Ko Nak-jun (고낙준), director general for preventive coordination and deliberation at the Personal Information Protection Commission, briefs on the detailed implementation plan for shifting to a prevention-centred personal data management system at the Government Complex Seoul on the morning of May 22.

From the second half of this year, tailored inspections of personal data handling based on the level of privacy-infringement risk will begin in earnest.

The Personal Information Protection Commission on Thursday presented a plan at a meeting of economy-related ministers to shift to a prevention-focused personal data management system. It is a follow-up to a plan reported to a cabinet meeting on May 12 and is designed to press ahead with a preventive protection system that identifies and manages risks of privacy infringement and data leaks in advance.

The government will first classify areas of personal data handling into high, medium and low risk groups, considering the scale of processing, sensitivity and industry characteristics, and will conduct differentiated inspections and management.

For high-risk groups, it plans to disclose inspection areas in advance and review the status of internal control operations through regular and ad hoc inspections to minimise accident risks. This year, it will push ahead with inspections focused on areas that handle large volumes of personal data or sensitive information, including platforms, financial institutions, public institutions, edtech and nursing hospitals.

For areas that are not in the high-risk group, it plans to encourage the use of personal information impact assessments and compliance with privacy-by-design principles, known as PbD. With a reporting system for designating chief privacy officers, or CPOs, set to be introduced from September, it also plans to strengthen cooperation with associations and groups, including a CPO council, to operate a hotline that quickly disseminates the latest threat information and to encourage advance responses and measures for similar incidents.

It also plans to proactively check concerns over infringements in new-technology areas such as internet of things devices and agent AI so that no blind spots in privacy protection emerge.

It will also institutionalise privacy-by-design principles, known as PbD, that reflect privacy protection by default from the service planning, design and development stages. To spread PbD principles, it plans to prepare and distribute guidelines and best practices that can be referenced during planning and design, along with amendments to the Personal Information Protection Act, and to reflect PbD principles in existing evaluation and certification standards, including ISMS-P certification.

It will also prepare measures to disclose active privacy protection activities through information security disclosures so that companies expand substantive protection investment rather than stopping at meeting minimum standards set by the act. It will strengthen oversight across the supply chain, including software-as-a-service, cloud and specialised contractors where large volumes of personal data are concentrated, and it will also promote research and development of preventive privacy-enhancing technologies, or PET, to prevent data leaks and misuse, as well as the training of specialised personnel.

Song Kyung-hee (송경희), chairperson of the commission, said it would work with relevant ministries to continuously inspect the status of personal data handling and vulnerabilities in key areas and to establish a prevention-focused management system proportional to risk.

Keyword

#Personal Information Protection Commission #PbD #CPO #ISMS-P #IoT
Copyright © DigitalToday. All rights reserved. Unauthorized reproduction and redistribution are prohibited.