South Korea's new Personal Information Protection Act, which was enacted in March in 2011 and came into force in September in the same year, has brought big changes to Korean society. Under the Act, a user's IP address and email are classified as linked personally identifiable information (PII), which affects the way SMEs and microenterprises do business.
In the past, SMEs and microenterprises in the finance and services sectors were able to do business with large companies as long as they had workers and technologies.
However, now, SMEs and microenterprises that are not equipped with PII protection systems cannot work with large companies if their services are related to PII.
It is because if personal data leaks occurred due to contractors’ mistakes, the contractors would be held legally accountable.
Of course, this would be no problem if SMEs and microenterprises had enough financial resources to put in place PII protection systems. However, given the nation’s industrial structures, most of them find it difficult to introduce such systems. And few large companies are willing to provide technical means and resources to their contractors for the sake of shared growth.
If so, SMEs and microenterprises have to choose PII protection and security systems that fall within their IT budget to meet the legal standards to some degree.
Which is more important, DRM or DLP
Deciding on which should come first, DRM or DLP is the starting point for SMEs and microenterprises which usually do not have full-time in-house computer experts. There is no doubt that adopting both DRM (Digital Rights Management) and DLP (Data Loss Prevention) is the best, but they cannot afford both, so they have to choose at least one of the two.
Giving priority to DRM (Digital Rights Management), which is implemented by embedding code that prevents copying, is not a bad idea. However, they cannot rush to introducing DRM because of financial concerns.
First of all, the cost of introducing DRM is pretty high. In addition, DRM supports only specific applications and versions. To use a certain DRM program, companies have to use applications that the DRM supports. To make the DRM support other applications, companies have pay extra for maintenance.
With a reinforced crackdown on software piracy, SMEs are considering adopting free or low-cost alternatives to major office suites rather than opting for pricy genuine software packages. However, most DRM programs do not support alternatives to major office suites or other free software.
Although money is biggest concern of SMEs when it comes to installing DRM, there are more problems in terms of management and maintenance of DRM. As a result, SMEs will eventually consider adopting DLP which is cheaper than DRM and better in interoperability.
DLP software
While DRM refers to a systematic approach to copyright protection for digital media, DLP is a suite of technologies protecting sensitive data on endpoint systems.
DLP is also suitable for large organizations and relative easy to use, so it will take less time for users to incorporate DLP into their daily work.
Thus, DLP is better for SMEs which have more non-management employees than managers.
The problem is the cost involved. Symantec offers major DLP programs, which support alternatives to major office suites, but the cost of installation and maintenance is high.
And additional costs may occur depending on how DLP is set up. Thus, it is difficult for SMEs to choose Symantec DLP programs since they do not have in-house computer experts.
Hence SMEs are likely to choose homegrown software. Korean providers of DLP programs include Officekeeper, NetHelper and Gladius.
Recently, some software developers offer DLP software that comes with some features of DRM or offer DLP on a rental basis or mini-server DLP so as to lower installation costs.
