Personal Information Protection Act In Act.

In a major victory for consumer rights, South Korea promulgated a massive rewrite of its Personal Information Protection Act. This amendment is being called the most consequential in a decade due to its strict new enforcement mechanisms. For serious or repeat data breaches, regulators can now fine companies of their total annual turnover, moving away from small, flat-rate fines that were previously seen as just a cost of doing business. For the first time, the law places personal supervisory liability on CEOs. This means top executives can be held legally responsible for systemic failures in data protection at their firms. To balance the strict penalties, the law includes a fine-reduction clause for companies that can prove they have made substantial, verifiable investments in privacy personnel and high-end security equipment.

©YovaniBernard