On 7 July 2015 South Korea published an amendment to its Personal Information Protection Act which was passed on 6 July (Amendment). The Amendment adds punitive and statutory damages to the statute.  This is a further move to more stringent requirements and penalties in relation to data privacy in South Korea.  The Amendment allows South Korean courts to award damages up to three times the actual damage suffered as a result of a data security incident.  It will become effective in July 2016.

What action could be taken to manage risks that may arise from this development?

Companies should review any data processing activities in South Korea to ensure they are compliant as the risk posed by enforcement action for breach will now be much higher.