On April 26, 2016, Korean law firm Bae, Kim & Lee LLC released a Privacy News Alert outlining amendments to Korea’s Personal Information Protection Act (“PIPA”) and the Act on the Promotion of IT Network Use and Information Protection (“IT Network Act”). According to Tae Uk Kang, partner at Bae, Kim & Lee and author of the alert, these amendments to PIPA and the IT Network Act “reflect the general trend concerning the Korean data privacy policy, which is intended to achieve more stringent regulation (and sanctions) of processing personal information.”

The amendments to PIPA include:

  • introduction of notification requirements for third party transfers;
  • additional security measures for personal information;
  • government authorization for processing of resident registration numbers (“RRNs”);
  • introduction of civil and punitive damages; and
  • encryption of RRNs.

Amendments to the IT Network Act include:

  • reinforced consent requirements for access to smartphone data;
  • strengthened responsibilities of chief privacy officers;
  • introduced punitive damages;
  • confiscation of financial gains in cases of personal information-related crimes;
  • measures to delete access to leaked personal information in the event of a breach;
  • obligation to notify users of fraud;
  • notification requirement for telemarketers regarding how the telemarketer obtained the recipient’s contact information;
  • specification of definitions including “overseas transfer,” “third party provision,” “processing,” “entrustment” and “storage”; and
  • introduced penalties for non-compliance of corrective orders.

Read Bae, Kim & Lee’s Privacy News Alert.