One-Stop Response to Hacking Incidents with Legal, Regulatory, and Technical "Trident": Hwawoo Information Security Center [Invest&Law]

by Yeom Dayeon

Published 29 Apr.2026 08:49(KST)

Hwawoo Launches Korea's First Law Firm Information Security Center
Proactive Security Governance Support Ahead of Amended Personal Information Protection Act
Leading Response to Next-Generation Threats Including AI and Quantum Cryptography

"Issues related to information security are no longer limited to simple personal data consultations. When an incident occurs, legal review, regulatory response, and technical analysis must all proceed simultaneously."

Attorney Kwangwook Lee (from the left), Attorney Sugyeong Lee, Attorney Geunwoo Lee, and Research Fellow Jaewon Ji of Hwawoo Law Firm are posing for a photo. Photo by Dongju Yoon

On April 29, Attorney Geunwoo Lee, Head of the Information Security Center at Hwawoo Law Firm, described the center’s role in an interview with The Asia Business Daily. In September 2021, Hwawoo was the first Korean law firm to launch a dedicated "Information Security Center." The center was established proactively in response to the evolving landscape, where amendments to the Personal Information Protection Act brought about a reorganization of related regulations centered on the Personal Information Protection Commission, and responses to hacking and data leak incidents have expanded beyond legal advice to include technical analysis, forensics, and regulatory investigations.

The Hwawoo Information Security Center is a specialized organization comprising more than 30 experts in the legal, regulatory, and technical fields, covering a broader spectrum of assets such as trade secrets and national core technologies, which are key assets for companies. Kwangwook Lee, Head of the New Business Group, explained, "The recent trend is integrated response not only to corporate privacy matters but also to investigations by overseas regulatory authorities and global disputes," adding, "Hwawoo has established a structure for seamless one-stop handling of legal, regulatory, and technical responses by organically linking its internal Discovery Center and Digital Forensics Center."

When an incident occurs, the center operates along three tracks simultaneously. The Legal Response Team determines the legal nature of the incident, reporting obligations, and whether there has been a breach. The Regulatory Response Team coordinates the initial response direction by considering the potential for reporting and expanded investigations by each agency, such as the Personal Information Protection Commission, the Ministry of Science and ICT, and the Korea Communications Commission. The Technical Response Team is responsible for on-site intervention, cause analysis, and implementing measures to prevent further spread.

Recently, corporate inquiries have also become increasingly sophisticated. This is because the amended Personal Information Protection Act, set to take effect in September, introduces a number of new requirements, such as specifying the responsibilities of representatives, making it mandatory for the board of directors to approve and report the appointment of a Chief Privacy Officer (CPO), and other advance preparations. Attorney Sookyung Lee, who previously served as a director at the Korea Communications Commission, said, "When a hacking incident occurs, you must not only consider the Personal Information Protection Act but also check whether it is subject to reporting to the Ministry of Science and ICT under the Information and Communications Network Act," emphasizing, "A comprehensive system for viewing the entire information security environment is necessary."

The center also warned that blind spots companies may not be aware of could become channels for large-scale hacking. They cautioned against complacency even if regular security certifications or inspections are completed each year. Jaewon Ji, a research fellow who previously worked at Igloo Corporation, stated, "Recent incidents have often occurred at points connecting internal and external networks, especially in remote work environments where certain links were left open," adding, "Traditional inspections are no longer sufficient—red team-style assessments from a hacker’s perspective are becoming increasingly important."

Attorney Kwangwook Lee (left), Attorney Sugyeong Lee, Attorney Geunwoo Lee, and Research Fellow Jaewon Ji of Hwawoo Law Firm are being interviewed by The Asia Business Daily. Photo by Dongjoo Yoon

A key strength of the center is its practical collaboration system. For administrative litigation, judges with experience at the Seoul Administrative Court are involved; for civil litigation, the litigation group participates; for regulatory investigations, regulatory response personnel are engaged; and for technical analysis, the center collaborates with global security companies such as Palo Alto Networks and Igloo Corporation. Hwawoo has also obtained and renewed ISO 27001 certification, further strengthening the law firm’s internal security systems. Attorney Lee emphasized, "If we are to advise companies on information security, we ourselves must meet the same standards," adding, "The Information Security Center is not an organization that reacts after incidents occur, but one that anticipates regulatory changes and new technology risks and prepares in advance."

Hot Picks Today

Home Appliance Woes Mount, Yet 45 Trillion Won ...

Hwawoo expects that information security issues will rapidly expand into new regulatory and technological areas such as AI security, location information, and quantum-resistant cryptography. The center also plans to broaden its support so that companies can manage risks proactively, beyond simply responding to incidents.

한글 기사 보기

This content was produced with the assistance of AI translation services.