South Korea’s PIPA Compliance

The Vormetric Data Security Platform from Thales eSecurity provides the security controls that enable organizations to comply with PIPA and reduce their exposure to data breaches

APAC Map

Regulation

Active now

South Korea’s PIPA

One of the strictest data protection regimes in the world, South Korea’s Personal Information Protection Act is supported by sector-specific legislation related to IT and communications networks (the IT Network Act) and the use of credit information (the Use and Protection of Credit Information Act).

Thales eSecurity can help your organization comply with these rules through:

  • Data encryption and access control;
  • Security intelligence;
  • Application encryption.
Personal Information Protection Act
Regulation Summary

Breach Notification: PIPA places many obligations on organizations in both the public and private sectors, including mandatory data breach notification to data subjects and other authorities including the Korean Communications Commission (KCC).

Data Security: PIPA imposes a duty on information managers (i.e. data controllers) to take the "technical, administrative and physical measures necessary for security safety … to prevent personal information from loss, theft leakage, alteration or damage."

Official Policy Statement: Organizations are required to establish an official statement of those security measures.

Internal Privacy Officer: An internal privacy officer must be appointed (regardless of the size or nature of the organization) to oversee data processing activities. The internal privacy officer will be held accountable, and be subject to any criminal investigations following a breach.

Encryption for PII

Article 24(3) of PIPA places express restrictions on the management of unique identifying information, and requires information managers to take "necessary measures, … including encryption," in order to prevent loss, theft, leakage, alteration or damage. Similarly, Articles 25(6) and 29 require "necessary measures" to be implemented to ensure that personal information may not be lost, stolen, altered or damaged.

Strict Enforcement

South Korea also has a track record of enforcement of data protection laws. Chapter 9 of PIPA contains severe sanctions for data security breaches including substantial fines and imprisonment – up to 50 million won in fines and imprisonment of up to five years are potential consequences.

The Vormetric Data Security Platform

The Vormetric Data Security Platform from Thales eSecurity provides core capabilities that both meet requirements for encryption and provide extended protection for organizations from the strict consequences spelled out under PIPA. Usable across data centers, cloud environments and big data implementations, the platform provides a single, cost-effective solution and infrastructure set to multiple data protection challenges under the law.

Vormetric Transparent Encryption

With Vormetric Transparent Encryption from Thales eSecurity organizations can lock down data within file systems and volumes using encryption and only allow access to protected information to programs and accounts that require access to the data for their work. Data is only decrypted for these accounts, while system administrators and other privileged users can perform their work but will see only encrypted data blocks. This greatly reduces an organization’s exposure to both insider threats, and outside attacks by hackers – as only a very limited set of accounts and programs can access data.

Vormetric Security Intelligence

Vormetric Security Intelligence from Thales eSecurity provides audit log data that enables organizations to quickly identify accounts trying to access protected information (authorized or not) and can be integrated with a Security Information and Event Management (SIEM) system for identification of unusual access patterns by authorized users that may represent a threat.

Vormetric Application Encryption

Vormetric Application Encryption from Thales eSecurity enables organizations to build encryption directly into corporate applications using a standard programming library and set of application interfaces – extending data protection to the web and other custom applications directly.

Research and Whitepapers : Fieldfisher: 2014 Global Compliance: The legal obligations for encryption of personal data in the United States, Europe, Asia and Australia

Updated for 2014, this document examines the global legal obligations to encrypt personal data – included both national and industry drivers. National focuses include the EU (the United Kingdom, France, Germany and Spain), the USA, Asia (Singapore, South Korea, Japan and Taiwan) and Australia.

Download

Other key data protection and security regulations

Philippines Data Privacy Act

GDPR Thumbnail

Regulation

Active now

The Philippines Data Privacy Act adopts international principles and standards for personal data protection and apply to the processing of personal data across both government and private sector.

Learn More

South Korea’s PIPA

GDPR Thumbnail

Regulation

Active now

One of the strictest data protection regimes in the world, it is supported by two pieces of sector specific legislation related to IT and communications networks and the use of credit information.

Learn More

Australia Privacy Act

eIDAS

Regulation

February 2018

Australia's Privacy Act establishes a mandatory requirement to notify the Privacy Commissioner and affected individuals of data breaches. It will take effect on February 22, 2018.

Learn More
Contact a Compliance Specialist Contact Us
Are you fit for GDPR Take our readiness assessment now
Read the Compliance and Regulations Solutions Handbook Read the eBook
インタラクティブなデモを閲覧する デモ
ライブデモの申し込み デモの申し込み
スペシャリストへのコンタクト お問い合わせ