Apr 3, 2013

Korean Information and Communications Network Act: Personal Data Protection in Korea

Under the Korean Act on the Promotion of Information and Communications Network Utilization and Information Protection, Etc. ("ICNT") a Government Notice, that entered into force last month, mandates all the major information services providers and data centers to become Information Security Management Systems certified.

The Notice was a reaction to security breaches that may have revealed confidential information of users of various websites.

The Notice requires all press agencies, on-line shopping malls, web portals and the like with revenue of over KRW 10 million or over 1 million users to become certified or face shutdown and a KRW 10 million fine.

Those required to comply with the notify must be certified by the end of this year. We predict that it may take up to four months for a site to be certified compliant according to a consultant we work with. The new law may be welcomed by foreign and domestic internet security companies and web consultants, but will be a real headache for companies that believe they have already put in place a system that securely manages the personal information of users.

What do you think? Overreaction or necessary in the age of North Korean cyber attacks.
_____
SeanHayes@ipglegal.com

IPG is engaged in projects for companies and entrepreneurs doing business in Bangladesh, Cambodia, China, Korea, Laos, Myanmar, the Philippines, Vietnam and the U.S.

www.ipglegal.com