미국의 개인정보보호법제에 대한 분석과 시사점

Some Analyses on the Legal Regime of Data Protection in the United States

  The current United States legal regime of data protection can be characterized by a sort of dual and sectoral system The "dual" means that the personal data in the public and private sectors are protected by the distinct protection laws respectively. The "sectoral" means that there is no comprehensive data protection law in the private sector. In this sense, the current Korean legal regime is similar to the United States. But the two countries are very different in that the United States has had a strict and efficient regulatory system of data protection for a long time in the public sector while it has focused on some sort of market-centered self-regulation in the private sector.   This article describes the United States legal regime of data protection, especially the enforcement system in the public and private sectors, and then picks out some suggestive points for the Korean regime. Chapter Ⅱ considers the United States dual and sectoral legislative system and its theoretical background. Chapter Ⅲ describes the current, various data protection laws in the United States. Chapter Ⅳ analyzes the enforcement system of the public sector in the federal level. Chapter Ⅴ explains the enforcement system of the private sector in the federal level.   The suggestive points for the Korean data protection regime are as follows:   First, the suggestive significance of the United States differentiated approach between public and private sectors consists in the difference of philosophy and protection level in both sectors. In fact, since the dangers of privacy violations in the public sector are higher than in the private sector, the public one need to have more strict regulatory regime than the private one. The current Korean regime is out of balance between the both sectors. The Korean data protection mechanisms in the public one is feeble and insufficient.   Second, the American Privacy Act regulates the common use of records through the method of computer matching between two agencies. But the Korean counterpart Act does not regulate the computer matching.   Third, the United States data protection regime in the private sector have made best use of the market-centered self-regulation while recognizing the value and necessity of processing consumer"s data. The Korean regime should not depend heavily upon the public regulatory mechanism in the private sector.