What are the fines for violating the PIPA?

What the Law Says

South Korea’s Personal Information Protection Act (PIPA) sets strict penalties for unauthorized collection, use, disclosure, or failure to safeguard personal information.

Under Article 72 of the PIPA, any person who violates certain provisions — such as collecting personal information without consent (Art. 15), using it beyond the stated purpose (Art. 16), or failing to implement required security measures (Art. 29) — is subject to criminal penalties.

The law distinguishes between violations involving negligence and those involving intent or profit motive, with higher fines and imprisonment for aggravated cases.

Fines are imposed in Korean won (₩) and are not subject to adjustment for inflation unless amended by statute.

Statutory Text

Any person who violates Article 15, Paragraph 1 or Article 16, Paragraph 1 shall be punished by imprisonment with labor for not more than seven years or by a fine not exceeding 100 million won.

— Personal Information Protection Act, Art. 72 — Penalty

Statutory Text

Any person who violates Article 29, Paragraph 1 shall be punished by imprisonment with labor for not more than five years or by a fine not exceeding 50 million won.

— Personal Information Protection Act, Art. 72 — Penalty

Statutory Text

Any person who violates Article 34, Paragraph 1 (prohibiting re-identification of anonymized data) shall be punished by imprisonment with labor for not more than three years or by a fine not exceeding 30 million won.

— Personal Information Protection Act, Art. 72 — Penalty

What to Do

Sources