|
|
|
|
|
|
|
Newsletter | August 2015, Issue 2
|
|
|
|
|
|
|
|
|
|
|
TECHNOLOGY, MEDIA & TELECOMMUNICATIONS
|
|
|
|
|
National Assembly Passes the Cloud Computing Act
|
|
|
|
On March 3, 2015, the Korean National Assembly passed the Act on Promotion of Cloud Computing and Protection of Users (the “Cloud Computing Act”), which will go into effect on September 28, 2015.
|
|
|
|
The Korean government, led by the Ministry of Science, ICT, and Future Planning (“MSIP”), promoted this statute based on its awareness that, despite cloud computing’s potential as a rapid growth industry, the cloud computing infrastructure in Korea has been meager and the introduction of cloud computing services in Korea has been anemic.
|
|
|
|
The Cloud Computing Act is to provide grounds for governmental support in promoting cloud computing in Korea, and for modifying existing regulations to remove barriers to the development of the cloud computing industry, while creating a safe environment for users of cloud computing services.
|
|
|
|
The main provisions of the Cloud Computing Act are:
|
|
|
|
Promoting introduction of cloud computing services by governmental institutions
|
|
|
|
National and local agencies and public institutions must:
|
|
|
|
make efforts to introduce cloud computing services;
|
|
|
prioritize the introduction of cloud computing in making appropriations for the national information infrastructure policy; and
|
|
|
make efforts for public institutions to utilize cloud computing services offered by cloud computing service providers in the course of their duty.
|
|
|
|
|
Fulfillment of legal requirements regarding “IT facilities”
|
|
|
|
If another law requires “IT facilities” for issuance of a permit or license, use of cloud computing services may be considered an “IT facility” that meets the requirement.
|
|
|
|
Notification of security incidents
|
|
|
|
Cloud computing service providers must notify users of any security incident, user data breach, or service discontinuance.
|
|
|
|
In the case of user data breach, service providers must also notify the MSIP, which may impose measures to mitigate the potential harm and recurrence of such breaches.
|
|
|
|
Disclosure of information regarding user protection
|
|
|
|
Users may ask cloud computing service providers in which country the user’s information is being stored.
|
|
|
|
Also, if deemed necessary by the MSIP for user protection, the MSIP may advise cloud computing service providers to publicly disclose that information.
|
|
|
|
The MSIP is currently collecting comments on its draft Enforcement Decree to the Cloud Computing Act. The draft is to be finalized before the Cloud Computing Act becomes effective on September 28, 2015.
|
|
|
|
|
|
Back to Main Page
|
|
|
|
|
|
If you have any questions regarding this article, please contact below:
|
|
|
|
|
|
|
|
For more information, please visit our website:
|
|
|
|
|
|
|
|