- Page 1: Data Security Compliance
- Page 2: EU Data Security Compliance
- Page 3: Japan Data Security Compliance
- Page 4: Korea Data Security Compliance
- Page 5: Australia Data Security Compliance
- Page 6: U.S. Data Security Compliance
Korea Data Security Compliance
National Legislation:
- The Personal Information Protection Act 2011 (PIPA), additionally supported by:
- The Act on Promotion of Information and Communication Network Utilization and Information Protection 2013
- The Use and Protection of Credit Information Act 2013 (UPCIA)
Scope of Legislation:
- Applies to Korean companies and companies that are established abroad but process personal information in Korea.
- Public institutions, corporate bodies, organizations or individuals who manage personal information directly or via another person.
- Any personnel who is delegated with the responsibility to process personal information (responsible for compliance).
Security Method/Requirements:
- Data controllers must take “technical, administrative, and physical measures necessary for security safety […] in order to prevent personal information from loss, theft leakage, alteration or damage”. These may include:
- Appointing an internal privacy officer and establishing an official statement of security.
- Implementing limitations to access and control, store access records, apply encryption technology, install, and renew security programs.
International Transfer of Data:
- Requires consent from the information subject prior to any transfer of personal information to a third party.
- Any transfer of personal information abroad must be preceded by not only consent but also certain technical, managerial, and physical protection measures.
Other Details:
- The Ministry of Government Administration and Home Affairs (MOGAHA) has guidelines and details of required security measures.
- The legislation states that security needs “necessary measures” and mentions the use of safeguards “including encryption”.
Continue: Australia Data Security Compliance
Related Posts