Like some of its neighbors in Asia, South Korea has taken data protection very seriously and has implemented a general data protection law- the Personal Information Protection Act or “PIPA”. It first amended the PIPA in 2016 by adding additional regulations and requirements. Unlike some of its neighbors however, South Korea has also enacted other laws over the last 2 years that place strict requirements on data privacy in other sectors such as IT Networks, credit card information, cloud computing and online advertising. Recently, additional major amendments to PIPA were passed by the National Assembly of Korea because of Big Data /AI /IoT concerns.
The amendments to the PIPA that have been adopted include: (i) clarification of the definition of “personal information,” (ii) the introduction of pseudonymized information and the permitted use of pseudonymized information for research and statistical purposes without the data subject’s consent, (iii) the introduction of compatibility, (iv) the transfer of the Network Act’s personal information-related provisions to the PIPA and (v) elevation of the Personal Information Protection Commission’s (“PIPC’s”) status to a central administrative agency responsible for the enforcement of the PIPA. A short summary follows:
1. Key Provisions of the Amended PIPA
(1) Clarification of the definition of “personal information”
As is the case under the current PIPA, the definition of “personal information” under the amended PIPA continues to include “information that can be easily combined with any other information to identify a specific individual.” The amended PIPA provides clearer direction on what this means, by stipulating the criteria for determining whether certain information can be “easily combined with any other information to identify a specific individual.
(2) Introduction of “pseudonymized information”
The amended PIPA introduces the concept of “pseudonymized information,” which means “information which, through the process of pseudonymization, may no longer be used to identify a specific individual without using or combining additional information to restore the information to its original state.”
The amendment stipulates the principles governing the pseudonymization methods in the PIPA itself, rather than delegating the authority to the President to determine such methods in the Presidential Decree. Therefore, data handlers are advised to continue monitoring the position of the pertinent regulators, including any guidelines to be issued by them, and see how the principles stipulated in the amended PIPA are applied in practice going forward.
(3) Use of personal information within the scope reasonably related to the original purpose of the collection
The amended PIPA allows data handlers to use or provide personal information within the scope reasonably related to the original purpose of the collection without the consent of the data subject. The amended PIPA has relaxed the existing consent-oriented regulations which have been subject to continued criticism for being excessively formalistic and stringent, and adopted the purpose limitation principle of the GDPR, which allows the use of personal information for purposes that are not incompatible with the purpose of initial collection.
(4) Exclusion of anonymized information from the application of the PIPA.
The amended PIPA explicitly provides that any information which cannot be used to identify a specific individual even if the information is combined with any other information, after reasonably considering factors such as time, cost, technology (“Anonymized Information”), is not subject to the provisions of the PIPA.
(5) Transfer of the Network Act’s personal information-related provisions to the PIPA.
The amended PIPA includes a new chapter on the “Special Provisions for the Processing of Personal Information by Information and Communications Service Providers and Recipients of Personal Information (collectively, the “ICSPs”)” (“Special Provisions”), which basically consists of the Network Act’s provisions relating to personal information protection that are not in harmony with those set forth in the PIPA.
.
(6) Consent no longer required for an ICSP’s outsourcing of data processing to a third party.
Under Article 25 of the current Network Act, an ICSP who wishes to outsource the processing of personal information to a third party (“Outsourcing”) is obligated, in principle, to obtain the data subject’s (i.e., user’s) consent. However, this provision was not transferred to the amended PIPA as part of the Special Provisions, and thus the PIPA’s provisions on Outsourcing will now apply to an ICSP who wishes to engage in Outsourcing. Under the current PIPA, the data subject’s consent is not required for Outsourcing.
The new amendments to PIPA are meaningful in that they help provide clearer guidance to data handlers on what constitutes the lawful processing of personal information as well as setting forth standards for the secure processing of personal information. It is expected that the amended PIPA is expected to go into effect 6 months from its promulgation date, and the amendment of the PIPA’s implementing regulations shall take place in the upcoming months.
