Information and Communications Network Act Compliance: Key Contents and Checkpoints of the Revised Information and Communications Network Act
Article posted in 2024-10-02 20:31:57 | VEAT
On July 14, 2024, and amended on August 14, the 「Act on Promotion of Information and Communications Network Utilization and Information Protection, etc.」 (hereinafter referred to as the “Information and Communications Network Act”) came into effect, bringing significant changes to startups and small businesses.
With the strengthened information protection regulations and new certification systems introduced through this amendment, startups need to properly understand and comply with them. Especially, it provides opportunities for startups to prevent legal risks and promote stable growth by clearly presenting various legal standards required for business operations, such as personal information protection, illegal spam countermeasures, and simplification of information protection certification.
If startups understand and apply these amendment details well, they can establish a better information protection system and increase customer trust. Furthermore, strengthened spam prevention measures and simplified certification systems will contribute to increasing business efficiency and reducing costs associated with legal compliance.
This article will examine the key contents of the amendment to the Information and Communications Network Act and guide startups and small businesses on the benefits and utilization methods they can obtain.
---
1. Improvement of Illegal Spam Countermeasures System
The amended Information and Communications Network Act, aimed at solving the problem of illegal spam, requires separate consent to be obtained when transmitting advertising information during nighttime hours (9:00 PM to 6:00 AM), and the results must be notified to users (Article 50, Paragraph 1, Subparagraph 1). Additionally, information and communications service providers must take measures such as service improvement to prevent illegal transmission of commercial advertising information (Article 50, Subparagraph 4).
2. Introduction of ISMS Simplified Certification System
The amended Information and Communications Network Act introduces a simplified certification system for small businesses and certain conditions-meeting small businesses, based on the 「Small Business Basic Act,” compared to the existing Information Security Management System (ISMS) certification (Article 10, Subparagraph 1).
3. Mandatory Measures to Secure Safety of CI (Linked Information)
CI (Linked Information) is important information used in the verification process. The amended Information and Communications Network Act imposes an obligation on verification agencies to take physical, technical, and administrative measures to ensure the safety of CI when creating or processing it (Article 35, Subparagraph 1). Additionally, institutions receiving linked information must use it only within the scope of the purpose for which they received it, and must follow strict security standards, including separating it from resident registration numbers.
4. Introduction of Order and Inspection System for Actions in Case of Security Incident
The amendment to the Information and Communications Network Act introduces a system whereby the Minister of Science, ICT, and Future Planning can order information and communications service providers to take measures against security incidents when they occur (Article 18, Subparagraph 1). Furthermore, compliance with the order can be checked, and correction orders can be issued if necessary. The amount of fines that can occur for failing to report a security incident or failing to respond to it promptly has been increased.
---
Law firm Veat is a leading firm that is at the forefront of solving complex legal problems faced by companies based on outstanding expertise in the IT and information and communications fields. In particular, it provides in-depth analysis and practical legal advice on personal information protection and information security regulations that companies must comply with according to the amended Information and Communications Network Act.
Veat’s personal information protection team is composed of engineering majors, IT specialist lawyers, and provides optimized legal advice based on a wide range of understanding of both technology and law. In particular, it understands the complexity of business models utilizing information and communications, thoroughly analyzes the personal information processing process of each company and the correlation with the amended law, and supports companies to minimize legal risks.
Law firm Veat also has a successful track record in various information security-related advisory services and civil and criminal lawsuits. So far, it has provided comprehensive legal services, such as on-site inspection response, audit preparation, certification, and consulting, to many companies so that they can prepare for legal problems. In particular, it provides strategic legal advice that identifies regulatory requirements of the supervising agency through law and policy analysis, and allows companies to maximize business efficiency while complying with legal obligations.
Thank you.
Law firm Veat