Following the enforcement of the amended Personal Information Protection Act (the "PIPA") on August 5, 2020, the Personal Information Protection Commission (the "PIPC") on September 2, 2020 published the Guideline for Pseudonymization (the "Guideline"), which describes appropriate pseudonymization methods and standards for secure management of pseudonymized data. 

As previously announced, the amended PIPA officially introduced the concept of pseudonymized data and allowed data controllers to use pseudonymized data without obtaining additional consent of data subjects.  The Guideline breaks down pseudonymization into four steps and provides details on the security measures which must be complied with when processing pseudonymized data. 

Please find attached a summary of the main points in the Guideline. 

Please note that the Guideline does not include details on combining pseudonymized data from different data controllers via an expert organization or removing the combined pseudonymized data from the expert organization.  The PIPC plans to publish a comprehensive guideline, which includes details on combination and removal of pseudonymized data, sometime in September 2020.  Please note that the PIPC's Notification on Combination and Removal of Pseudonymized Data has been effective since September 1, 2020. 

Separately from the Guideline, the Financial Services Commission (the "FSC") published the Guideline on Pseudonymization and Anonymization in Financial Industry under the amended Credit Information Use and Protection Act on August 6, 2020 (the "FSC Guideline") (hyperlink (in Korean)).  Please refer to the FSC Guideline for pseudonymization and anonymization of personal (credit) information in the financial industry. 

[Korean version]