By James Lim
May 12 --Recent data breach amendments ( Bill No. 10479) to South Korea's framework data protection law increase available fines; lower the liability threshold that regulators must show to levy fines; allow compensation of individual plaintiffs without a showing of damages; and require notification of affected individuals within 24 hours of discovering a breach, a Korea Communications Commission (KCC) official told Bloomberg BNA May 12.
Under the amendments, companiesthat lose online personal information may face fines equivalent to 3 percent of their revenue, attributable to any violation of data protection provisions.
The limit on revenue-based fines for poor data security leading to a data breach is now 1 percent under the statute. In all previous data breach cases, responsible companies were fined only as much as 100 million Korean won ($97,600)--the maximum fine available when there is no evidence of deliberate negligence.
"These legal limitations have prevented effective enforcement of meaningful sanctions," Eom Yeol, director of the Privacy Protection and Ethics Division at the KCC, said.
The amendments to the Act on the Promotion of Information Communication Network Utilization and the Protection of Information, which passed the National Assembly May 2, will take effect in six months, Eom said.
Another important change is the elimination of a provision that requires evidence of deliberate negligence to enforce a revenue-based fine, Eom said. "Businesses will be held liable for a data breach with or without proven fault on their part."
The amendment also authorizes courts to award compensation of up to 3 million Korean won ($2,900) to each consumer complainant in a data breach case with no need to verify damage claims. "This will give companies a strong reason to upgrade their data security standard voluntarily," Eom said.
The amended law will require companies to alert customers within 24 hours of discovering a breach.
The amended law required companies to dispose of protected personal information in a manner to ensure it may not be recovered and misused.
Under the new law, businesses are required to obtain consumers' opt-in consent to accept marketing messages delivered through all channels, including via e-mail and mobile phone text messages.
The South Korean financial sector and other regulators have been working to increase data security oversight in the wake of a massive data breach involving three large credit card companies (13 PVLR 183, 1/27/14).
By James Lim
To contact the reporter on this story: James Lim in Seoul at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Bill No. 10479 is available, in Korean, at http://likms.assembly.go.kr/bill/jsp/BillDetail.jsp?bill_id=PRC_K1V4V0O2U2M7N0L0Z3B1T3J8X6Z0E9.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).