Tom Cochran, former Director of New Media at the White House once noted that “personal information is the currency of the 21st century.” In this spirit, ALB, with the support of the Trade Secret Protection Centre (part of the Korea Institute of Patent Information), the Chief Privacy Officers’ Forum, the Korea In-House Counsel Association and the ICR Law Centre, organised the first Korea Data Management, Access & Protection Conference on Feb. 26, 2014 in Seoul.

The recent data theft scandals involving three of Korea’s key financial institutions made the event extremely relevant for Korea’s legal, compliance and privacy community. The more than 50 delegates in attendance enjoyed practical sessions conducted by representatives of the government and private sector which went beyond the discussion of formal law, and provided practical advice on trade secret, company data and personal data protection.

The event opened with an informative keynote by Kyungho Chung, vice-president of the Korea Internet Security Agency (KISA), the key government body responsible for enforcing data protection legislation and countermeasures against violations. Chung gave a comprehensive overview of Korea’s Personal Information Protection Act (PIPA) and the ICT Network Act while pointing out compliance pitfalls and regulatory limitations through presentations of real-life data breach case studies. He also highlighted the implications of Big Data and the Right To Be Forgotten requests for privacy and proposed policy guidelines for the international harmonisation of privacy standards and the cross-border monitoring of multinational vendors.

Following the government keynote, TaEon Koo, legal counsel for the Personal Information Protection Commission and well known in legal circles as “one of Korea’s best lawyers with significant field experience,” delivered a comprehensive workshop on trade secret management systems and the collection of electronic evidence. Koo detailed how in-house lawyers must take charge of the stipulation and enforcement of security policies, as well as the classification and control of secret documents with both internal and external stakeholders. He underlined the importance of coordination between legal, security and business departments, and the formulation of balanced punishments in case of policy violations. He then spoke of how this was linked to the growing usage of e-discovery and the importance of a legal counsel’s necessary familiarity with forensics technologies for legal risk management. Koo guided delegates through the lifecycle of e-discovery including records management guidelines, in addition to compliance with regulations affecting e-discovery including PIPA and strategic execution. OTIS General Counsel Roger Chae’s presentation then translated Koo’s guidelines into a practical case study using OTIS Korea’s experience and policies in employee data management, employee usage of data, and examples of legal control and redress.

The concluding panel shared the experiences of in-house counsel in setting up data management structures, and demystifying the benefits of electing a separate privacy function versus integrating it into the compliance and/or legal departments. Featuring representatives from major banking and insurance institutions, the panel offered a first-hand review of the recent credit card data leakage, calling for preventative measures to avoid future crises as opposed to reactive steps when things went wrong. The panelists also applied the financial market perspective across high-risk industries prone to non-compliance with PIPA. Interestingly, the panel argued that while the government was initially considering a move towards the liberalisation of data management regulation, this process had taken an abrupt 180-degree reversal due to data violation cases propelling the potential rolling out of higher compliance thresholds.

Follow us on Twitter: @ALB_Magazine.