gbrain: sync converted org-mode brain files

2026-05-23 06:35:21 +00:00
parent 3f38e87f4f
commit 44299599f9
38 changed files with 1248 additions and 856 deletions
--- a/ideas/compliance/pipa.org
+++ b/ideas/compliance/pipa.org
@@ -0,0 +1,30 @@
+:PROPERTIES:
+:ID:       auto-pipa
+:CREATED:  [2026-05-23 Sat]
+:END:
+#+title: 
+#+filetags: :passepartout:compliance:framework:pipa:
+
+
+South Korea's comprehensive privacy law (enacted 2011, major amendments 2023
+and 2024). One of the strictest privacy regimes globally. Key requirements:
+consent, data minimization, purpose limitation, mandatory privacy impact
+assessment, data protection officer, breach notification within 72 hours,
+cross-border transfer restrictions, right to request data transmission
+(portability). The Personal Information Protection Commission (PIPC) enforces
+aggressively.
+
+Penalties: Up to 3% of revenue (raised from 0.5% in 2024 amendments). Criminal
+penalties up to 5 years imprisonment. PIPC has levied fines of 100B+ KRW (~$75M)
+against major tech companies. Class action lawsuits permitted.
+
+Who must comply: Any organization handling personal information of South Korean
+residents. Extraterritorial scope is broad and actively enforced.
+
+Why it matters: PIPA is structurally similar to GDPR but with stricter
+enforcement and higher penalties relative to market size. The gate stack's
+purpose-boundary gates map directly to PIPA's purpose limitation requirement.
+First-mover advantage is large — PIPA has fewer compliance automation vendors
+than GDPR, and the 2024 amendments (stricter consent, higher fines) are still
+settling.
+