Assessment of Personal Information Breach Incident Factors
(1) The head of a central administrative agency shall request the Protection Commission to assess the factors of personal information breach incident where a policy or system that entails personal information processing is adopted or changed by the enactment or amendment of any statute under his or her jurisdiction.
(2) Upon receipt of a request made pursuant to paragraph (1), the Protection Commission may advise the head of the relevant agency of the matters necessary to improve the relevant statute or regulation by analyzing and reviewing the personal information breach incident factors of such statute or regulation.
(3) Matters necessary for the procedure and method to assess the personal information breach incident factors under paragraph (1) shall be prescribed by Presidential Decree.