The Private Info Safety Fee (PIPC) is pursuing a plan to impose fines of as much as 10% of most income on corporations that trigger main private info breach incidents or repeated accidents. Moreover, the fee is reviewing a plan to introduce the category motion system, presently solely carried out within the securities sector, to the non-public info area as properly. That is meant to develop corporations’ preventive funding earlier than accidents happen.
On Dec. 12, the fee reported its 2026 work plan, which incorporates such content material, to President Lee Jae Myung at a briefing held on the Authorities Sejong Conference Heart. The fee first determined to determine a brand new provision that raises the tremendous normal for corporations that commit repeated and critical violations from the present 3% of income to 10%. At present, the Private Info Safety Act stipulates that fines will be imposed on corporations that trigger private info breach accidents inside a variety not exceeding 3% of complete income. The fee plans to boost this normal to a most of 10% of income, enabling laws which are greater than thrice stronger than present ones when vital. Nonetheless, the supply permitting exclusion of income from unrelated sectors might be maintained, and the present 3% tremendous normal can even be retained contemplating the tremendous burden on small and medium enterprises. In different phrases, it’s a construction that introduces the ten% solely when particular situations akin to intentional/gross negligence and large-scale injury are met.
In relation to this, Rep. Park Beom-gye of the Democratic Social gathering of Korea and others proposed an modification to the Private Info Safety Act on Dec. 9, which incorporates content material permitting fines of as much as 10% of income to be imposed. The invoice restricted the targets for punitive tremendous imposition to circumstances akin to repeated violations as a consequence of intentional or critical negligence throughout the previous 3 years, circumstances inflicting injury to large-scale (10 million or extra) info topics as a consequence of intentional or critical negligence, and circumstances of non-public info breach as a consequence of non-compliance with corrective orders. PIPC Chairperson Music Kyung-hee mentioned “(We’ve got) the identical place because the Nationwide Meeting proposed invoice and are pursuing it collectively,” including “Since nationwide consensus on the need has been fashioned, we count on it to proceed swiftly, and the fee is making most efforts.”
Nonetheless, even when the invoice passes, it’s anticipated to be troublesome to use to Coupang. Music mentioned “Whereas we should study every particular person case, it seems troublesome to use punitive fines to incidents that occurred earlier than the modification.”
The PIPC can also be pursuing a plan to allow injury compensation via group litigation when private info breach accidents happen. At present, when private info breach accidents happen, collective dispute mediation isn’t performed, so even when it strikes to group litigation, injury compensation can’t be acquired. It’s because there aren’t any injury compensation provisions via group litigation. To obtain injury compensation, people should apply for litigation via regulation corporations one after the other.
The fee reported that it will pursue a plan to allow injury compensation via group litigation whereas additionally taking part in discussions on class motion lawsuits. The category motion system is a technique (opt-out) the place if some victims win as representatives in litigation, all customers who didn’t take part within the lawsuit may also obtain compensation. Nonetheless, presently in our nation, class motion lawsuits are solely permitted within the securities sector.
In relation to this, President Lee mentioned on the assembly, “You mentioned you’d make private info breach accidents topic to group litigation and sophistication motion lawsuits, however now all residents are victims,” including “If you happen to attempt to sue, litigation prices might be increased, so class motion lawsuits should positively be launched. I hope you’ll velocity up the laws.”
As well as, the fee can also be pursuing strengthening the effectiveness of the certification system, akin to strengthening on-site technical examinations when receiving Info Safety Administration System-Private Info (ISMS-P) certification. By the primary half of subsequent 12 months, a plan to legislate administration obligations for company representatives (CEOs) as last accountable events for protected private info processing and safety can also be being pursued. That is meant to create consciousness that that is work that your entire firm should take part in, not simply the work of some workers members.
The fee additionally reported the next as main duties for subsequent 12 months: establishing a technical evaluation heart, decreasing fines for corporations with energetic funding, working AX innovation help assist desk, and making a protected MyData ecosystem.
Music mentioned “At a time when private info breach accidents are quickly rising and knowledge demand is rising as a consequence of AI transformation, we should basically rework the non-public info safety system,” including “We’ll change the paradigm from document-based to field-centered, from post-incident sanctions to pre-incident prevention.”
