On July 30, 2013, the Korean Ministry of Security and Public Administration announced several amendments to the Personal Information Protection Act (PIPA). The amended PIPA came into force on 7 August 2014 and implements new strict penalties for failing to protect customer data, including fines of KRW100 million (approx. £60,000) and/or ten years’ imprisonment. Companies are prohibited from collecting resident registration numbers but are awarded incentives, in the form   of a reduction of corporation tax rates, if they invest in fighting cyber-attacks.