SOUTH Korea is considering updates to data and cyber laws after recent large‑scale data breaches across telecommunications, retail, and finance sectors, prompting lawmakers and regulators to act. According to Hogan Lovells, the proposed amendments centre on two main statutes: the Network Act, administered by the Ministry of Science and ICT, and the Personal Information Protection Act, overseen by the Personal Information Protection Commission.
While the Network Act applies to information and communications service providers, including e‑commerce platforms, social media services, fintech operators, and mobile banking providers, both regimes often face obligations when breaches involve personal data. The overarching aim of the amendments is to improve data protection and security governance, with stronger information management systems, and to enhance the effectiveness of incident response, investigations, and sanctions.
The changes reflect a coordinated effort by the National Assembly and government agencies to better prevent and respond to cybersecurity threats targeting critical networks and personal data.