Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
South Korea: PIPC publishes manual for personal information leaks
On April 29, 2024, the Personal Information Protection Commission (PIPC) published a manual for responding to personal information leaks. The PIPC stated that in the event of loss, theft, or leakage of personal information being processed, rapid response and action should be taken to prevent the spread of damage and to provide relief to the information subject. The PIPC also mentioned that the manual offers details regarding prompt response to accidents and methods to minimize damage and also guidance on several areas including information that must be reported to the PIPC or the Korean Internet and Security Agency (KISA).
The PIPC noted that the manual may be applied differently depending on several factors, including:
the type of personal information being processed;
the processing method and environment; and
the type of data subjects for which personal information is being processed.
The PIPC highlighted that generally if personal information is leaked, Article 34 of the Personal Information Protection Act (PIPA) applies. However, for credit information companies Article 39-4 of the Credit Information Act will apply first.
You can read the manual and press release, only available in Korean, here.