Stronger Fines for Personal Data Leaks Start Tomorrow... Higher Sales Standards Applied
Fines to Be Calculated Based on the Greater Amount Between Last Year's Sales and Three-Year Average
Fine Reductions Restricted for Serious Violations
Starting tomorrow, the standards for imposing fines on companies that have experienced personal information leakage incidents will be strengthened, and the application of fine reductions for serious data breaches will become more stringent.
The Personal Information Protection Commission announced that the partial amendments to the 'Enforcement Decree of the Personal Information Protection Act' and the 'Standards for Imposition of Fines for Violation of the Personal Information Protection Act' (Notice) will take effect on May 19.
Personal Information Protection Commission Logo. Personal Information Protection Commission
View original imageThis amendment was pursued to strengthen the calculation criteria for sales revenue used as the basis for fine imposition and to impose stricter sanctions for serious violations.
First, the standards for calculating sales revenue, which serve as the basis for fine imposition, will be reinforced. The current enforcement decree bases the fine calculation on the 'average annual sales revenue for the three business years immediately preceding the year in which the violation occurred.' In this case, the basis for the fine calculation could be lower than the company’s actual economic capacity.
Under the amended enforcement decree, fines will be calculated based on either the 'sales revenue from the immediately preceding business year' or the 'average annual sales revenue from the previous three business years,' whichever is greater. This means that for companies with increasing sales, fines will be levied based on the sales revenue from the most recent business year.
In addition, a basis has been established to exclude fine reductions in cases where the degree of violation or the scale of damage is deemed serious. The current fine imposition standards allow for reductions if there are grounds such as cooperation with investigations or voluntary protection activities. However, there have been concerns that applying the reduction standards even for severe violations may diminish the effectiveness of sanctions.
Accordingly, the amendment stipulates that in cases of serious violations, all or part of any reductions will not be applied.
However, these amended regulations will only apply to violations that occur after May 19, and violations that were completed before this date will be subject to the previous regulations. Therefore, the revised rules will not apply to companies such as Coupang or KT that are currently awaiting decisions from the Personal Information Protection Commission.
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Don't Throw Away Coffee Grounds" Transformed into 'High-Grade Fuel' in Just 90 Seconds [Reading Science]
- Nana Home Intruder Who Filed 'Counter Attempted Murder Complaint' Referred to Prosecution for False Accusation
- "Groups of 5 or More Now Restricted"... Unrelenting Running Craze Leaves Citizens and Police Exhausted
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
A spokesperson for the Personal Information Protection Commission stated, "These amendments to the enforcement decree and notice aim to enhance the effectiveness and accountability of sanctions for legal violations by companies," adding, "We will respond more strictly to serious personal information breaches by imposing fines that correspond to the company's current economic capacity and the severity of the violation."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
