게시일 : 2025-12-12
의견 수렴 후 최종버전이 공개되었습니다.
업무에 참고하세요.
ㅇ 발간 목적
본 안내서는 공공기관의 인공지능(AI) 도입·활용 시 개인정보보호 강화 등을 위해 개정된 구체적인 평가기준과 방법을 안내할 목적으로 마련되었습니다.
ㅇ 발간 이력
- '25.10. 초안 공개 및 의견수렴 (국가정보자원관리원 화재로 인해 한국인터넷진흥원 홈페이지에 게시)
- '25.11. 개인정보위 공식 홈페이지에 게시
- '25.12. 의견수렴('25.10.31~11.20.) 내용 일부 반영 및 일부 오타 수정(397쪽 근거 조문 등)
===========================================================================
게시일 : 2025-10-31
개인정보 영향평가 수행안내서가 공개되었습니다.
아직은 최종버전은 아니고 이해관계자 의견 수렴 후 최종버전을 공개할 예정인가 봅니다.
2024년 개인정보 영향평가 수행안내서와 차이점은 다음 정도로 보입니다.
업무에 참고하시기 바랍니다.
[목차]
I 총론
제1절 개인정보 영향평가 개요 ····································································· 10
1. 개념 ······························································································ 10
2. 목적 및 필요성 ·············································································· 10
3. 평가 대상 ······················································································ 10
4. 평가 시기 ······················································································ 13
5. 평가 수행 주체 ·············································································· 14
6. 평가 수행 체계 ·············································································· 14
제2절 용어정의 및 추진근거 ········································································ 15
1. 용어정의 ······················································································· 15
2. 추진근거 ······················································································· 17
제3절 영향평가 수행 절차 요약 ··································································· 18
II 영향평가 수행절차
제1절 영향평가 사전준비 단계 ····································································· 21
1. 사업계획의 작성 ··········································································· 21
2. 영향평가 기관 선정 ······································································· 24
제2절 영향평가 수행단계 ············································································· 26
1. 영향평가 수행계획 수립 ································································ 26
2. 평가자료 수집 ··············································································· 31
3. 개인정보 흐름 분석 ······································································· 34
4. 개인정보 침해요인 분석 ································································ 57
5. 개선계획 수립 ··············································································· 69
6. 영향평가서 및 요약본 작성 ···························································· 72
제3절 이행단계 ··························································································· 86
1. 이행점검 ······················································································· 86
III 영향평가 항목
제1절 개인정보 영향평가 항목 개요 ····························································· 90
제2절 개인정보 영향평가 항목 설명 ·························································· 101
1. 대상기관 개인정보보호 관리체계 ················································ 101
1.1 개인정보보호 조직 ······························································· 101
1.2 개인정보 보호계획 ······························································· 106
1.3 개인정보 침해대응 ······························································· 113
1.4 정보주체 권리보장 ······························································· 118
2. 대상시스템의 개인정보보호 관리체계 ········································· 127
2.1 개인정보취급자 관리 ···························································· 127
2.2 개인정보파일 관리 ······························································· 132
2.3 개인정보 처리방침 ······························································· 139
2.4 공공시스템 내부 관리계획 ···················································· 147
3. 개인정보 처리단계별 보호조치 ···················································· 152
3.1 수집 ····················································································· 152
3.2 보유 ····················································································· 177
3.3 이용‧제공 ·········································································· 181
3.4 위탁 ····················································································· 202
3.5 파기 ····················································································· 210
4. 대상시스템의 기술적 보호조치 ···················································· 218
4.1 접근권한 관리 ······································································ 218
4.2 접근통제 ·············································································· 244
4.3 개인정보의 암호화 ······························································· 263
4.4 접속기록의 보관 및 점검 ······················································ 275
4.5 악성프로그램 등 방지 ··························································· 286
4.6 물리적 접근방지 ·································································· 290
4.7 개인정보의 파기 ·································································· 294
4.8 기타 기술적 보호조치 ··························································· 297
4.9 개인정보 처리구역 보호조치 ··················································· 306
5. 특정 IT 기술 활용 시 개인정보보호 ············································· 311
5.1 고정형 영상정보처리기기 ····················································· 311
5.2 이동형 영상정보처리기기 ····················································· 324
5.3 생체인식정보 ······································································· 331
5.4 위치정보 ·············································································· 334
5.5 가명정보 ·············································································· 338
5.6 자동화된 결정 ······································································ 363
5.7 인공지능(AI) ········································································ 366
부록 1. 개인정보 영향평가서 양식 ····························································· 403
부록 2. 개인정보 영향평가 FAQ ······························································· 445
출처 : 개인정보 영향평가 수행안내서(2025.10. 개정)
게시일 : 2025-12-12
의견 수렴 후 최종버전이 공개되었습니다.
