Sunday, August 30, 2015
South Korean Government Clamping Down on Data Breaches
On August 24, it was reported that the South Korean government announced an amendment to the country's Personal Information Protection Act that would require companies to pay up to three times the damage caused by the "loss, theft, leakage, forgery, alternation or impairment of personal information because of a deliberate act or serious error." Under the amendment, individual consumers will be able to claim damages of up to 3 million won (or about $2,500) each. Given the numerous data breaches affecting millions of individuals in South Korea in recent years, this could result in huge penalties rivaling those under consideration in the European Union. In addition, the amendment will also give the country's Personal Data Protection Committee greater powers, including dispute handling and the ability to recommend policy and system changes. The status of the amendment, including whether it has been introduced into the National Assembly, was not indicated. In a related development, the Korean Communications Commission (KCC) announced implementation of a new penalty reduction scheme, under which companies that voluntarily report data breaches will receive a 30% reduction in any administrative fine imposed by the KCC.