31 lines
1.3 KiB
Org Mode
31 lines
1.3 KiB
Org Mode
:PROPERTIES:
|
|
:ID: auto-pipa
|
|
:CREATED: [2026-05-23 Sat]
|
|
:END:
|
|
#+title:
|
|
#+filetags: :passepartout:compliance:framework:pipa:
|
|
|
|
|
|
South Korea's comprehensive privacy law (enacted 2011, major amendments 2023
|
|
and 2024). One of the strictest privacy regimes globally. Key requirements:
|
|
consent, data minimization, purpose limitation, mandatory privacy impact
|
|
assessment, data protection officer, breach notification within 72 hours,
|
|
cross-border transfer restrictions, right to request data transmission
|
|
(portability). The Personal Information Protection Commission (PIPC) enforces
|
|
aggressively.
|
|
|
|
Penalties: Up to 3% of revenue (raised from 0.5% in 2024 amendments). Criminal
|
|
penalties up to 5 years imprisonment. PIPC has levied fines of 100B+ KRW (~$75M)
|
|
against major tech companies. Class action lawsuits permitted.
|
|
|
|
Who must comply: Any organization handling personal information of South Korean
|
|
residents. Extraterritorial scope is broad and actively enforced.
|
|
|
|
Why it matters: PIPA is structurally similar to GDPR but with stricter
|
|
enforcement and higher penalties relative to market size. The gate stack's
|
|
purpose-boundary gates map directly to PIPA's purpose limitation requirement.
|
|
First-mover advantage is large — PIPA has fewer compliance automation vendors
|
|
than GDPR, and the 2024 amendments (stricter consent, higher fines) are still
|
|
settling.
|
|
|