Previously, Korean personal information protection was considered to be incomplete for covering only the public affairs. On September 30th, 2011, however, Korea enacted personal information protection act and extended its coverage by including private affairs. Since then, Korean personal information protection has become an intact system. The momentum for this extension of the protection range was served by the major personal information leakages centered on the private enterprises. 'SK Broadband', 'Auction online auctioning site', 'Hyundai Capital' cases are the few examples.legal benefit the personal information protection act essentially protects is the rights of informational self-determination. The rights of informational self-determination directly originated from the privacy act, article 17 of the constitutional law. Similar to tranquility of the habitat, personal information falls into the area of privacy and therefore is the subject of constitutional protection. Even though the protection for personal information is the fundamental human rights prescribed by the constitutional law, the absence of practical act to support its protection led to deal its violation only by civil means.as personal information protection law is enacted along with corresponding penalty, the rights of informational self-determination became one of the fundamental human rights that is directly protected by the constitutional law. Violation of the rights of informational self-determination has the property of intruding the control of personal information by the subject of rights. According to this property, the collection and processing of the personal information under the subject's consent is exempted from the punishment.there exists an opposition between how one would describe the exemption of the penalty under consent of the subject of information. One is by distinguishing between agreement which removes the elements of an offense and approval which precludes the wrongfulness. The other one is by deciding either on the circumstances of the removing the elements of an offence or the circumstances precluding wrongfulness. For the latter case, it is often said that it is practically impossible to distinguish between approval and agreement and that no benefit arises from such distinction. However, this is not the case. the violation of the rights of informational self-determination, the consent of the information subject should be considered as agreement that removes the elements of an offence. This is analogous to theft where the violation of ownership of the goods occur. For example, if the owner of goods gives consent and the other acquires them, the elements of an offence are not comprisable.offender of the violation of the rights of informational self-determination is fundamentally the information processor. Here, the information processor can be public institution, corporation, organization, or individuals, etc. who, for business purposes, wish to process personal information by themselves or through the means of other people. According to this definition, all the people who process personal information is the offender. The basic structure of the system is as follows. The person in charge of the information processing is subjected to punishment as offender and the corresponding corporation or organization is fined only when it is subjected to penalty against employer and employee.the violation of the rights of informational self-determination is subjected to punishment except the collection of information without consent. In regards to collection, if the collector does not receive consent from the information subject, only the fine will be levied on him. However, if he commits fraud while obtaining consents, he is subjected to punishment. In regards to sensitive information and identification number, on the other hand, the validity requirements have been tightened up such that additional consent is needed to be exempted from the punishment.seems that the punishment regulation of personal information protection act is comparably well systematized. It is only that too broad range of conduct is incorporated into the subjects of punishment compared to the reality of Korean personal information protection that it is questionable that to what extent the system can actually be effective.