Lee & Ko's Data Protection & Cybersecurity (“DPC”) Practice Group has a strong track record of providing quality advisory and consulting services in the field of data protection and privacy. Whether responding to a data breach or advising on compliance with privacy regulations, our seasoned attorneys can effectively assist our clients on all matters involving privacy and data rights. In response to the heighted importance of personal information protection at the corporate management level and the surge in large-scale data breaches, Lee & Ko established its DPC Practice Group in the late 2000s to meet the increased demand of our clients with respect to issues of data protection and personal information security.

Because personal information leakages typically lead to multiple legal consequences including civil lawsuits and investigations conducted by regulatory authorities such as the Korea Communications Commission, clients often look for a firm that can provide one-stop services. Lee & Ko's DPC Practice Group is comprised of some of the best privacy experts in the industry that are well-versed in the DPC field and up-to-date on regulatory trends, including attorneys with previous experience as judges or prosecutors who specialized in handling personal information cases. We provide tailored, on-point legal advice based on years of experience, an in-depth understanding of the DPC field, and comprehensive analysis of various regulatory issues. Our DPC Practice Group has represented clients in hacking/data breach lawsuits, advised clients on responding to investigations and sanctions imposed by concerned regulatory authorities such as the KCC and other governmental authorities, conducted data compliance projects, and provided comprehensive advice on the application of various personal information-related laws to companies in the ICT, finance, and medical industries.

Keeping abreast with new, rapidly-changing trends in the DPC sector, we always seek to provide insightful guidance to our clients as well as a full spectrum of legal services that minimize the legal risks faced by our clients.

Expertise

Counseling & Compliance

As more and more companies conduct their businesses online and provide services via mobile and IT platforms, personal information security has also become increasingly important. In particular, as data breaches and their ensuing consequences have become a grave area of concern for many, the regulatory authorities have tightened their oversight and regulation of personal information processing.

Lee & Ko's DPC Practice Group provides a wide array of advisory services, including counseling on personal information protection, information security, personal information protection compliance projects, data breaches (hacking incidents), and the establishment of information security policies. In doing so, we help our clients preemptively manage the risks associated with the processing of personal information. Following the massive data breach of 3 major credit card companies that occurred in January 2014, our DPC Practice Group has launched a new program for companies for the purpose of providing clients with advanced consulting services on various stages of personal information compliance projects. In addition, our DPC lawyers and professionals provide tailored compliance advice based on their individual needs, including assistance with personal information protection level (PIPL) certification.

DPC Litigation and Dispute Resolution

Lee & Ko's DPC Practice Group has successfully represented clients in civil/criminal lawsuits and administrative proceedings involving data breaches and the unlawful use of personal information. Within the group are a number of DPC litigators and advisors who have substantial experience handling cases involving large-scale hacking incidents and personal information leakages occurring both within Korean and globally. Our dedicated team of DPC attorneys works closely with clients to obtain favorable outcomes, whether doing so involves negotiating settlements, obtaining dismissals, or litigating cases through the various stages of trial.

Protection of Personal Information relating to Convergent/New Services

Lee & Ko's DPC Practice Group draws on its extensive market knowledge to provide professional and effective legal insight to both clients and government agencies regarding privacy/data security issues surrounding cloud computing, smart devices, location-based services, wearable devices, big data, Internet of Things, and U-Health, among others. In addition, we endeavor to identify the legal challenges presented by an increasingly interconnected and ever-changing world to deliver practical, up-to-date counsel that fits the needs of our clients.

Processing of Personal Information in Transactional Cases

Due to the increasing significance of personal information in the efficient management of a company, the issue of how a company can continue to retain and use the personal information retained by the target company often becomes a major issue in cases of acquisitions, mergers, spin-offs, and business transfers.
Our DDP Practice Group has extensive experience analyzing and addressing a wide range of regulatory issues that may arise in the process of transferring personal information from one entity to another as a result of an M&A, spin-off, or business transfer. We have also experience communicating with the relevant regulatory agencies to ensure that the transaction is carried out without issue. Based on such experience, Lee & Ko's DPC Practice Group provides our clients with effective advice that allows them to maximize their business interests.

