due to the development of information and communication network has a possibility of transmitting and using it in the whole area via information and communication network in real time. Therefore, it is very serious problem in that it is impossible to block the expansion of damages caused by the leakage of personal information or to relieve the damage caused by the leakage of personal information.

B. The Act on the Protection of Personal Information (amended by Act No. 10465, Mar. 29, 201) was enacted in order to cope with damage caused by the divulgence of personal information. However, as a matter of course, there was a problem that it is inappropriate to divide the public sector and the private sector into several sectors to regulate the management and protection of personal information in the public and private sector by enacting the Personal Information Protection Act as a general law for the protection of personal information, and multiple individual laws including the “Act on the Use and Protection of Credit Information” governing credit information, “Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc.,” and “Act on the Collection and Use of Information and Communications Network Utilization and Information Protection, etc.,” which regulate the collection and use of personal information by information service providers, have been enacted and implemented.

C. Meanwhile, the personal information protection legislation is in the past.