• On September 9, 2015, the Ministry of Science, ICT and Future Planning (the “MSIP”) established and announced the “Information Protection Measures for Vitalization of Cloud Services” in anticipation that the use of cloud computing would actively increase based on the implementation of the Act on Cloud Computing Advancement and User Protection (the “Cloud Computing Act”) on September 28, 2015.  The Cloud Computing Act was legislated in March of this year.
  • The MSIP plans to push ahead with the following tasks in phases until 2019 in order to alleviate concerns regarding information protection for cloud users and to foster a safe cloud use environment:
    1. Improvement on Cloud Enterpriser’s Information Security Level and Establishment of Accident Response System
      • Prepare and implement standards for cloud information protection including administrative and technical measures that cloud enterprisers must comply with in order to protect information
      • Establish and operate a cloud information-sharing analytical center as a prevention system for cloud infringement accidents, and manage infringement accident response team to minimize damages if such accidents occur
    2. Establishment of Foundation for Cloud User Protection
      • Complete legislation of the accompanying Enforcement Decree by September in order to assure smooth implementation of the provisions regarding user information protection (see table below) included in the Cloud Computing Act:

Click here to view image.

  • Introduce user information deposit system to prevent loss of information by users and secure interoperability among different cloud services
  • Establish and disseminate standard agreement regarding the use of cloud service in order to prevent damages to users and prepare “Standard on Cloud Service Quality and Performance”
  • Open a user protection window to provide efficient responses to infringement accidents and prepare and distribute “Guidelines on Safe Cloud Use”
  • The “Information Protection Measures for Vitalization of Cloud Services” is related to the enhancement of credibility in cloud computing services and user protection as specified in Article 4 of the Cloud Computing Act.  The above measures attempt to alleviate the concerns with information security breaches, which is the gravest obstacle that currently impedes the vitalization of the cloud services, thereby instilling user confidence.  The above measures can be deemed to reflect the recent trend in gradual enhancement of information protection-related regulations.  Therefore, cloud computing service providers should examine their shortcomings in connection with the risk involved in information protection and establish and implement measures to remedy such shortcomings in advance.