Management of litigation, like management of most business processes, begins with a business plan and a budget. In this case, prior to trial, when a company seeks an appropriate law firm to represent it, it needs an acceptable litigation plan and budget. Law firms many times will try to push back on the request of a budget, claiming legal costs are hard to predict. This, of course, is not the case. Experienced lawyers, whether in the United States, Europe, or Asia, are very familiar with the legal costs in their own geographic region as well as costs and expenses associated with the particular issue, such as patent litigation or class actions. Certain costs may be hard to quantify, such as defense litigation costs (which may depend on how aggressive a plaintiff is in trial), but for the most part, law firms can provide a litigation plan and budget using approximate or ballpark figures.
Effective management of litigation and therefore outside legal spend will depend on a well-prepared litigation plan and budget. This, in turn, depends on the proper identification of potential litigation issues and a plan for potentially adversarial proceedings. Questions that should be asked when discussing the plan and budget with outside counsel include:
Is this matter an actual or potentially adversarial proceeding?
Will this matter result in potential commercial litigation?
Will this matter result in potential regulatory litigation?
Will this matter lead to governmental litigation?
Kinds of Actions
An accurate litigation plan and budget will depend on the nature of the proceeding or legal matter at hand. Such matters can be classified as follows:
Commercial litigation
• Antitrust and trade disputes
• Bankruptcy and creditor actions
• Class actions (product liability, etc.)
• Labor and employment
•
Regulatory proceedings
• Governmental inquiry/informal visit
• Investigations
• Subpoenas
• Government enforcement proceedings
• Administrative tribunals
• Internal corporate investigations
Certain costs will be associated with the nature of the dispute. For instance, commercial litigation costs will be dictated by the cost of discovery, including: depositions, interrogatories, production of documents and things, and physical examinations, etc. Costs involved with regulatory proceedings will involve governmental investigations and internal corporate investigations and perhaps parallel proceedings, criminal as well as civil litigation.
Litigation Management Tools
Litigation management depends upon the in-house legal team or risk manager actively assessing and managing litigation by using an effective litigation management process. The litigation management process should utilize management processes as well as LRM tools.
For a corporation to effectively manage litigation, management needs to understand its role as litigation manager. If it hands over the entire litigation management process to the outside firm representing it, the costs will, of course, substantially increase! The law firm must be managed! The risk manager, corporate manager, or in-house lawyer (General Counsel, etc.) must understand his or her role as a litigation manager. That includes use of management functions and LRM tools.
Management functions
• Effective coordination of legal defense efforts to avoid duplication of costs
• Coordination of use of witness and discovery
• Serve as the central site for all facts, positions, and decisions in legal issues
• Development and implementation of a defense plan
• Internal assessment of facts
• Point of contact for regulators
•
LRM tools
• Litigation budget
• Coordination of documents
• Use of employee interviews
• Insurance
• Use of defense plan
• Early case assessment
• Alternative fees
• Outside billing guidelines
Only through the regular use of legal risk management tools can a company or organization effectively control its outside legal spend, especially when dealing with litigation.
Like directors in the US and elsewhere, directors in Korean companies have fiduciary related duties to protect and safe-guard the Company and the Company’s assets. Such duties are set forth in the Korean Commercial Code and include:
• Duty of Care as a prudent manager
• Duty of Confidentiality
• Fiduciary Duty-the Duty of Loyalty
In Korea, if a director violates the duty of care as a good manager (including the duty to faithfully perform in the Company’s best interest) he or she may be held liable to the company or even to third parties and could be required to pay damages. Under Article 382-3 of the Korean Commercial Code a director’s duty of care and good faith encompasses a number of duties including the:
• Duty to review the company’s activities
• Duty to review corporate information and documents
• Duty to protect a company’s assets
• Duty to supervise and oversee employees
• Duty to review all major filings with regulatory agencies
A director may even be subject to criminally liability as well as civil liability upon the negligent failure of fulfilling the obligation of care. Directors who violate the provisions of the Korean Commercial Code or the Company’s articles of incorporation may be held jointly and severally liable to the Company. This is true especially when the director’s actions are intentional, or are committed with gross negligence. Such liability may be found when the director fails to fulfill the duty of care and loyalty by:
• The intentional neglect or negligence in performing duties
• The failure to manage affairs as “an ordinary prudent person”
• Endangering company assets through gross negligence
• Engaging in a business that conflicts or competes with the Company
• Using a business opportunity that could benefit the Company for one’s own personal account or the account of a third party
Looking at the civil and common law aspects of the duty of care (Korean courts are trending towards the business judgment rule of the US) the following is true of directors in Korea today:
1. Directors must use reasonable care in protecting the Company’s assets
2. Directors must use reasonable care in providing a safe work place and work environment
3. Directors must use reasonable care when overseeing the Company’s activities
Remember, though serving as a director on the Board of a Korean company may sound exciting it comes with risk. There are restrictions as to what a director can or cannot do and if a director violates his or her fiduciary duty or duty of care, he or she is subject to legal action and even criminal liability.
