Under the Korean Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc. (“ICNT”) a Government Notice, that entered into force last month, mandates all the major information services providers and data centers to become Information Security Management Systems certified.
The Notice was a reaction to security breaches that may have revealed confidential information of users of various websites.
The Notice requires all press agencies, on-line shopping malls, web portals and the like with revenue of over KRW 10 million or over 1 million users to become certified or face shutdown and a KRW 10 million fine.
Those required to comply with the notify must be certified by the end of this year. We predict that it may take up to four months for a site to be certified compliant according to a consultant we work with. The new law may be welcomed by foreign and domestic internet security companies and web consultants, but will be a real headache for companies that believe they have already put in place a system that securely manages the personal information of users.
What do you think? Overreaction or necessary in the age of North Korean cyber attacks.
Sean Hayes may be contacted at: SeanHayes@ipglegal.com.
Sean Hayes is co-chair of the Korea Practice Team at IPG Legal. He is the only non-Korean to have worked as an attorney for the Korean court system (Constitutional Court of Korea) and one of the first non-Koreans to be a regular member of a Korean law faculty.
- Korea Increases Penalties For Data Breach and Unauthorized Transfer of Data: Korea Communications Commission
- Korean Data Privacy Act: Need for Compliance Audit for your Korean Company
- Google Korea Faces New Lawsuit over Data-sharing Concerns: New Technology Company Challenges in Korea
- Korea’s Data Privacy and Data Protection Law
- Korea Strengthens Data Protection Law
- Korean Data Privacy: Korean National Assembly passes the Second Major Amendment to the Personal Information Protection Act of Korea
- South Korea still Required to use Internet Explorer due to 1999 Law
- New Provisions regarding the Korean Act on Reporting and Using Specified Financial Transaction Information
- Korea prepares itself for Big Data-driven 4th Industrial Revolution: Korean Data Protection Laws Revised