미국의 개인정보보호 관련 법·정책의 변화와 시사점

In 2014, Korea has experienced unprecedented on-line data breach by three major credit card companies that involved at roughly around hundred milion credit card users privacy information. Demand for enhanced security of privacy has suddenly skyrocketed in Korea, but due to the lax and ambiguous regulations that are in effect, many believe that the privacy fiasco might continue to erupt in Korea for sometime. While Korea is one of the countries that has government-led policies for ICT sectors, and accordingly, the government being the primary organ for privacy governance and management, the U.S.takes a quite different approach regarding on-line privacy. Main difference of the U.S. legal institution concerning the on-line privacy is that the U.S. government assumes mininum role in promulgating privacy norms, and supplements the diminished governments role by encouraging divergent stakeholders to a roundtable for self-regulations. Such a difference between the two systems can be summarized as Korea maintaining a standard guideline system, whereas the U.S. operates on a minimum standard system. Each of the two has their advantages and disadvantages in maintaining and governing the privacy issues, and therefore the paper shall examine the salient features of the U.S. legal framework as well as its recent policy development efforts. While the U.S. legal framework appears to be incompatible with that of Korean institutions, U.S. self-regulation agreement regarding privacy issues by the multistakeholders clearly exhibit some merits that is worth reviewing. Adopting the U.S. self-regulation approach on an experimental basis for a limited scope of privacy issues in Korea could possibly provide incentives for enterprises collecting and maintaining consumers privacy information and offer flexible control power to Korean government as well as a solutions to criticisms that strict regulation de-motivates further development in the ICT sector.