Korea recently enacted the Personal Information Protection Act in order to protect rights and interests in connection with personal information. Although the act went into effect on September 30 2011, the Ministry of Public Administration and Security has provided for a six-month transition period, allowing time to educate companies. If any person processing personal information fails to comply with the obligations set out in the act, such person may be subject to penalties including criminal punishment up to 10 years or an administrative fine of up to KRW50 million (approximately $44,000). Under the act, ‘personal information’ includes general, family, communication, location, and hobby/habit information and now extends beyond customer information to employees as well. Previously in Korea, it was common practice for employers to collect, use and provide their employees’ personal information with almost no restrictions. With the implementation of the act and the consequent penalties therein, employers will be required to obtain consent from employees throughout the different stages of employment and to adopt a systematic approach to the management of personal information.