싸이월드 개인정보 유출사건에 관한 판결에 나타난 쟁점에 대한 검토- 정보통신망법상의 보호조치에 관하여 - 서울중앙지방법원 2012. 11. 23. 선고, 2011가합90267 판결 ; 서울고등법원 2015. 3. 20. 선고, 2013나20047 판결 등 -

A serivce named Nateon and Cyworld run by SK Communications was attacked by a hacker in August 2011. The hacker acquired the ID and password of the person who has access to database server by a employee of the company who installed a non-commercial version of a software, Alzip that caused a installation of a keylogging program which is one kind of a malware. After that the hacker logged in to the server and obtained the personal information of the service members. During the litigation against the company, there was many legal claims for not following the legal standard of protective measures for personal information. Among many decisions of those claims, this paper reviews on the reasoning of court regarding following issues: 1) whether a policy of banning non-approved software and a failure to check the usage of non-approved software are one of the protective measure, 2) whether denying the causation between the usage of non-commercial version software and the leak of personal data is appropriate through the assumption the leak could not be stopped even if the company used commercial version of the software, Alzip because the hacker could successfully attacked the commercial version software, 3) whether some protective measures only applies to the leak conducted by employee even though the hacker gained the data through logging in as the employee’s account and using commands which are allowed to employees, 4) whether an omission of necessary measure in the companies guideline for personal data protection that is stipulated by the law constitutes a violation of the legal standard for personal data protection.