Picking a law firm or the “right” law firm has been the topic of a number of articles and books. This is especially true in Korea. In Chapter 30 of his book, Doing Business in Korea, Tom Coyner describes the trials and tribulations of picking the right law firm in Korea. He opines that some domestic and international lawyers are commercially incompetent, as some Korean attorneys fail to appreciate the commercial context in which they offer counsel. In his Korean Law Blog, Sean Hayes has also written about the importance of selecting a commercially competent lawyer when looking for counsel in Korea as well.
Failure of appreciating or understanding the commercial environment in which one operates is not unique to Korean lawyers. I’ve witnessed firsthand lawyers in other jurisdictions, including the US, act as if they were giving legal advice inside a vacuum. However, I firmly believe that Korean law schools which, until recently, failed to emphasize the commercial/international nature of legal practice in Korea, are partly to blame. Until recently, the Korean legal market was less competitive than in other jurisdictions in Asia, such as Hong Kong and Singapore, which are known for producing internationally focused lawyers schooled in common law. However, as more and more Korean lawyers study and work abroad, the international/commercial abilities of younger Korean lawyers are increasing.
Be that as it may, picking the right law firm in Korea is like picking a law firm in other jurisdictions. It is up to the corporate manager or in-house counsel to meet with outside lawyers and determine if they are a good fit. One should ask plenty of questions, get referrals, and look at trade journals and publications to get an idea of which firms are known for their commercial and international expertise. For those interviewing prospective law firms or lawyers ask yourself the following questions:
- Do you get the feeling that the law firms you meet understand your business and industry?
- What law firms have represented companies with similar issues?
- Look at the website of the law firms you consider. What does the website say? Does it specialize in the areas you are concerned about?
- What does the local business community think about the firm or firms you look at?
- After meeting with a law firm are you impressed with its capabilities? Do you believe you trust the partners you met with?
A firm that grasps your business and industry is more likely to appreciate your business/legal issues and offer constructive advice. And of course, you should be comfortable with the lead attorney you met. So, it’s up to you to decide whether the firm is a good fit or not. Remember that selecting the right law firm for your legal issue or issues is the most important step in resolving the legal matters at hand
I am always asked by my younger colleagues how General Counsel or GCs pick law firms when deciding which law firms to use. Most GCs actually pick lawyers, not just law firms, when retaining outside counsel, but it is important that the law firm is also a firm the GC likes and respects. If the GC likes and respects the firm, the odds are that the law firm is the firm the General Counsel most likely will pick to handle a major problem or case.
Most GCs have over the years developed processes to select and use outside counsel on a consistent basis with a focus on quality, reasonable fees, and, of course, success. Such success is normally the result of a long-term relationship in which outside counsel becomes a member of the company’s “team,” learns the business, and can, therefore, provide timely legal and business advice. A General Counsel knows that it is vital to have a go to law firm that can handle major legal issues in an effective and efficient manner. So the General Counsel is always looking for the lawyer and the firm that can deliver for the company- i.e. add value. There are many firms vying for the GC’s business, but only a few that can really deliver for the GC.
In essence, more and more General Counsel are only looking for law firms that can add value and either help the in house law department add value or add value to the company’s bottom line. In today’s ultra- competitive legal marketplace, only the law firms that can add value are thriving. So how can a law firm position itself to add value and become the law firm of choice? Law firms know that when dealing with a company it is essential to meet the General Counsel (if the company has one) and develop a working relationship. But that is not enough. The days of becoming the go to law firm solely based on relationships are over. Having a good working relationship is of course also necessary. But it’s all about value add.
