amr/hermes-brain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reorganize brain: projects/ top level, rename filenames, update homepage

Browse Source 
- Moved everything from ideas/passepartout/ to projects/passepartout/
- Moved legal structures to projects/flags/
- Created missing _index.org files for all subdirectories
- Stripped redundant passepartout- prefix from filenames
- Rewrote root _index.org as generalized brain index (projects + concepts)
- Updated Hugo nav to Projects/Concepts
- Updated build script section descriptions
- Deleted stale ideas/passepartout-economics.md orphan
This commit is contained in:
Hermes
2026-05-24 18:54:14 +00:00
parent 4b60244919
commit 0a8e77e949
119 changed files with 177 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
projects/passepartout/strategy/compliance/pipa.org Normal file
View File

@@ -0,0 +1,31 @@
:PROPERTIES:
:ID: e777064d-9950-42d5-980d-8c78cda91500
:ID: auto-pipa
:CREATED: [2026-05-23 Sat]
:END:
#+title: PIPA (Personal Information Protection Act — South Korea)
#+filetags: :passepartout:compliance:framework:pipa:
South Korea's comprehensive privacy law (enacted 2011, major amendments 2023
and 2024). One of the strictest privacy regimes globally. Key requirements:
consent, data minimization, purpose limitation, mandatory privacy impact
assessment, data protection officer, breach notification within 72 hours,
cross-border transfer restrictions, right to request data transmission
(portability). The Personal Information Protection Commission (PIPC) enforces
aggressively.
Penalties: Up to 3% of revenue (raised from 0.5% in 2024 amendments). Criminal
penalties up to 5 years imprisonment. PIPC has levied fines of 100B+ KRW (~$75M)
against major tech companies. Class action lawsuits permitted.
Who must comply: Any organization handling personal information of South Korean
residents. Extraterritorial scope is broad and actively enforced.
Why it matters: PIPA is structurally similar to [[id:513d5996-4ac7-4567-a992-18fc01599104][GDPR]] but with stricter
enforcement and higher penalties relative to market size. The gate stack's
purpose-boundary gates map directly to PIPA's purpose limitation requirement.
First-mover advantage is large — PIPA has fewer compliance automation vendors
than GDPR, and the 2024 amendments (stricter consent, higher fines) are still
settling.