South Korea’s Personal Information Protection Commission will strengthen preventive management starting with public agencies that process large amounts of key personal data such as resident registration numbers. It set principles of risk-based management, evidence-based inspections and outcome-linked incentives to encourage voluntary improvement. The commission will expand public-sector intensive management systems to 387 and conduct emergency inspections through March, focusing on security patches, strong authentication, de-identification and encryption practices.