South Korea’s Personal Information Protection Act (“PIPA”) was enacted on September 30, 2011 and is considered to be one of the strictest data protection regimes in the world.
South Korea’s prior Public Agency Data Protection Act was largely limited. In the private sector, it applied only to those businesses that used telecommunications services. And in the public sector, the legislation covered all public agencies but lacked enough limits on government collection of data. The old Act was replaced with the more comprehensive PIPA, which applies to both public and private sectors. As a result, “more than 3.5 million public entities and private businesses are now regulated by common criteria and principles, and common enforcement mechanisms.”