South Korea enacted its first comprehensive data security act, the Personal Information Protection Act (PIPA), in 2011. PIPA established rules for the collection, processing, transfer, and protection of personal information, as well as post-breach notification procedures. The original act authorized fines and even imprisonment for violations of PIPA. In July 2015, the legislature amended PIPA to authorize both statutory (up to three million Korean won) and punitive damages in private actions. The amendments are expected to take effect next year.