IDC Names Securiti a Worldwide Leader in Data PrivacyView
The Personal Information Protection Commission (PIPC) released its guidance on the safe use of personal information in the age of AI on August 3, 2023. The released document addressed several ethical concerns related to using AI in tandem with personal information.
The guidance aims to provide appropriate instructions to all relevant stakeholders, both domestic and international, on how they may minimize the risk of privacy and data infringements.
Additionally, the guidance provides rules and considerations to consider when interpreting the Personal Information Protection Act (PIPA) concerning AI development and deployment.
Lastly, the guidance offers critical information on how South Korea plans to approach AI regulations, emphasizing public-private collaboration and strategic principles for specific sectors and industries.
The guide acknowledges the rapid pace of the overall AI industry's growth and the expansive nature of its direct and indirect involvement in humans' lives. With that in mind, the PIPC has recommended establishing a principle-based discipline system. This is critical because the guide explicitly states that it would follow a more "principles-oriented approach rather than a regulatory one.
It is under this principle that an "AI Privacy Team" will be established that will play the active role of the main consultation party for all organizations within South Korea seeking advice on the following matters:
The "AI Privacy Team" will operate under a review system expected to be introduced in 2023. The primary purpose of this system would be to analyze an organization's business operations and help prepare a compliance recommendation related to the PIPA. However, this team will not have any powers to carry out administrative actions related to the results of such an analysis.
The current guidelines on AI represent only the most basic standards and principles. Further cooperation and collaboration with the private sector will be essential to create a more comprehensive plan that satisfies all concerned stakeholders.
To this end, the "AI Privacy Public-Private Policy Council" will be established to allow a common discussion platform for AI companies, developers, academics, legal professionals, and civic groups to voice their opinions, concerns, and recommendations. This Council will also work jointly with the PIPC to create data processing standards in AI environments for each specific sector.
The Council will also assist in the expansion of R&D capabilities for the activation of privacy enhancement technology (PET). Furthermore, in cases where there is ambiguity in PET application or the need for verification arises, technology development and verification can be conducted within a designated "personal information safe zone" that ensures both security and safety.
Lastly, an 'AI risk assessment model' with the capability to precisely assess AI-related risks will be prepared. This model will facilitate the design of tailored regulations based on the risk level of AI. To establish such a risk assessment system effectively, it is imperative to conduct diverse experiments and initiatives. Hence, the PIPC plans to leverage a 'regulatory sandbox' to accumulate a range of AI cases and, using these cases, identify the risks by analyzing their operational performance and risk factors.
A global cooperative system will be implemented to form a digital international standard for AI. Based on the Paris Initiative, the PIPC hopes to establish a new level of digital order within South Korea.
The "AI and Data Privacy International Conference" organized in Seoul in June 2023 was the first step in this direction. The committee engaged in discussions with representatives from regulatory and supervisory bodies, reviewing a wide array of laws, policies, and cases from different countries concerning infringements and violations related to personal information caused by AI.
Further, the PIPC plans to host a Global Privacy Assembly in 2025 to discuss new privacy issues that will emerge within the AI industry by then. The PIPC hopes to position South Korea as a major international actor in creating a standard international system by hosting such an event. It hopes to encourage greater collaboration between South Korean firms and global AI operators such as OpenAI, Google, and Meta.
The guideline acknowledges the absence of distinct standards for managing personal information in the context of AI development and services. The PIPC intends to address this gap within the framework of the existing "Personal Information Protection Act".
The primary objective is to establish clear and specific principles and standards to guide each stage of the process, including AI development, data collection, AI training, and service provision. This approach aims to facilitate a more transparent and specific assessment of personal information processing within the stated guidelines.
Organizations understand the tremendous challenges and opportunities AI presents. Used appropriately, it can lead to a steep increase in both productivity and efficiency. However, its usage must be tampered with responsibility, owing to, among several other factors, the vast amount of users' personal information and data involved.
Striking the right balance between responsible data usage and leveraging AI capabilities to their maximum potential can be both a strategic and operational obstacle for organizations.
This is where Securiti can help.
With its Data Command Center, a centralized platform that enables the safe use of data and GenAI, Securiti provides unified data intelligence, controls, and orchestration across hybrid multicloud environments. Securiti's Data Command Center has a proven track record of providing data security, privacy, governance, and compliance for various organizations of varying sizes and industries.
With the Data Command Center, organizations can enable a proactive approach toward honoring their regulatory obligations with respect to data privacy while leveraging the maximum benefits from AI usage.
Request a demo today to learn more about how Securiti can help you comply with South Korea's PIPA and other global data privacy regulations.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
300 Santana Row
San Jose, CA 95128