THE South Korea government is promoting a bill that would hold companies liable for damages in personal information leaks even when there is no intent or negligence, with retroactive application to past incidents, according to DataBreaches[.]Net. The amendment to the Personal Information Protection Act would impose statutory damages of up to 3,000,000 Korean won per victim, regardless of the responsible company’s intent or negligence.
It could see large data-breach players such as Coupang and SK Telecom (SKT) facing heightened liability for incidents last year, the report notes. The story is reported by Kwon Soon-wan, and according to The Chosun, the Democratic Party and the Personal Information Protection Commission are pushing the amendment through recent consultations. This piece was posted on 10 February 2026.