On 27 October 2013, South Korea’s Ministry of Security and Public Administration (MOSPA) announced that beginning 28 November 2013, the government is set to issue certifications to companies that can demonstrate compliance with their duties under the Personal Information Protection Act (PIPA).
Companies will be able to file applications for certification to the National Information Society Agency (NISA), which will assess each applicant against a set of criteria, with the number of obligations depending on the size of the business. The self-employed will have to satisfy 35 obligations; small- to medium-sized companies will have 52 requirements; while large companies and state-run firms will have to meet 65 criteria.
The Certification Program will grant businesses with NISA endorsement status for a period of three years; however, companies will be subject to annual NISA review to monitor ongoing compliance.
It is anticipated that certification will foster greater trust in the relationship between businesses and customers in South Korea. This will undoubtedly be a welcome measure in the context of the increasing trend of people falling victim to scams as a result of unauthorised leaks of personal data, such as the illegal access to personal data of more than 200,000 mobile phone users last year by two of the largest mobile phone companies, KT and SKT.