Most Read Contributor in South Korea, February 2017
Ⅰ. Background of Amendments
The Financial Supervisory Commission
("FSC") and Financial Supervisory
Service ("FSS") of Korea first published
their "Guidelines on Personal-Information Protection in the
Financial Sector" in July of 2013. The Guidelines were
intended to provide financial institutions with clear standards
with respect to compliance with personal-information-protection
laws such as the Credit Information Use and Protection Act
("CIUPA") and the Personal Information
Protection Act ("PIPA"), and to support
them in fulfilling their responsibilities with respect to
protecting personal (including credit) information. After CIUPA was
later amended and strengthened, a variety of different compliance
approaches arose. Accordingly, the FSS together with eight other
financial-industry associations organized a joint team and released
proposed amended Guidelines on February 2017. The Guidelines were
then finalized after consultation with the FSC and Ministry of
Government Administration and Home Affairs.
Ⅱ. Main Points of Amendments
1. Application of Post-2013 Amendments to Personal-Information
The updated Guidelines now provide detailed information
regarding the various amendments that have made to PIPA and CIUPA
from 2014 onwards. For instance, the Guidelines provide a more
detailed explanation of the amended CIUPA, which allows the
collection, use, and provision to third parties of personal credit
information only if the data subject properly consents. Also, the
Guidelines now contain a separate section for handling resident
registration numbers which, under PIPA, can now only be collected
and used if there is a particular legal basis for it.
2. Clarification of Compliance Standards Concerning Protection
of Credit and Other Personal
Information, With Precedents/Examples
The Guidelines also provide a detailed explanation of the
application priority of the relevant laws for each stage of
handling personal (including credit) information, such as
collection, use, and provision to third parties. There has been
continued confusion in the financial industry regarding the
application priority of the personal-information protection laws
where they regulate the same area in different ways.
In addition, the Guidelines contain the most relevant
precedents, authoritative interpretations, and commentaries so that
companies may use them as a reference in a given case. And detailed
standards for collecting, using, providing to third parties, and
deleting personal credit information, are provided via concrete
examples which take into consideration the particular nature of the
activities of financial companies.
3. Incorporation of Q&As Regarding Protection of Credit and
Information Protection in the Financial Sector
Frequently asked questions raised by financial institutions
over the years have been organized into a total of 82 Q&As in
order to provide more practical assistance.
Ⅲ. Future Plans and Expected Impact
With the release of the newly updated Guidelines, it is expected
that financial institutions will be able to process credit and
other personal information with more confidence and certainty, as
the Guidelines provide more detailed explanation and address
various amendments to the relevant laws and regulations since 2014.
In addition, the authorities announced that they will hereafter
continually update the Guidelines to reflect amendments made to the
personal-information-protection laws and regulations, in order to
provide up-to-date guidance to financial institutions.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In simple words, as a concept, the right to be forgotten means allowing individuals to have their information, videos or photographs deleted from certain internet records so that they cannot be found by search engines.
This will impact many Australian companies and foreign companies in Australia who interact with Australian data subjects.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).