Compliance with South Korea’s PIPA

Vormetric Data Security Solutions

South Korea’s Personal Information Protection Act (PIPA), came into force on 30 September 2011, and is one of the strictest data protection regimes in the world. It is also supported by sector specific legislation:

PIPA places many obligations on organizations in both the public and private sectors, including mandatory data breach notification to data subjects and other authorities including the Korean Communications Commission (KCC). PIPA imposes a duty on information managers (i.e. data controllers) to take the "technical, administrative and physical measures necessary for security safety […] in order to prevent personal information from loss, theft leakage, alteration or damage". Organizations are required to establish an official statement of those security measures, and an internal privacy officer must be appointed (regardless of the size or nature of the organization) to oversee data processing activities. The internal privacy officer will be held accountable, and be subject to any criminal investigations following a breach.

Article 24(3) of PIPA places express restrictions on the management of unique identifying information, and requires information managers to take "necessary measures", "including encryption" in order to prevent loss, theft, leakage, alteration or damage. Similarly, Articles 25(6) and 29 require "necessary measures" to be implemented to ensure that personal information may not be lost, stolen, altered or damaged.

South Korea also has a track record of enforcement of data protection laws. Chapter 9 of PIPA contains severe sanctions for data security breaches including substantial fines and imprisonment – up to 50 million won in fines and imprisonment of up to five years are potential consequences.

South Korea’s PIPA

The Vormetric Data Security Platform provides core capabilities that both meet requirements for encryption, and provide extended protection for organizations from the strict consequences spelled out under PIPA. Usable across data centers, cloud environments and big data implementations, the platform provides a single, cost effective solution and infrastructure set to multiple data protection problems under the law.

With Vormetric Transparent Encryption, organizations can lock down data within file systems and volumes using encryption, and only allow access to protected information to programs and accounts that require access to the data for their work. Data is only decrypted for these accounts, while system administrators and other privileged users can perform their work but will see only encrypted data blocks. This greatly reduces an organization’s exposure to both insider threats, and outside attacks by hackers – as only a very limited set of accounts and programs can access data.

In addition, audit log data enables organizations to quickly identify accounts trying to access protected information (authorized or not) and can be integrated with a Security Information and Event Management (SIEM) system for identification of unusual access patterns by authorized users that may represent a threat.

Vormetric Application Encryption enables organizations to build encryption directly into corporate applications using a standard programming library, and set of application interfaces – extending data protection to the web and other custom applications directly.


2014 Global Compliance: The legal obligations..

Vormetric on cybersecurity

By Phil Lee, Partner, Field Fisher Water House
Updated for 2014, this document examines the global legal...  

Download >>


Encryption as an Enterprise Strategy

Vormetric Data Security Platform

Offers survey results and analysis on creating an enterprise-wide encryption strategy.  

Download >>


 With Vormetric Data Security providing encryption combined with user access control, we are able to prevent data breach risks fundamentally and raise work efficiency based on simple deployment and operation. 

Byung-Mook Lim
Manager of IT department
Dongbu Life Insurance

The Vormetric Digital Digest on Data Security

Customer and Partner Success

  • Rackspace Cloud Partners
  • McKesson
  • AWS
  • Google Compute Engine
  • Microsoft
  • IBM
  • CenturyLink
  • QTS
  • Teleperformance Secures
  • Delta Dental