Article 25
Policy on Operation and Management of Fixed Visual Data Processing Devices
(1) Each fixed visual data processing device operator shall establish a policy to operate and manage fixed visual data processing devices including the following matters pursuant to Article 25 (7) of the Act:
- The statutory ground and purpose for installing the fixed visual data processing devices;
- The number of the fixed visual data processing devices installed, the locations of installation, and the scope of photographing;
- The manager and department in charge, and the person who is entitled to access the visual data;
- The duration of filming, retention period, retention place, and processing method of the visual data;
- How and where the fixed visual data processing device operator checks the visual data;
- The measures taken to deal with the data subject’s request to access the visual data;
- The technical, managerial, and physical safeguards to protect the visual data;
- Other matters necessary to install, operate, and manage the fixed visual data processing devices.
(2) Article 31 (2) and (3) shall apply mutatis mutandis to the disclosure of the policy to operate and manage fixed visual data processing devices established pursuant to paragraph (1). In such cases, “personal information controller” shall be construed as “fixed visual data processing device operator”, “Article 30 (2) of the Act” as “Article 25 (7) of the Act”, and “Privacy Policy” as “policy to operate and manage fixed visual data processing devices”, respectively.