What laws apply to the collection and use of individuals’ personal information?
Data privacy laws have become more prominent in recent years. As the amount of personal information available online has grown substantially, there has been an enhanced focus on the processing of personal data, as well as the enforcement of such laws.
The main laws relating to the collection and use of personal information in the Republic of Korea include: the Personal Information Protection Act (PIPA), Enforcement Decree of the PIPA (Presidential Decree No. 28355), Enforcement Rule of the PIPA (Ministry of Interior and Safety Decree No. 14), and Standards of Personal Information Protection Measures (Ministry of Interior and Safety Notice No. 2017-1).
Rights of Individuals
PIPA sets out the rights of data subjects whose personal information is being processed. This includes the right to:
- be informed of the processing of their personal information;
- choose whether to consent and the scope of the consent;
- confirm whether their information is being processed and to request access, including copies;
- suspend the processing and request correction/erasure/destruction of their personal information; and
- to appropriate redress for damages relating to their personal information being processed.
The current authorities responsible for enforcement of data privacy law and regulations in South Korea include the Personal Information Protection Commission and the Ministry of the Interior and Safety:
Personal Information Protection Commission (PIPC) – The PIPC is an independent body established under the Personal Information Protection Act to protect the privacy of individuals. The key role of PIPC is to deliberate on and resolve personal data-related policies, coordinate opinions among government agencies on processing of personal data, etc.
Ministry of the Interior and Safety (MOIS) – The MOIS is responsible for personal data policy development and investigation and the enforcement of personal data protection legislation.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.