Licensees are required to protect critical digital assets (CDAs) in nuclear facilities against cyber-attacks, up to and including design basis threat (DBT), according to「ACT ON PHYSICAL PROTECTION AND RADIOLOGICAL EMERGENCY」. However, CDAs may be excluded from cyber security regulations at nuclear power plant decommissioning, and this may lead to severe consequences if the excluded CDAs contain sensitive information such as the number and location of nuclear fuels and information on security officers. In that case, that information could be leaked to the adversary without adequately removing the information before discarding the CDAs. It can be potentially abused to threaten nuclear facilities inducing radiological sabotage and nuclear material theft. So, controls of sensitive information are needed. This study aims to derive regulatory improvements related to discarding CDAs that have sensitive information by analyzing foreign cases such as IAEA and U.S. NRC. The sensitive information in the IAEA guide is the following: (1) details of physical protection systems and any other security measures in place for nuclear material, other radioactive material, associated facilities, and activities; (2) information relating to the quantity and form of nuclear material or other radioactive material in use or storage; (3) information relating to the quantity and form of nuclear material or other radioactive material in transport; (4) details of computer systems; (5) contingency and response plans for nuclear security events; (6) personal information; (7) threat assessments and security alerting information; (8) details of sensitive technology; (9) details of vulnerabilities or weaknesses that relate to the above topics; (10) historical information on any of the above topics. In the case of the U.S. NRC, they categorize sensitive information into three groups: (1) classified information, (2) safeguard information (SGI), (3) sensitive unclassified non-safeguards information (SUNSI). Classified information is information whose compromise would cause damage to national security or assist in manufacturing nuclear weapons. The SGI concerns the physical protection of operating power reactors, spent fuel shipments, strategic special nuclear material, or other radioactive material. Finally, SUNSI is generally not publicly available information such as personnel privacy, attorney-client privilege, and a confidential source. IAEA recommends protecting the above sensitive information in accordance with NSS No.23-G (Security of Nuclear Information), and NRC protects classified information, SGI, and SUNSI under relative laws. In the case of ROK, if security control measures are enhanced CDAs that possess sensitive information, the risk of information leakage will be decreased when those CDAs are discarded.

민감정보는 ‘사생활 침해의 현저성’ 등을 이유로 일반적인 개인정보와 달리 취급하도록 요구된다. 「개인정보 보호법」과 「정보통신망법」은 각각 민감정보에 대하여 규율하고 있으나 그 유형 및 기준이 조금씩 다 르다. 특히 최근 정보통신서비스 제공과정에서 생체정보나 개인영상정보 등이 많이 활용되고 있는바 그러한 정보가 민감정보에 해당되는지, 그렇 다면 일반적인 개인정보와 달리 특별히 규율할 필요성이 있는지에 대하 여 검토할 필요가 있다. 또한 정보통신서비스 제공자와 이용자 간의 관 계를 규율하는 「정보통신망법」은 개인정보에 대한 일반법이라 할 수 있는 「개인정보 보호법」과의 정합성, 해외 입법과의 조화, 정보통신서 비스의 특수성을 반영하여 규율되어야 한다. 따라서 본 고에서는 정보통 신서비스 제공과정에 있어서 민감정보의 활용쟁점을 검토한 후 현행법상 민감정보 규율 내용과 한계를 분석하고 「정보통신망법」상 민감정보 규 율의 개선방안을 제안하였다. 그 주요내용으로 법률의 명확성, 개인정보 보호법과의 정합성 측면에서 “민감정보” 규정방식을 한정적 열거방식으 로 수정할 것을 제안하였다. 또한 민감정보의 유형으로서 생체정보, 건 강·성생활·성적 성향에 대한 정보, 유전정보 등이 추가되어야 하며, 민 감정보 처리의 허용을 무조건 법률에 위임할 것이 아니라 일정한 기준에 부합하는 경우에만 다른 법률에서 처리할 수 있는 방안을 제안하였다. 또한 민감정보의 관리, 보관, 파기 등에 있어서 특칙 필요성을 검토하였다.

Provider-oriented weather information has been rapidly changing to become more customer-oriented and personalized. Given the increasing interest in wellness and health topics, the demand for health weather information, and biometeorology, also increased. However, research on changes in the human body according to weather conditions is still insufficient due to various constraints, and interdisciplinary research is also lacking. As part of an effort to change that, this study surveyed medical practitioners at an actual treatment site, using questionnaires, to investigate what kind of weather information they could utilize. Although there was a limit to the empirical awareness that medical staff had about weather information, most respondents noted that there is a correlation between disease and weather, with cardiovascular diseases (coronary artery disease (98.5%) and hypertension (95.9% ), skin diseases (atopic dermatitis (100%), sunburn (93.8%)) being the most common weather-sensitive ailments. Although there are subject-specific differences, most weather-sensitive diseases tend to be affected by temperature and humidity in general. Respiratory and skin diseases are affected by wind and solar radiation, respectively.