The Financial Supervisory Commission (“FSC”) and Financial Supervisory Service (“FSS”) of Korea first published their “Guidelines on Personal-Information Protection in the Financial Sector” in July of 2013. The Guidelines were intended to provide financial institutions with clear standards with respect to compliance with personal-information-protection laws such as the Credit Information Use and Protection Act (“CIUPA”) and the Personal Information Protection Act (“PIPA”), and to support them in fulfilling their responsibilities with respect to protecting personal (including credit) information. After CIUPA was later amended and strengthened, a variety of different compliance approaches arose. Accordingly, the FSS together with eight other financial-industry associations organized a joint team and released proposed amended Guidelines on February 2017. The Guidelines were then finalized after consultation with the FSC and Ministry of Government Administration and Home Affairs. The updated Guidelines now provide detailed information regarding the various amendments that have made to PIPA and CIUPA from 2014 onwards. For instance, the Guidelines provide a more detailed explanation of the amended CIUPA, which allows the collection, use, and provision to third parties of personal credit information only if the data subject properly consents. Also, the Guidelines now contain a separate section for handling resident registration numbers which, under PIPA, can now only be collected and used if there is a particular legal basis for it.

2. Clarification of Compliance Standards Concerning Protection of Credit and Other Personal

The Guidelines also provide a detailed explanation of the application priority of the relevant laws for each stage of handling personal (including credit) information, such as collection, use, and provision to third parties. There has been continued confusion in the financial industry regarding the application priority of the personal-information protection laws where they regulate the same area in different ways. In addition, the Guidelines contain the most relevant precedents, authoritative interpretations, and commentaries so that companies may use them as a reference in a given case. And detailed standards for collecting, using, providing to third parties, and deleting personal credit information, are provided via concrete examples which take into consideration the particular nature of the activities of financial companies.

3. Incorporation of Q&As Regarding Protection of Credit and Other Personal

Frequently asked questions raised by financial institutions over the years have been organized into a total of 82 Q&As in order to provide more practical assistance. With the release of the newly updated Guidelines, it is expected that financial institutions will be able to process credit and other personal information with more confidence and certainty, as the Guidelines provide more detailed explanation and address various amendments to the relevant laws and regulations since 2014. In addition, the authorities announced that they will hereafter continually update the Guidelines to reflect amendments made to the personal-information-protection laws and regulations, in order to provide up-to-date guidance to financial institutions.  

Future Plans and Expected Impact

With the release of the newly updated Guidelines, it is expected that financial institutions will be able to process credit and other personal information with more confidence and certainty, as the Guidelines provide more detailed explanation and address various amendments to the relevant laws and regulations since 2014. In addition, the authorities announced that they will hereafter continually update the Guidelines to reflect amendments made to the personal-information-protection laws and regulations, in order to provide up-to-date guidance to financial institutions.