Republic of Korea: Adopted MyData Transmission Security Guide

On 27 September 2023, the Korean Personal Information Protection Commission (PIPC) adopted the "MyData Transmission Security Guide". The Guide concerns the security of personal data transfers based on MyData, which pertains to the right to data portability established in the Personal Information Protection Act (PIPA). They are primarily aimed at information providers, information recipients, and other entities handling personal data within the MyData service framework. The Guide outlines measures to control access to facilities storing personal data, to ensure secure storage and controlled access to data, to encrypt data during storage and transmission, to use access control and security tools to protect data, to install and update security programs to prevent malware, to implement secure password policies, to consider security during system development, to regularly inspect and address vulnerabilities, and to implement safeguards for printed or copied data. They also highlight the importance of appointing a personal information protection manager for data transfers.