South Korea’s Ministry of Government Administration and Home Affairs issued an amended version of the Standards of Personal Information Security Measures (the ‘Standards’). These Standards seek to close loopholes and inadequacies in the South Korean data protection law, and to counter the growing number of data breaches, especially those arising from use of mobile devices.

The Standards apply to all data handlers (a concept similar to data controllers under the EU Data Protection Directive) and are designed to prevent the loss, theft, leakage or falsification of personal information. The amended version sets out extensive requirements, increases obligations on data handlers when outsourcing processing, and introduces new security measures for mobile devices.

The Standards now require that data handlers actively supervise, manage and monitor outsourcing providers. In addition, ‘mobile devices’ have been added to the definition of personal information processing systems, and data handlers must ensure that all mobile devices are equipped with appropriate security measures, including the encryption of any personal information stored on them.

These Standards follow amendments already made to the Personal Information Protection Act 2011, and provide another example of how South Korea is trying to tighten up the security of its personal data following several substantial data breaches.