Apparently a popular heart medication in the US may have been tainted with carcinogenic chemicals, prompting numerous lawsuits in the US , not only against the manufacturer but distributors as well.

This can certainly result in class action lawsuits worth billions of dollars. Much of these losses could have been avoided if the proper risk management processes were in place and properly implemented. Some of the processes include:

Safety Protocols

Heart medication containing possible carcinogenic chemicals shows a complete collapse of safety protocols. Any manufacturer - and especially a drug manufacturer - should have very strict safety/manufacturing protocols in place. If the protocols were in place but not followed – why?  Who was in charge of reviewing safety protocols?

Due Diligence

For sellers of products, it pays to have vendors checked out. Do they follow the same safety processes that the Seller has in place?  Were inspections of the vendor’s facilities conducted? What reports if any were reviewed? Any Seller of a product that has a high safety risk factor must conduct due diligence on its suppliers to avoid potential manufacturing risks, especially legal risks.

Putting in the right risk management processes in the beginning can help minimize the legal risk a company will face.

Korea’s cryptocurrency environment still remains cloudy as ever. Although the Korean government has taken steps to regulate the use and sale of cryptocurrency by proposing six bills in the National Assembly, it remains to be seen which regulations will finally be implemented. The proposed bills, though all different, contain several common threads such as clauses to protect users and clauses that prohibit money laundering, market manipulation as well as the use of nonpublic information.

In 2018 Korean regulators backtracked on the original threat to ban cryptocurrency trading and now even support it to a certain extent. As one of the most active countries in the cryptocurrency world, with over 3 million citizens trading cryptocurrency on a regular basis, Korea suddenly left its anti-cryptocurrency stance and announced regulations on the use of cryptocurrency. It also blocked some individuals from trading.

It should be noted that cryptocurrency, once touted as digital cash, has run into many regulatory hurdles as governments refuse to categorize it as a financial asset, let alone as a currency. Plagued with illegal uses such as money laundering, drug sales, and terrorism funding, cryptocurrencies such as Bitcoin are facing more and more government regulations designed to curb illegal uses. Korea has hopped onto that wagon, but the future of cryptocurrency in Korea still remains murky.

Picking a law firm in Korea has been the topic of a number of articles and books. In Chapter 30 of his book, Doing Business in Korea, Tom Coyner describes the trials and tribulations of picking the right law firm in Korea. He opines that some (if not many) domestic and international lawyers are commercially incompetent, as many Korean attorneys fail to appreciate the commercial context in which they offer counsel. In his Korean Law Blog, Sean Hayes has also written about the importance of selecting a commercially competent lawyer when looking for counsel in Korea.

Failure of appreciating or understanding the commercial environment in which one operates is not unique to Korean lawyers. I’ve witnessed firsthand lawyers in other jurisdictions, including the US, act as if they were giving legal advice inside a vacuum. However, I firmly believe that Korean law schools which, until recently, failed to emphasize the commercial/international nature of legal practice in Korea, are partly to blame. As Korea’s economy is primarily export driven, the legal market is less competitive than in other jurisdictions in Asia, such as Hong Kong and Singapore, which are known for producing internationally focused lawyers schooled in common law.

Be that as it may, picking the right law firm in Korea is like picking a law firm in other jurisdictions. It is up to the manager or in-house counsel to meet with Korean lawyers and determine if they are a good fit. One should ask plenty of questions, get referrals, and look at trade journals and publications to get an idea of which firms are known for their international expertise.

Remember, in Korea, be particularly careful as only a handful of firms dominate the legal market.  

I will blog more on picking law firms and law firm management in the future.

 

South Korea has taken data protection very seriously and has implemented a general data protection law: the Personal Information Protection Act, PIPA. Amended in 2016, PIPA places strict requirements on data privacy in sectors such as IT networks, credit card information, cloud computing, and online advertising.

The 2016 amendments were in response to the 2014 credit card scandal when three major credit card companies faced a massive data breach. Korean data privacy laws, as well as regulations and guidelines, have all been tightened in an attempt to prevent a reoccurrence of such a scandal. There will always be a risk of unauthorized access to data unless companies and governmental agencies implement and continuously update risk management processes. There have been many changes to Korea’s main data privacy law, PIPA, as well as to specific industry-related data privacy laws and regulations over the last few years. Some are listed below.

