Personal Data Protection in Korea under the Korean Information and Communications Network Act

Under the Korean Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc. (“ICNT”) a Government Notice, that entered into force last month, mandates all the major information services providers and data centers to become Information Security Management Systems certified.

The Notice was a reaction to security breaches that may have revealed confidential information of users of various websites.
The Notice requires all press agencies, on-line shopping malls,  web portals and the like with revenue of over KRW 10 million or over 1 million users to become certified or face shutdown and a KRW 10 million fine.

Those required to comply with the notify must be certified by the end of this year.   We predict that it may take up to four months for a site to be certified compliant according to a consultant we work with.  The new law may be welcomed by foreign and domestic internet security companies and web consultants, but will be a real headache for companies that believe they have already put in place a system that securely manages the personal information of users. 

What do you think? Overreaction or necessary in the age of North Korean cyber attacks.

Sean Hayes may be contacted at:

Sean Hayes is co-chair of the Korea Practice Team at IPG Legal. He is the only non-Korean to have worked as an attorney for the Korean court system (Constitutional Court of Korea) and one of the first non-Koreans to be a regular member of a Korean law faculty.

Similar Posts:

Leave a Reply