These standards seek to close loopholes and inadequacies in the South Korean data protection law, and to counter data breaches, especially those arising from use of mobile devices.
The standards apply to all data handlers and are designed to prevent the loss, theft, leakage or falsification of personal information. The amended version sets out extensive requirements, increases obligations on data handlers when outsourcing processing, and introduces new security measures for mobile devices.
The standards now require that data handlers actively supervise, manage and monitor outsourcing providers. In addition, ‘mobile devices’ have been added to the definition of personal information processing systems, and data handlers must ensure that all mobile devices are equipped with appropriate security measures, including the encryption of any personal information stored on them.
These standards follow amendments already made to the Personal Information Protection Act 2011, and provide another example of how South Korea is trying to tighten up the security of its personal data following several substantial data breaches.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now