Here is the article in markdown format:

Personal Information Protection Act (PIPA) in South Korea

The Personal Information Protection Act (PIPA) in South Korea is a comprehensive data protection law that applies to all types of personal information, including online and offline data. In this article, we will summarize the key aspects of PIPA.

Scope

• Broad Application: PIPA applies to all personal information (PI), regardless of whether it is collected online or offline.
• Extraterritorial Effect: The law has extraterritorial effect, meaning it applies to processing of PI by non-Korean entities that process the PI of Korean individuals.

Surveillance and Data Protection

• Surveillance Restrictions: Surveillance is restricted under the Protection of Communications Secrets Act, which prohibits wiretapping and interference with telecoms or electronic communications without consent.
• Additional Laws: Additional laws provide specific protections for individual credit data, medical records, and health-medical data.

Personal Information Formats

• Pseudonymized and Anonymized Data: PIPA applies to all categories and types of PI, including pseudonymised and anonymized data.

Compliance Requirements

• Local Representative Requirement: Offshore companies processing PI of one million or more Korean individuals must appoint a local representative as a point of contact for official inquiries and user complaints.
• Duties and Obligations: PIPA distinguishes between controllers (or handlers) and processors (entrustees) of PI, with different duties and obligations for each.

Key Takeaways

• PIPA is a comprehensive data protection law that applies to all types of personal information, including online and offline data.
• The law has extraterritorial effect, applying to non-Korean entities that process the PI of Korean individuals.
• There are specific laws and regulations governing credit data, medical records, and health-medical data.