(1) The Protection Commission shall conduct an annual assessment of central administrative agencies and institutions affiliated with such agencies, local governments, or any other institutions prescribed by Presidential Decree for the performance of policies and work for the protection of personal information and the compliance of obligations under this Act (hereinafter referred to as "assessment of the level of personal information protection").
(2) The Protection Commission may require the head of a relevant public institution to submit relevant materials where necessary for the assessment of the level of personal information protection.
(3) The Protection Commission may disclose the results of the assessment of the level of personal information protection on its website, etc.
(4) The Protection Commission may grant awards to exemplary institutions and employees belonging thereto according to the results of the assessment of the level of personal information protection, and recommend improvement to the head of a relevant public institutions, if deemed necessary for the protection of personal information. In such cases, the head of the public institution shall make good faith efforts to comply with the recommendation, and notify the Protection Commission of the results of the measures taken.
(5) Other matters necessary for the criteria, methods, and procedures for the assessment of the level of personal information protection, the scope of data to be submitted under paragraph (2), etc. shall be prescribed by Presidential Decree.