메뉴 열기
메뉴 닫기
메뉴 닫기

Expertise

|
|
|
|

Data Privacy & Cybersecurity

Lee & Ko's Data Protection & Cybersecurity (“DPC”) Practice Group has a strong track record of providing quality advisory and consulting services in the field of data protection and privacy. Whether responding to a data breach or advising on compliance with privacy regulations, our seasoned attorneys can effectively assist our clients on all matters involving privacy and data rights. In response to the heighted importance of personal information protection at the corporate management level and the surge in large-scale data breaches, Lee & Ko established its DPC Practice Group in the late 2000s to meet the increased demand of our clients with respect to issues of data protection and personal information security.

Because personal information leakages typically lead to multiple legal consequences including civil lawsuits and investigations conducted by regulatory authorities such as the Korea Communications Commission, clients often look for a firm that can provide one-stop services. Lee & Ko's DPC Practice Group is comprised of industry-renowned privacy experts, including attorneys with previous experience as judges or prosecutors who specialized in handling personal information cases. Our Group maintains a comprehensive understanding of current regulatory trends and has a proven track record in handling complex privacy matters. We provide tailored, on-point legal advice based on years of experience, an in-depth understanding of the DPC field, and comprehensive analysis of various regulatory issues. Our DPC Practice Group has represented clients in hacking/data breach lawsuits, advised clients on responding to investigations and sanctions imposed by concerned regulatory authorities such as the KCC and other governmental authorities, conducted data compliance projects, and provided comprehensive advice on the application of various personal information-related laws to companies in the ICT, finance, and medical industries.

Keeping abreast with new, rapidly-changing trends in the DPC sector, we always seek to provide insightful guidance to our clients as well as a full spectrum of legal services that minimize the legal risks faced by our clients.
Expertise
Counseling & Compliance

As more and more companies conduct their businesses online and provide services via mobile and IT platforms, personal information security has also become increasingly important. In particular, as data breaches and their ensuing consequences have become a grave area of concern for many, the regulatory authorities have tightened their oversight and regulation of personal information processing.

Lee & Ko's DPC Practice Group provides a wide array of advisory services, including counseling on personal information protection, information security, personal information protection compliance projects, data breaches (hacking incidents), and the establishment of information security policies. In doing so, we help our clients preemptively manage the risks associated with the processing of personal information. Following the massive data breach of 3 major credit card companies that occurred in January 2014, our DPC Practice Group has launched a new program for companies for the purpose of providing clients with advanced consulting services on various stages of personal information compliance projects. In addition, our DPC lawyers and professionals provide tailored compliance advice based on their individual needs, including assistance with personal information protection level (PIPL) certification.


DPC Litigation and Dispute Resolution

Lee & Ko's DPC Practice Group has successfully represented clients in civil/criminal lawsuits and administrative proceedings involving data breaches and the unlawful use of personal information. Within the group are a number of DPC litigators and advisors who have substantial experience handling cases involving large-scale hacking incidents and personal information leakages occurring both within Korean and globally. Our dedicated team of DPC attorneys works closely with clients to obtain favorable outcomes, whether doing so involves negotiating settlements, obtaining dismissals, or litigating cases through the various stages of trial.


Protection of Personal Information relating to Convergent/New Services

Lee & Ko's DPC Practice Group draws on its extensive market knowledge to provide professional and effective legal insight to both clients and government agencies regarding privacy/data security issues surrounding cloud computing, smart devices, location-based services, wearable devices, big data, Internet of Things, and U-Health, among others. In addition, we endeavor to identify the legal challenges presented by an increasingly interconnected and ever-changing world to deliver practical, up-to-date counsel that fits the needs of our clients.


Processing of Personal Information in Transactional Cases

Due to the increasing significance of personal information in the efficient management of a company, the issue of how a company can continue to retain and use the personal information retained by the target company often becomes a major issue in cases of acquisitions, mergers, spin-offs, and business transfers.
Our DDP Practice Group has extensive experience analyzing and addressing a wide range of regulatory issues that may arise in the process of transferring personal information from one entity to another as a result of an M&A, spin-off, or business transfer. We have also experience communicating with the relevant regulatory agencies to ensure that the transaction is carried out without issue. Based on such experience, Lee & Ko's DPC Practice Group provides our clients with effective advice that allows them to maximize their business interests.
READ MORE
Major Cases
Incident Response & Related Litigation
  • Advising and representing companies involved in the credit card companies’ data breach in civil lawsuits and against sanctions imposed by the financial regulatory authorities 
  • Advising a global media and videogame company on measures to take in response to its game console hacking incident
  • Representing a major Korean personal information online marketing agency in its administrative lawsuit 
  • Representing Korea’s largest wireless carrier in a criminal investigation for security breaches and misuse of subscriber information
  • Advising a renowned multinational e-commerce company in a civil lawsuit involving the company’s hacking incident 
  • Representing a multinational insurance company in a criminal investigation involving claims of personal information protection violations
  • Representing a major Korean oil refinery in a criminal investigation involving its personal data leakage 
  • Advising a major Korean payment gateway service provider during a personal information-related criminal investigation 
  • Advising a global game company during a personal information-related criminal investigation
  • Representing facilities-based telecommunications service providers, loan companies and others before the KCC on personal data regulation procedures
  • Advising major internet service providers on measures to take in response to the sanctions imposed by the KCC for the misuse of personal information 
  • Representing a major Korean wireless carrier in criminal investigations regarding security breaches and misuse of subscriber information 
  • Advising a prominent Korean online game company on measures to take in response to the KCC’s investigation into the company’s hacking incident 
  • Representing a major Korean wireless carrier in a civil lawsuit involving a data breach
  • Representing a global electronics manufacturer in a civil lawsuit involving the hacking of personal information from its employment website 
  • Providing strategic advice to a multinational company on measures to take in response to a lawsuit regarding the company’s massive data breach 
  • Advising a major Korean game company on measures to take in response to its data breach
  • Representing major internet service providers on civil lawsuits stemming from the internet crisis 

Advisory Services on Financial Companies’ Processing of Personal (Credit) Information Processing 
  • Advising a credit information processing company involved in the credit card companies’ data breach on how to respond effectively to investigations conducted by the relevant regulatory agencies 
  • Advising a life insurance company on the scope of use of customer information among departments within the company and the limitations on using such information for marketing purposes, etc. 
  • Advising a credit rating company on whether the Personal Information Protection Act was applicable to its investigation into services provided by financial institutions
  • Advising a securities company in connection with the use/misuse of customer information, personal credit information, financial information and undisclosed information 
  • Reviewing the legality of a loan company’s loan brokerage services and provision of personal information 
  • Advising an investment advisory company on the use of client personal information 
  • Advising a fire insurance company and its affiliates on outsourcing IT work and personal information processing tasks 
  • Advising a benefit association on the provision and use of personal information 
  • Advising a capital management company on issues relating to personal information protection and credit information 
  • Advising a bank on the methods of obtaining consent for the provision and processing of individual identifying information 

Personal (Credit) Information Compliance (Consulting) Projects
  • Advising Woori Financial Group (Korea’s first financial holding company having the largest financial business group in Korea) in its IT Security Compliance Project – e.g., the first and biggest project for due diligence and IT security improvement for financial institutions in Korea
  • Conducting comprehensive information protection and security compliance projects for German-based global automobile financial service companies and a US-based marketing research company
  • Conducting a personal information compliance project for a major loan company
  • Conducting a personal data protection compliance project for the National Election Commission 
  • Reviewing and amending privacy policies and consent forms pursuant to statutory requirements 

Advisory Services on the Personal (Credit) Data Processing and Security 
  • Advising major players in the broadcasting and media industry of cloud-based services, so-called OSMD (“one source to multiple devices”) services 
  • Advising a major multi-national company on strategies/measures to take in response to litigation caused by a large-scale security breach
  • Advising a global investment bank on the protection of personal information and financial data
  • Advising several global online game companies on personal information protection
  • Advising global companies on their processing of personal information of employees
  • Providing comprehensive legal advice on cyber security issues to a global IT equipment company
  • Advising a global IT company on data protection and privacy issues in connection with its establishment of a data center
  • Advising a major global fashion company, a consulting firm, and an internationally accredited testing organization on their processing of personal data
  • Advising a global eBook company on privacy matters related to its launching of services in Korea 
  • Providing comprehensive advice to a major Korean airline and the world’s largest media research company on privacy and data protection issues
  • Advising network operators, home shopping channels, and SNS providers on privacy and data protection issues related to their businesses and products
  • Advising pharmaceutical companies, etc. on their obligations and liabilities relating to personal/biometric data processing and outsourcing 
  • Advising hotel chains and other multi-national companies on their whistleblower and employee monitoring systems and privacy issues
  • Advising foreign research companies on e-discovery issues
  • Advising a global smart device manufacturer and a software manufacturer on operating app stores 
  • Advised companies on the provision of personal information to legal enforcement agencies such as investigating authorities and tax offices
  • Advising various global law firms representing multi-national companies on the data protection laws of Korea

Advisory Services on the Transfer of Personal Information in Transactional Cases 
  • Advising eMart on the transfer of personal member information following its spin-off from Shinsegae 
  • Advising SK Planet on the transfer of personal member information following its spin-off from SK Telecom 
  • Advising Kyobo Life Insurance on the transfer of personal member data following its split-off

Other representative work 
  • Providing NIA with an analysis on the feasibility of implementing cross-border data transfer systems (e.g., CBPR) used by the EU and APEC (2013)
  • Participating in government research groups involved in the legislation of big data personal information protection guidelines and the right to be forgotten
  • Publishing Korean privacy regulations on foreign websites with personal information databases
  • Speaking at international privacy conferences sponsored by organizations such as the IAPP (International Association of Privacy Professionals) 
  • Holding seminars, lectures, presentations for IT companies, foreign and domestic financial institutions, etc.
READ MORE
Key Contacts
Recent Developments