업무에 참고하세요.
ㅇ 발간 목적
본 안내서는 공공기관의 인공지능(AI) 도입·활용 시 개인정보보호 강화 등을 위해 개정된 구체적인 평가기준과 방법을 안내할 목적으로 마련되었습니다.
ㅇ 발간 이력
- '25.10. 초안 공개 및 의견수렴 (국가정보자원관리원 화재로 인해 한국인터넷진흥원 홈페이지에 게시)
- '25.11. 개인정보위 공식 홈페이지에 게시
- '25.12. 의견수렴('25.10.31~11.20.) 내용 일부 반영 및 일부 오타 수정(397쪽 근거 조문 등)
===========================================================================
게시일 : 2025-10-31
개인정보 영향평가 수행안내서가 공개되었습니다.
아직은 최종버전은 아니고 이해관계자 의견 수렴 후 최종버전을 공개할 예정인가 봅니다.
2024년 개인정보 영향평가 수행안내서와 차이점은 다음 정도로 보입니다.
자동화된 결정 대응
(구성은 변경됨)
(제5영역)
업무에 참고하시기 바랍니다.
[목차]
I 총론
제1절 개인정보 영향평가 개요 ····································································· 10
1. 개념 ······························································································ 10
2. 목적 및 필요성 ·············································································· 10
3. 평가 대상 ······················································································ 10
4. 평가 시기 ······················································································ 13
5. 평가 수행 주체 ·············································································· 14
6. 평가 수행 체계 ·············································································· 14
제2절 용어정의 및 추진근거 ········································································ 15
1. 용어정의 ······················································································· 15
2. 추진근거 ······················································································· 17
제3절 영향평가 수행 절차 요약 ··································································· 18
II 영향평가 수행절차
제1절 영향평가 사전준비 단계 ····································································· 21
1. 사업계획의 작성 ··········································································· 21
2. 영향평가 기관 선정 ······································································· 24
제2절 영향평가 수행단계 ············································································· 26
1. 영향평가 수행계획 수립 ································································ 26
2. 평가자료 수집 ··············································································· 31
3. 개인정보 흐름 분석 ······································································· 34
4. 개인정보 침해요인 분석 ································································ 57
5. 개선계획 수립 ··············································································· 69
6. 영향평가서 및 요약본 작성 ···························································· 72
제3절 이행단계 ··························································································· 86
1. 이행점검 ······················································································· 86
III 영향평가 항목
제1절 개인정보 영향평가 항목 개요 ····························································· 90
제2절 개인정보 영향평가 항목 설명 ·························································· 101
1. 대상기관 개인정보보호 관리체계 ················································ 101
1.1 개인정보보호 조직 ······························································· 101
1.2 개인정보 보호계획 ······························································· 106
1.3 개인정보 침해대응 ······························································· 113
1.4 정보주체 권리보장 ······························································· 118
2. 대상시스템의 개인정보보호 관리체계 ········································· 127
2.1 개인정보취급자 관리 ···························································· 127
2.2 개인정보파일 관리 ······························································· 132
2.3 개인정보 처리방침 ······························································· 139
2.4 공공시스템 내부 관리계획 ···················································· 147
3. 개인정보 처리단계별 보호조치 ···················································· 152
3.1 수집 ····················································································· 152
3.2 보유 ····················································································· 177
3.3 이용‧제공 ·········································································· 181
3.4 위탁 ····················································································· 202
3.5 파기 ····················································································· 210
4. 대상시스템의 기술적 보호조치 ···················································· 218
4.1 접근권한 관리 ······································································ 218
4.2 접근통제 ·············································································· 244
4.3 개인정보의 암호화 ······························································· 263
4.4 접속기록의 보관 및 점검 ······················································ 275
4.5 악성프로그램 등 방지 ··························································· 286
4.6 물리적 접근방지 ·································································· 290
4.7 개인정보의 파기 ·································································· 294
4.8 기타 기술적 보호조치 ··························································· 297
4.9 개인정보 처리구역 보호조치 ··················································· 306
5. 특정 IT 기술 활용 시 개인정보보호 ············································· 311
5.1 고정형 영상정보처리기기 ····················································· 311
5.2 이동형 영상정보처리기기 ····················································· 324
5.3 생체인식정보 ······································································· 331
5.4 위치정보 ·············································································· 334
5.5 가명정보 ·············································································· 338
5.6 자동화된 결정 ······································································ 363
5.7 인공지능(AI) ········································································ 366
부록 1. 개인정보 영향평가서 양식 ····························································· 403
부록 2. 개인정보 영향평가 FAQ ······························································· 445
출처 : 개인정보 영향평가 수행안내서(2025.10. 개정)