The amendments to PIPA include:
- introduction of notification requirements for third party transfers;
- additional security measures for personal information;
- government authorization for processing of resident registration numbers (“RRNs”);
- introduction of civil and punitive damages; and
- encryption of RRNs.
Amendments to the IT Network Act include:
- reinforced consent requirements for access to smartphone data;
- strengthened responsibilities of chief privacy officers;
- introduced punitive damages;
- confiscation of financial gains in cases of personal information-related crimes;
- measures to delete access to leaked personal information in the event of a breach;
- obligation to notify users of fraud;
- notification requirement for telemarketers regarding how the telemarketer obtained the recipient’s contact information;
- specification of definitions including “overseas transfer,” “third party provision,” “processing,” “entrustment” and “storage”; and
- introduced penalties for non-compliance of corrective orders.