South Korea

Is it still possible to collect resident registration?

RRN collection
Generally prohibited
5 years
Max retention period
Article 37-2
PIPA exemption clause
KRW 30M
Max fine for violation
The Short Answer

No, collecting resident registration numbers (RRNs) is generally prohibited under South Korea's Personal Information Protection Act, except for strictly limited statutory exceptions.

What the Law Says

South Korea’s Personal Information Protection Act (PIPA) imposes strict restrictions on the collection and use of resident registration numbers (RRNs), reflecting strong privacy protections.

Under PIPA, it is illegal for private entities to collect, store, or use RRNs unless explicitly permitted by law. The law treats RRNs as highly sensitive personal information due to their permanent, unchangeable nature and high risk of identity theft.

Section 37-2 of PIPA states: 'No person shall collect resident registration numbers, except where otherwise provided by laws and regulations.' This creates a blanket prohibition with narrow statutory exceptions only.

Even when collection is legally permitted (e.g., for tax, national pension, or immigration purposes), organizations must minimize use, obtain explicit consent where required, and destroy RRNs within five years — or immediately after purpose fulfillment if sooner.

Statutory Text

No person shall collect resident registration numbers, except where otherwise provided by laws and regulations.

Personal Information Protection Act, s. 37-2 — Prohibition of collection of resident registration numbers

What to Do

1

Verify whether your purpose falls under a specific statutory exception listed in laws such as the National Tax Basic Act or the National Pension Act.

2

If no exception applies, do not collect or store RRNs — use alternative identifiers (e.g., hashed tokens or unique service IDs).

3

If RRN collection is lawful, document the legal basis, obtain written consent (if required), limit access, and delete within 5 years or sooner.

4

Appoint a personal information protection officer and conduct regular internal audits to ensure compliance.

Sources

statutePersonal Information Protection Act, s. 37-2 — Prohibition of collection of resident registration numbers

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.