The Personal Information Protection Commission (PIPC) of the Korean government officially announced the revision of the technical safety regulation for personal information on July 21st. We attached it - Korean only - to this blog.
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS061&mCode=C010010000&nttId=11369
We think this revised regulation will be implemented in August. We hope this will have a positive effect on the K-ISMS onsite audit or K-ISMS certification committee's review of the global companies' K-ISMS audit results.
Below is the purpose of the revision and some of the revised contents.
This revision is intended to improve the Internet network blocking system that has been uniformly applied for a long time in response to the rapid development of basic technologies such as artificial intelligence and cloud computing and the transition to a data-centered protection system, and to create an improved personal information processing environment by allowing personal information processors to conduct risk analyses that take into account their own personal information processing environments and differentiate the application of Internet network blocking based on the results, thereby expanding support for the development of new services, etc.
Internet network blocking measures, etc. (Article 6-2): Existing regulations are deleted, and risk base regulations are added
- In the case of computers, etc. that download and destroy personal information from personal information processing systems, if appropriate control measures such as protective measures that can reduce risks are applied by conducting risk analyses according to internal management plans, such computers, etc. can be excluded from the Internet network blocking measures
Storage and inspection of access records (Article 8): Changed from uniform regulatory requirements such as monthly log checks to voluntary regulations
- Access records of ‘persons who access personal information processing systems (excluding data subjects)’ are required to be kept, and the frequency of checking access records, Allows autonomous determination of methods, follow-up procedures, etc.
We hope that this content will help global companies understand Korean compliance when doing business in Korea.
The Personal Information Protection Commission (PIPC) of the Korean government officially announced the revision of the technical safety regulation for personal information on July 21st. We attached it - Korean only - to this blog.
https://www.pipc.go.kr/np/cop/bbs/selectBoardArticle.do?bbsId=BS061&mCode=C010010000&nttId=11369
We think this revised regulation will be implemented in August. We hope this will have a positive effect on the K-ISMS onsite audit or K-ISMS certification committee's review of the global companies' K-ISMS audit results.
Below is the purpose of the revision and some of the revised contents.
This revision is intended to improve the Internet network blocking system that has been uniformly applied for a long time in response to the rapid development of basic technologies such as artificial intelligence and cloud computing and the transition to a data-centered protection system, and to create an improved personal information processing environment by allowing personal information processors to conduct risk analyses that take into account their own personal information processing environments and differentiate the application of Internet network blocking based on the results, thereby expanding support for the development of new services, etc.
Internet network blocking measures, etc. (Article 6-2): Existing regulations are deleted, and risk base regulations are added
- In the case of computers, etc. that download and destroy personal information from personal information processing systems, if appropriate control measures such as protective measures that can reduce risks are applied by conducting risk analyses according to internal management plans, such computers, etc. can be excluded from the Internet network blocking measures
Storage and inspection of access records (Article 8): Changed from uniform regulatory requirements such as monthly log checks to voluntary regulations
- Access records of ‘persons who access personal information processing systems (excluding data subjects)’ are required to be kept, and the frequency of checking access records, Allows autonomous determination of methods, follow-up procedures, etc.
We hope that this content will help global companies understand Korean compliance when doing business in Korea.