PIPA

  1. Collection of information: information and communications service providers, ICSPs, are limited from collecting more than the absolute minimum level of privacy-related information from users, regardless of whether they obtain the user's consent or not.
  2. Report of Data Breach: there is a 24-hour deadline in reporting a data breach to the Korea Communications Commission (KCC).
  3. Increased Administrative Penalties: administrative penalties for the collection or processing of personal information without the user's consent have been increased. The penalty has now increased to 3% of annual turnover.
  4. Chief Privacy Officer: ICSPs who meet certain criteria are required to designate a Chief Privacy Officer (CPO) and report such designation to the Ministry of Science, ICT & Future Planning.

Cloud Computing

  1. The 2015 Cloud Computing Act specifically identifies personal data and seeks to protect it. The Cloud Computing Act stipulates that PIPA applies with respect to protecting data of users of cloud computing services.
  2. Cloud computing service providers (CCSPs) are required to notify users of any cybersecurity incident, cloud data leakages, and service interruptions. They must also notify the Ministry of Science, ICT & Future Planning if cloud data is leaked.

Act on Promotion and Communications Network Utilization and Information Protection

  1. The Network Act was amended to provide that any ICSP must obtain prior informed consent from the user if it needs to access certain data stored on a user’s smartphone.
  2. Furthermore, an ICSP may not refuse to provide smartphone services to the user based on the user’s refusal to provide consent to the ICSP to access its data.
  3. If the CPO of an ICSP becomes aware of a violation of the data protection/privacy laws or regulations, the CPO must take steps to remedy the situation and also report the violation.

Online Behavioral Advertising Guidelines

  1. On February 7, 2017, the Korean Communications Commission (KCC) set forth guidelines on privacy and online behavioral advertising to promote a healthy advertising ecosystem by minimizing the risk of privacy invasion users might experience as a result of being targeted by online advertisers. The guidelines have taken effect in July 2017.
  2. The guidelines contain a number of requirements including (i) transparency in the collection and use of online behavioral data of the users, (ii) guaranteed right to control exposure to online targeted ads, (iii) guaranteed security of online behavioral data by online advertisers, and (iv) strengthened mechanisms giving users the right of redress.

It is clear that the regulatory trend for data protection in Korea focuses on increased accountability for the collection, storage, and use of personal information and data. Basically, stricter requirements have been placed on financial institutions and credit card companies. Compliance with PIPA and other regulations will become very important as more and more penalties and fines are levied against those who fail to comply. Other countries in Asia are also increasing or strengthening data protection laws, but that topic requires another blog down the road.

 

For those doing business in Korea or wanting to do business in Korea, it helps to have an understanding of the local antitrust laws and regulations. To begin with, the Korean antitrust regime is governed by the Monopoly Regulations and Fair Trade Act (MRFTA) of 1981. Like in the US and other jurisdictions, the MRFTA‘s goal is to promote free and fair competition. Currently, the MRFTA is used as a tool to curb the monopolistic behavior of Korean multinationals (Chaebols) and to help accelerate good corporate governance. Currently, Korea is using the MRFTA to help establish a “level playing field” for businesses.  

Main features of MRFTA

The main features of the MRFTA are as follows:

Why Implement an Audit?

Currently, the KFTC is planning to take strong initiatives in order to strengthen its enforcement capacity under the MRFTA. It plans on increasing its regulations concerning cartels, review of supplier-distributorship issues, abuse of dominance penalties, and review of superior bargaining issues and concerns. Therefore, it is recommended that companies conduct a more thorough antitrust compliance audit.

Remember: companies should implement a comprehensive audit in order to cover all antitrust issues in Korea because of:

I will be blogging more about this in the future.

Like directors in the US and elsewhere, directors in Korean companies have fiduciary-related duties. Such duties are set forth in the Korean Commercial Code and include:

Duty of Care

In Korea, if a director violates the duty of care as a good manager (including the duty to faithfully perform in the company’s best interest) he or she may be held liable to the company or even to third parties and could be required to pay damages. Under Article 382-3 of the Korean Commercial Code, a director’s duty of care and good faith encompasses a number of duties including the:

Criminal Liability

A director may even be subject to criminal liability as well as civil liability upon the negligent failure of fulfilling the obligation of care. In Korea, directors have usually been prosecuted for negligence involving financial issues of the company. A failure to protect a company’s assets by refusing to obtain the requisite insurance or agreeing to contracts that put the company in jeopardy (without seeking legal advice, etc)  can definitely lead to prosecution. Liability may be found in other instances when the director fails to fulfill the duty of care and loyalty by:

A director needs to proceed with caution and acknowledge the fiduciary duties that he or she has agreed to by becoming a director in the first place.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram