South Korea’s PIPA Compliance

The Vormetric Data Security Platform from Thales provides the security controls that enable organizations to comply with PIPA and reduce their exposure to data breaches

South Korea’s PIPA


South Korea’s PIPA

One of the strictest data protection regimes in the world, South Korea’s Personal Information Protection Act is supported by sector-specific legislation related to IT and communications networks (the ) and the use of credit information (the Use and Protection of Credit Information Act).

Thales can help your organization comply with these rules through:

  • Data encryption and access control;
  • Security intelligence;
  • Application encryption.


  • Regulation
  • Regulatory Compliance

Legal overview

Infringement notice: The Personal Information Protection Act imposes various obligations on companies in the public and private sectors, such as the obligation to notify the authorities and data subjects, such as the Korea Communications Commission (KCC), of data breach.

Data security: Personal Information Protection Act mandates that “technical administrative and physical measures be taken by information managers” to prevent personal information from being lost, stolen, leaked, tampered with or damaged.

Official Policy Statement: Organizations are required to formulate a formal statement of such security measures.

Internal Privacy Officer: Organizations (regardless of size or industry) must designate an internal Privacy Officer who oversees data processing activities. The internal personal information security officer is responsible for any infringement and may be investigated under criminal law.

Encryption for Social Security Number

Article 24 (3) of the Personal Information Protection Act sets out restrictions on the management of uniquely identifiable information, and information managers take "necessary measures" such as encryption to prevent loss, theft, leakage, tampering or damage. To take. Similarly, clauses 25 (6) and 29 require that "necessary measures" be taken to ensure that personal information is not lost, stolen, tampered with or compromised.

Strict enforcement

Korea has a lot of experience in enforcing data protection laws. Chapter 9 of the Personal Information Protection Act stipulates that data security breaches can be punished in fines and prison sentences (up to 50 million won fines and up to 5 years in prison).

Vormetric Data Security Platform

Thales Vormetric Data Security Platform provides companies with comprehensive protection against the rigorous formulations specified in PIPA and a key capability to meet cryptographic regulations. The platform, which can be used across data center, cloud, and big data implementation systems, provides a single, cost-effective solution and infrastructure to help you meet the many data protection challenges posed by PIPA.

Vormetric Transparent Encryption

With Thales Vormetric Transparent Encryption , companies can use encryption to store data within file systems and volumes, allowing access only to programs and accounts that need to access the data for business purposes. Data is decrypted only in the account to which the permission has been granted, and system administrators and other authorized users can perform their tasks without any problems. If you don't, you won't be able to see the encrypted data, as only a limited set of accounts and programs can access the data, significantly reducing your organization's exposure to insider threats and external attacks by hackers.

Vormetric Security Intelligence

Thales Vormetric Security Intelligence provides audit log data to help companies quickly identify accounts (regardless of permissions) that want to access protected information. It also integrates with security information and event management (SIEM) systems to help identify privileged users' unusual access patterns that could be a threat.

Vormetric Application Encryption

Thales Vormetric Application Encryption enables companies to build encryption directly into enterprise applications using standard programming libraries and a set of application interfaces, and extend data protection directly to the web and other custom applications.

Other key data protection and security regulations


Active Now

Perhaps the most comprehensive data privacy standard to date, GDPR affects any organization that processes the personal data of EU citizens - regardless of where the organization is headquartered.


Active Now

Any organization that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.

Data Breach Notification Laws

Active Now

Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbor” clause.