1. Reason for proposal

As Article 13(2) and Article 41(1)1 (Act No. 18200, enforcement on June 8, 2021) of the Act on the Promotion of Information Security Industry are established so that the enterprises exceeding a certain scale bear the liability to disclose information on security to protect the privacy of data on users and, in the case of no disclosure, fines for negligence not exceeding KRW 10 million shall be imposed, it is intended to improve the Enforcement Decree in order to prescribe the matters delegated by the Act and the matters constituting for its enforcement.

2. Main content

A. Establishment of the range and standard on the subjects for imposition of liability for information disclosure on security (Article 8(2) of draft)

ㅇ The subjects for imposition of liability for information disclosure on security are determined as corporations having KRW 50 billion of sales or more in previous year (previous fiscal year) among the corporations listed on securities exchanges or KOSDAQ.

B. Establishment of the period for information disclosure on security (Article 8.5 of draft)

ㅇ Data submission period is decided for systematic operation and management of system for information disclosure on security and timely disclosure of information on security incidences.

C. Other revised matters (Article 8(3), 8(4), and 8(6) of draft)

ㅇ Sentences and terms are corrected to reflect revised matters in related acts.