Personal Information Protection Commission Establishes 'Basic Plan for Personal Information Protection' for 2021-2023
[Asia Economy Reporter Kim Heung-soon] A blueprint for privacy protection policies aimed at balancing the protection and utilization of personal information over the next three years has been unveiled.
The Personal Information Protection Commission (PIPC) prepared the "Basic Plan for Personal Information Protection" for 2021-2023 and reported it to the Cabinet meeting on the 24th. The Basic Plan for Personal Information Protection is a comprehensive plan that consolidates the strategies and major policy directions for personal information protection during this period. It consists of three main strategies?ensuring solid personal information protection, safe utilization that enhances data value, and harmonizing protection and utilization as a control tower?and ten key tasks.
Measures to Strengthen Personal Information Protection for Citizens, Businesses, and the Public Sector
Improvement of Formal Consent in Personal Information Collection, Introduction of Personal Information Portability
Provision of Incentives and Training of Experts
First, in a non-face-to-face society where online activities have become routine, protection policies for citizens, businesses, and the public sector will be strengthened to ensure that citizens' personal information is securely protected. The practice of formal consent in personal information collection will be improved, and new rights such as personal information portability (the right of data subjects to receive their personal information provided to data processors) will be introduced to effectively protect citizens' information sovereignty in line with changing times.
The plan also includes measures to raise sensitivity to personal information protection so that citizens can protect their own information and businesses voluntarily safeguard personal information. This includes creating an autonomous protection ecosystem by providing incentives based on self-regulation performance and training specialized personnel.
To prevent personal information breaches by the public sector, the current personal information impact assessment and breach factor evaluation will be improved and expanded, and the personal information management level diagnosis system will be enhanced with a focus on on-site inspections, thereby establishing a foundation for the public sector to take the lead in personal information protection.
Encouraging Safe Utilization of Personal Information
Activation of Pseudonymized Information System, Establishment of Protection Standards Tailored to the Digital Society
Strengthening the Role of the PIPC as a Personal Information Protection Control Tower
Although the amendment and enforcement of the Personal Information Protection Act have laid the foundation for pseudonymizing and utilizing personal information, there is a continuous need to enhance safety. Therefore, a comprehensive support system will be developed, and a pan-governmental council will be operated. The comprehensive support system will include features such as application for pseudonymized information linkage, guidance on linkage progress, transmission and reception of pseudonymized information for linkage, generation of linkage key-related information, and management of linkage status.
The PIPC plans to establish new protection standards suited to a digital society where new technologies such as artificial intelligence (AI), cloud computing, and autonomous driving are commonplace. It will actively review improvements to regulations proven necessary to be revised, such as regulatory sandboxes. Furthermore, the PIPC aims to strengthen its role as a domestic and international personal information protection control tower, leading public, private, and global governance to achieve harmony between personal information protection and utilization.
A pan-governmental joint response consultative body will be formed to respond to personal information leaks, and a one-stop consultation and damage relief system will be established. The system for overseas transfer of personal information will also be improved in consideration of the increasing trend of such transfers. Reflecting the acceleration of the non-face-to-face and digital society due to the COVID-19 pandemic, the PIPC conducted environmental analysis, public surveys, and institutional research, and reestablished the "4th Basic Plan for Personal Information Protection" announced last February.
Yoon Jong-in, Chairperson of the Personal Information Protection Commission, said, "The Basic Plan for Personal Information Protection will be implemented starting in 2021, the 10th anniversary of the enactment of the Personal Information Protection Act. We will do our best to promote the Basic Plan for Personal Information Protection so that data can be safely utilized based on trust in the data economy."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
