Are there any data breach notification requirements?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
In the Republic of Korea, employers who become aware of a data breach must notify impacted individuals in writing without delay, once contingent measures have been taken to protect the data and limit the impact of the breach (such as shutting down weak points, deleting information that’s at risk, etc.) (Personal Information Protection Act (PIPA), Art. 34).
Notification should include:
- the details of what has been disclosed;
- when/how information was divulged;
- steps individuals can take to minimize their risk of damage;
- steps the employer has taken to reduce and correct any damages; and,
- help desk and other employer contact details so impacted individuals can report damages.
If the personal data impacts 10,000 or more individuals, the employer must report the results of the notification and the results of countermeasures taken to the Minister of the Interior along with the Korea Internet and Security Agency (Enforcement Decree of the Personal Information Act, Art. 39).
HR Best Practices: Employers should develop and implement a data breach action plan with notification, incident documentation and response procedures.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.