IT IS ALL ABOUT VALUE ADD
Here are 12 steps layers and law firms should take to become the firm that adds value-
1. Know the business! Understand the major issues facing the business? Take time to understand how the company works! One size does not fit all.
2. Develop a relationship with the GC! Go out and meet him or her. Call him or her on the phone. Communicate! Did I say communicate?
3. Meet the Assistant General Counsel as well and/or other senior lawyers on the team.
4. Be responsive- At All Times!
5. 24/7- is the new response time. Remember weekends are not off limits anymore.
6. Don’t create “busy work”. The GC knows what is important.
7. Work with the GC to fit in with the GC’s outside staffing guidelines
• Work with the GC to meet all billing guidelines
• Be flexible in billing arrangements
• Don’t overcharge or overspend
8. Responsiveness is important! Communicate any and all significant case developments!
9. GC’s love litigation plans and well drafted budgets. Provide them and don’t complain.
• It requires a well drafted pitch proposal to RFPs.
• What are the major issues in the litigation or matter?
• Be willing to follow the GC’s requested billing format (and stick to it).
10. Go the extra mile!! Do whatever it takes!
• Provide free services if requested
• Be willing to travel free of charge or be willing to drop everything for the client
• Always deliver
11. Learn how the organization works!!
• What are its A/R, billing, credit, accounting and procurement processes?
• What are the main business issues involving its manufacturing or services?
12. Don’t take the GC or company for granted – ever!
If a law firm can internalize these 12 steps it is well on its way to become the company’s firm of choice. The GO TO LAW FIRM! Remember, General Counsel for the most part are reasonable but at the end of the day they are looking for the firms that can stand up and deliver- or add value. If the firm is not willing to go the extra mile, it can’t expect the GC to think of it as the “Go to Law Firm”. Oddly enough, not that many law firms are really willing to do so. They may pay lip service to “adding value” but at the end of the day may not deliver as promised. This provides an opening for those firms that are willing to internalize the 12 steps I mentioned above and become the firm of choice.
In 2018, Korea amended its product liability law to allow among other things, punitive damages. These changes should be on the radar of every multinational manufacturer and supplier, selling or distributing products in Korea. A short summary of the changes is as follows:
1. Introduction of punitive damages
The current product liability law limits the claim for the damages to actual damages incurred and does not include punitive damages. The new amendment will provide for punitive damages (up to three times the actual damages or treble damages) if (i) the manufacturer knew about the defect of the product and failed to take necessary measures and (ii) the defect resulted in significant harm to a consumer’s life or body. The claimant has the burden of proving the fact that the manufacturer knew about the defect of the product and failed to take necessary measures.
2. Lessening of the claimant’s burden of proof
The amendment provides that if the claimant proves that (i) the claimant incurred damages while the product is used in the ordinary course of use, (ii) the damage was caused by a cause which is under de facto control of the manufacturer, and (iii) the damage does not customarily occur without the relevant defect of the product, it shall be presumed that the product was defective (existence of defect) and the damages are caused by the defect in the product (the causality between the defect and damages).
3. Shifting of the claimant’s burden of proof in case where the manufacturer is unknown
Under the current product liability law, in order for a claimant to seek compensation from the distributor in case where the manufacturer is unknown, the claimant had to prove that the distributor knew or could have known the manufacturer. Under the amended law, , if the manufacturer is unknown to the claimant, the claimant may seek compensation from the distributor regardless of whether the distributor knew or could have known the manufacturer.
Conclusion
With introduction of the punitive damages, manufacturers doing business in Korea should review their internal procedures regarding the handling of product defects. Distributors also should review processes on handling information on the manufacturers and distributors who supply the products. Companies are also advised to establish internal procedures for taking appropriate measures in case of consumer complaints in order to minimize product liability risks such as (i) immediate suspension of sales or recalls, or (ii) adding additional or appropriate warnings in the label for the product.