READ MORE

Major Cases

Incident Response & Related Litigation

Advising and representing companies involved in the credit card companies’ data breach in civil lawsuits and against sanctions imposed by the financial regulatory authorities
Advising a global media and videogame company on measures to take in response to its game console hacking incident
Representing a major Korean personal information online marketing agency in its administrative lawsuit
Representing Korea’s largest wireless carrier in a criminal investigation for security breaches and misuse of subscriber information
Advising a renowned multinational e-commerce company in a civil lawsuit involving the company’s hacking incident
Representing a multinational insurance company in a criminal investigation involving claims of personal information protection violations
Representing a major Korean oil refinery in a criminal investigation involving its personal data leakage
Advising a major Korean payment gateway service provider during a personal information-related criminal investigation
Advising a global game company during a personal information-related criminal investigation
Representing facilities-based telecommunications service providers, loan companies and others before the KCC on personal data regulation procedures
Advising major internet service providers on measures to take in response to the sanctions imposed by the KCC for the misuse of personal information
Representing a major Korean wireless carrier in criminal investigations regarding security breaches and misuse of subscriber information
Advising a prominent Korean online game company on measures to take in response to the KCC’s investigation into the company’s hacking incident
Representing a major Korean wireless carrier in a civil lawsuit involving a data breach
Representing a global electronics manufacturer in a civil lawsuit involving the hacking of personal information from its employment website
Providing strategic advice to a multinational company on measures to take in response to a lawsuit regarding the company’s massive data breach
Advising a major Korean game company on measures to take in response to its data breach
Representing major internet service providers on civil lawsuits stemming from the internet crisis

Advisory Services on Financial Companies’ Processing of Personal (Credit) Information Processing

Advising a credit information processing company involved in the credit card companies’ data breach on how to respond effectively to investigations conducted by the relevant regulatory agencies
Advising a life insurance company on the scope of use of customer information among departments within the company and the limitations on using such information for marketing purposes, etc.
Advising a credit rating company on whether the Personal Information Protection Act was applicable to its investigation into services provided by financial institutions
Advising a securities company in connection with the use/misuse of customer information, personal credit information, financial information and undisclosed information
Reviewing the legality of a loan company’s loan brokerage services and provision of personal information
Advising an investment advisory company on the use of client personal information
Advising a fire insurance company and its affiliates on outsourcing IT work and personal information processing tasks
Advising a benefit association on the provision and use of personal information
Advising a capital management company on issues relating to personal information protection and credit information
Advising a bank on the methods of obtaining consent for the provision and processing of individual identifying information

Personal (Credit) Information Compliance (Consulting) Projects

Advising Woori Financial Group (Korea’s first financial holding company having the largest financial business group in Korea) in its IT Security Compliance Project – e.g., the first and biggest project for due diligence and IT security improvement for financial institutions in Korea
Conducting comprehensive information protection and security compliance projects for German-based global automobile financial service companies and a US-based marketing research company
Conducting a personal information compliance project for a major loan company
Conducting a personal data protection compliance project for the National Election Commission
Reviewing and amending privacy policies and consent forms pursuant to statutory requirements

Advisory Services on the Personal (Credit) Data Processing and Security

Advising major players in the broadcasting and media industry of cloud-based services, so-called OSMD (“one source to multiple devices”) services
Advising a major multi-national company on strategies/measures to take in response to litigation caused by a large-scale security breach
Advising a global investment bank on the protection of personal information and financial data
Advising several global online game companies on personal information protection
Advising global companies on their processing of personal information of employees
Providing comprehensive legal advice on cyber security issues to a global IT equipment company
Advising a global IT company on data protection and privacy issues in connection with its establishment of a data center
Advising a major global fashion company, a consulting firm, and an internationally accredited testing organization on their processing of personal data
Advising a global eBook company on privacy matters related to its launching of services in Korea
Providing comprehensive advice to a major Korean airline and the world’s largest media research company on privacy and data protection issues
Advising network operators, home shopping channels, and SNS providers on privacy and data protection issues related to their businesses and products
Advising pharmaceutical companies, etc. on their obligations and liabilities relating to personal/biometric data processing and outsourcing
Advising hotel chains and other multi-national companies on their whistleblower and employee monitoring systems and privacy issues
Advising foreign research companies on e-discovery issues
Advising a global smart device manufacturer and a software manufacturer on operating app stores
Advised companies on the provision of personal information to legal enforcement agencies such as investigating authorities and tax offices
Advising various global law firms representing multi-national companies on the data protection laws of Korea

Advisory Services on the Transfer of Personal Information in Transactional Cases

Advising eMart on the transfer of personal member information following its spin-off from Shinsegae
Advising SK Planet on the transfer of personal member information following its spin-off from SK Telecom
Advising Kyobo Life Insurance on the transfer of personal member data following its split-off

Other representative work

Providing NIA with an analysis on the feasibility of implementing cross-border data transfer systems (e.g., CBPR) used by the EU and APEC (2013)
Participating in government research groups involved in the legislation of big data personal information protection guidelines and the right to be forgotten
Publishing Korean privacy regulations on foreign websites with personal information databases
Speaking at international privacy conferences sponsored by organizations such as the IAPP (International Association of Privacy Professionals)
Holding seminars, lectures, presentations for IT companies, foreign and domestic financial institutions, etc.