(Impact assessment of the information subject for the information subject Government is review of the PIA introduction is definitely welcome. However, given the sterility which exists in current policy making practices, it will not be easy to establish a system which reflects the protection of individual privacy rights. We must guarantee the people’s right to participate in the assessment procedure. In line with such thinking, participation of people in the preparation of assessments is definitely an essential criterion for establishing a desirable policy.)
On July 1, 2004, the Korean Progressive Network ‘Jinbonet’ held an open conference entitled ‘Tasks and Perspectives of Privacy Impact Assessment’ at the assembly hall of National Human Rights Commission of Korea. The Privacy Impact Assessment (PIA) is about the institutionalization of the process to protect individual privacy.
Following heated controversies and disputes, the introduction of the National Education Information System (NEIS), implemented by the Ministry of Education and Human Resources Department (MEHRD), has failed to protect personal information. If NEIS had been implemented without information subject’s awareness, or if anyone had no power over this issue despite knowing about it, no doubt critical
privacy violations would have occurred.
MEHRD had previously established its policy of NEIS without proper legal basis, disregarding its effects on personal privacy. The resulting public opposition against NEIS has created unnecessary expenditures of public funds. MEHRD has had its authority attacked, budget funding has been wasted and another step towards the Information Society has been delayed.
Although anyone may not be able to recognize its installation, policy or technology, the impact such technology could have on their individual lives is appreciable. If questions arise, knowing how to find answers or address concerns is not being given sufficient attention. The implementation of the PIA is necessary to prevent individuals from being exposed to violation of their privacy as well as protect their rights.
Moreover, it is also necessary to introduce the PIA where privacy issues are a concern in the operation of both private and public organizations. It would tighten restrictions and increase costs in the short term, however, long term benefits would include an avoidance of public outcry.
The PIA was first requested in 2002 by various Korean human rights and civil society organizations. This request is discussed in detail in the organizations proposal regarding the Personal Information Protection Law submitted last June. In November of 2003, the National Computerization Agency and Ministry of Information and Communication jointly announced they were reviewing the application of the Personal Information Protection Impact Assessment. This included public sector information technology architecture relevant to the E-Government. In 2004, the Presidential Committee on Government Innovation and Decentralization also established an institutionalization plan for personal information laws and has been reviewing the introduction of this policy. However, antagonism still prevails between the information subjects and the information collectors.
Upon examination of other countries cases concerning current PIA practice, Jang Yeo-Kyung from Jinbonet presented a plan for assuring practicability of the PIA modeled on the U.S. and Canada. In the U.S. and Canada, it is mandatory to introduce a PIA to projects and businesses implemented by all government agencies and E-Government. In the U.S., government bodies follow PIA guidelines.
However, there are problems with such practices as the assessment is not thorough in terms of its content and follow-ups based on assessment results are not clearly outlined. Assessment practice in Canada distinguishes itself from that of U.S. as there is an independent personal information protection organization supervising assessment results and offers advice based on these results.
Park Jun-woo, a team leader at Citizen’s Action Network, discussed at length each area he felt should be considered in a PIA; Range, Target, Subject, Perspective and Authority.
– The PIA should cover private sectors over a certain size as well as public sectors
– As a subject of the assessment, an independent personal information protection organization should engage with the assessment. For this purpose, establishing clear guidelines for private organizations should be encouraged.
– Assessment should be initiated at the onset of the planning stage of the project
– Based on the assessment result, corrective measures such as adjustments to the plan or even a closure of the project should be strictly enforced.
– A post-assessment to the system should be performed; this is already in place.
Additionally, Jun woo suggested long term options to include the performance of impact assessments whenever requested by consumers, regardless of the size of the project, and demographic research to be conducted to assess possible trends resulting from actual harm inflicted upon consumers resulting from privacy violations.
Lessons from Science and Technology Impact Assessment and Environmental Impact Assessment
Kim Byung-soo, a manager of Peoples Solidarity for Participatory Democracy, argued that allowing consumers to perform the assessment is as unreasonable
as allowing a player to monitor a referee. He pointed out the following problems with Science and Technology Impact Assessment practices:
– The assessment body cannot perform its job as it is under the management of Ministry of Science and Technology;
– The Ministry of Science and Technology in charge of the assessment does not have any authority with regards to other departments;
– The topics for assessment are vague; and
– Selection of topics relies solely on the decision of the Minister of Ministry of Science and Technology.
Park Hey-ryun, a researcher from the Korea Institute for a Sustainable Society, discussed weaknesses of the current Environmental Impact Assessment. Problems include objectiveness of the Assessor, selection of assessment topic coverage, timing and size of assessment, guaranteeing participation of local citizens, and quality standard of the assessment. Her criticisms included the lack of planning for nation-wide projects due to focusing on microscopic projects; too many exception sections in the special law; loopholes for selecting assessments by size (as projects can be initiated in small but get expanded later); and the statement that public hearings as a cursory procedure might have created problems. These precedents gave a significant meaning to the PIA.
Furthermore, Professor Park Jong-chan advised the planning procedures of projects should incorporate consultations rather than as a measurement assessment after completion. He also stressed that we should do more to educate companies about low cost assessments and how it would help improve a corporations image in the private sectors. He emphasized to help this become possible, strict evaluations in the beginning stages are necessary so companies realize it would save costs in the long run should problems arise.
Yoon Hyun-sick, a policy researcher from the Democratic Labor Party, pointed out the impact assessment could potentially be abused as a tool of advertisement thereby justifying technology introduction. He claimed that in order to prevent this from occurring, the public should be able to participate in the actual assessment rather than simply making statements regarding the assessment. Furthermore, that the assessed should not only be determined by size but also but by more comprehensive and well-mixed criteria such as the number of employees, industry type, information type and other relevant criteria.
Impact assessment of the information subject for the information subject
Government is review of the PIA introduction is definitely welcome. However, given the sterility which exists in current policy making practices, it will not be easy to establish a system which reflects the protection of individual privacy rights. We must guarantee the people’s right to participate in the assessment procedure. In line with such thinking, participation of people in the preparation of assessments is definitely an essential criterion for establishing a desirable policy.