[Second Half Work Report] Fund to Be Created from Data Breach Penalties... Whistleblower Reward System Introduced
Building a Personal Data Utilization Framework for AX
Introduction of Whistleblower Reward System
Establishing a Victim Relief Fund Using Data Breach Penalties
The government is moving forward with a plan to establish and utilize a fund sourced from penalty revenues to support people affected by personal information leaks. Reflecting the increasing occurrence of large-scale data breaches, the government will introduce a whistleblower reward system and further enhance the effectiveness of enforcement measures. A new system for utilizing personal information in support of artificial intelligence (AI) applications will also be established.
The Personal Information Protection Commission reported these measures as part of its work plan for the second half of 2026 to President Lee Jaemyung at the Blue House State Guest House on the morning of July 16.
Song Kyunghee, Chairperson of the Personal Information Protection Commission, is giving a departmental briefing at the Blue House State Guest House on the 16th. Photo by Yonhap News Agency
View original imageIn its work report, the Commission outlined four key focus areas: promoting daily practices of personal information protection through expanded prevention systems, establishing a safe personal information utilization system for AI Transformation (AX) innovation, enhancing the protection of personal information rights that citizens can experience firsthand, and ensuring swift investigations, decisions, and effective enforcement actions.
The proposal to use penalty funds as financial resources for compensating victims of personal information leaks was presented as a measure to enhance personal information rights. Lee Jeongryul, Vice Chairperson of the Commission, explained, "As the Commission's annual penalty revenues exceed 100 billion won, there have been growing calls not to allocate all of it simply as government income, but instead to use it for victim relief. We are currently consulting with related ministries such as the Ministry of Economy and Finance and are considering utilizing the funds for services like legal counsel or indirect victim relief."
Additionally, the Commission plans to introduce new sanctions against concealing or destroying related evidence during a data leak incident and to implement a system that awards whistleblowers who report such cases.
An AI-based “Comprehensive Personal Information Infringement Support Service” will also be built, offering integrated counseling, reporting, victim relief, as well as detection and deletion of personal information. The Commission plans to address new threats to personal information stemming from emerging technologies through research and development (R&D) efforts.
Measures will be taken to increase the effectiveness of investigations and actions related to information leak cases. For major incidents, such as those involving more than 1 million records leaked, the Commission will form dedicated task forces to conduct focused investigations and decisions, while a fast-track process will be introduced for minor cases. According to revisions in the Personal Information Protection Act, starting in September, punitive penalties of up to 10% may be imposed in cases of serious or repeated violations.
The Commission will also reinforce preventative systems to stop information leaks. Regular and ad-hoc assessments will be conducted in fields that are closely related to daily life or have a significant impact in case of a breach. A dedicated organization will be created to oversee and support inspections of the public sector. For companies that invest at or above the statutory level to prevent personal information breaches, penalty reductions will be offered. The level of effort to prevent incidents will also be taken into account when imposing fines.
For minor data leak incidents at small and micro enterprises, a "conditional warning" policy will be introduced. This will defer administrative actions on the condition that issues are resolved. The idea is that, since such companies lack the capacity for major investments in personal information protection, support is more effective than punishment in raising protection standards. A self-assessment tool will also be developed and distributed with priority to small and micro enterprises. In the public sector, compulsory requirements will be extended to 387 key public systems, and initiatives will be made to increase the number of personnel and budgets for personal information protection at each institution as well as to improve their working conditions.
Support for the AI Transformation (AX) will also be bolstered. The Commission aims to introduce an “AI original data utilization exemption,” which would allow the use of personal data in developing AI for public or social purposes, provided that safety measures are taken. This responds to growing demand in the field for developing high-performance AI models using original datasets containing personal information. In addition, existing support mechanisms—such as preliminary reviews and regulatory sandboxes—will be streamlined and integrated into the tentatively named “AX Safe Support System,” designed to ensure the secure implementation of AX initiatives.
Meanwhile, the Commission plans to establish new principles for handling and protecting personal information in emerging technologies, such as smart glasses, which have recently seen instances of misuse.
Hot Picks Today
"KOSPI Faces Record Volatility Amid Doubts Over Semiconductor-Only Dominance"
- "Despite Fears of Collapse Without Chinese Tourists... Koreans Become Japan’s Tourism Saviors"
- President Lee: "I Will Never Tolerate Agency Heads Who Don't Know Their Work... Stay Up All Night If You Must to Understand It"
- "Earned $100,000 at 18": Young Americans Flock to Skilled Trades Like Plumbing, Undeterred by AI
- "If I Can't Ride the Subway for Free, I Can't Do This Job... Keeping It Secret from Friends" The Struggles of a White-Haired Courier
Chairperson Song Kyunghee stated, "Following the large-scale leak incidents last year, we have enhanced the effectiveness of enforcement and are shifting toward a prevention-focused personal information protection system. In the second half of this year, we will strengthen institutional support to ensure preventive investments and protection efforts take root in the field, and we will accelerate safe data utilization innovation to deliver real, tangible changes and results for citizens."
© The Asia Business Daily. All rights reserved. Unauthorized AI training and use prohibited.