Embassy News
 Arts & Living
 Travel & Hotel
 Medical Tourism New
 Letters to Editor
 Photo Gallery
 News Media Link
 TV Schedule Link
 News English
 Hospitals & Clinics
 Flea Market
 Moving & Packaging
 Religious Service
 Korean Classes
 Korean Weather
 Real Estate
 Home Stay
 Room Mate
 English Teaching
 Job Offered/Wanted
 Hotel Lounge
 Foreign Exchanges
 Korean Stock
 Business Center
 PR & Ads
 Arts & Performances
 Restaurants & Bars
 Tour & Travel
 Shopping Guide
 Foreign Missions
 Community Groups
 Foreign Workers
 Useful Services
 ST Banner Exchange
Data Security, Privacy in Asia
Countries Need to Cooperate for Better Legal Context
By Richard Kim Yu-Ho
US Attorney at Law
Data Security and Privacy in Asia

I. Introduction

In recent years, the Internet has been used by a wide variety of entities, individuals and corporations alike, in many different countries, and more often than ever before. The Internet usage growth rate for the entire world is estimated to be over 200% for the past seven years. North America makes up five percent of the world's population but accounts for 20.9% of the world's Internet usage. Asia makes up 56.5% of the world's population and accounts for 35.8% of Internet usage. As more and more people use the Internet, issues with data security and privacy on the Internet have begun to surface. A reasonable expectation of privacy is necessary for people to thrive and prosper. Although people have similar reasonable expectations of privacy, cultural concepts of individual privacy in the East may differ from the West. It is possible that culture shapes the way people live and solve their problems, in both social and legal contexts. As Asia accounts for a significant portion of Internet usage, this note recognizes that there are different policies for data security and privacy in Asia as opposed to Western countries.

This note undertakes a discussion of historical evolution, culture and current Asian data security and privacy laws by examining these aspects in three Asian countries - Japan, China and South Korea. Next, this note compares data security and privacy laws in Asia to that of relevant laws in the United States. Finally, this note works toward making a proposal to harmonize a legal solution for the international contexts because the Internet is inherently international. This note suggests a reciprocal enforcing system among countries as one of the possible solutions.

II. Data Security and Privacy Law in Asia

Many of the data security and privacy statutes in Japan4 and Korea5 are based on that of the Organisation for Economic Co-operation and Development (OECD). China has participated in the Asia-Pacific Economic Cooperation's (APEC) privacy initiative.6 Although it is unlikely to impact Chinese legislation, the participation itself indicates that the Chinese government recognizes the significance of international privacy regime.

1. Japan

Constitutional Foundation

The Constitution of Japan provides the protection of privacy and liberty of private life. Article 13 of the Constitution states, "All of the people shall be respected as individuals. Their right to life, the supreme consideration in legislation and in other governmental affairs." Article 21 provides, "[N]o censorship shall be maintained, nor shall the secrecy of any means of communication be violated." Under Article 13 and the general provisions of tort law, the courts' precedents have established the right of privacy.

Privacy Mark Certification

In February 1998, the Ministry of International Trade and Industry (MITI) of Japan created a supervisory authority for the protection of personal data which can grant "privacy marks" to businesses who commit to the handling of personal data in accordance with the MITI guidelines. The "privacy mark" system is administered by the Japan Information Processing Development Center (JIPDEC), which is a joint public and private agency that develops regulatory guidelines for the information technology industry and promotes e-commerce. In April 1998, Japan started the JIPDEC Privacy Program. The idea is that non-complying companies with the MITI guidelines would be excluded from relevant industry bodies, not be granted the "privacy marks," and supposedly be penalized by the market. Moreover, the supervisory authority can also investigate violations and issue recommendations to the appropriate administrative authorities.

Furthermore, in May 2000, the JIPDEC entered into an agreement with BBBOnline, a division of the US-based Better Business Bureau, to develop reciprocal online privacy seals. Recently, the number of companies holding "privacy marks" has increased, as their awareness of the importance of privacy has increased as well. As of September 2006, over 5,000 companies have been granted privacy marks by JIPDEC.

Laws for Data Security and Privacy

However, Japan had no statute regarding the personal data processes in the private sector until recently. Effective April 1, 2005, the Personal Information Protection Act (PIPA) was enacted after a long controversy in the Japanese legislature. The PIPA consists of two parts: (1) "Basic ideals and principles" and (2) "General Provisions." The first part provides for future legislation on the protection of privacy for both the public and private sectors. The second part provides for general provisions on personal information protection in the private sector. The PIPA defines "personal information" as the information that relates to "living individuals," which can be used to identify specific individuals by name, birth date, or other descriptions. The second part stipulates how businesses must handle personal information. The PIPA applies to an entity handling a personal information database for conducting business. The entity must comply with several restrictions under the PIPA. Furthermore, the entity must obtain prior consent from an individual in the case of providing the individual's personal information to a third party.

The PIPA allows both civil and criminal sanctions for a violator. Under the PIPA, the Prime Minister may specify a certain minister or the National Public Safety Commission, and then each Minister implements the PIPA for the area the minister is in charge of. Each minister is authorized to make recommendations or give orders to businesses dealing with personal information. A violator could be in prison for a maximum of six months or a maximum fine of JPY 300,000 (approximately USD 2,579). A few days before the enactment of the PIPA, Japan's legislature also passed four additional personal information protection bills which were related to the protection of personal information.

Recent Use of Technology and Concerns of Data Security and Privacy

Recent movement toward enacting data and privacy related statutes may attribute Japanese government's uses of novel technology in tracking vehicles. The National Police Agency has been placing the "N-system," a comprehensive video surveillance system, on major highways throughout Japan since 1986. The N-system automatically records and scans the license plate number of every passing car, and it notifies the police when it detects a suspicious vehicle. Further, the Ministry of Land, Infrastructure and Transportation (MLIT) of Japan announced a plan to use the System of Multi-functional integration of Automobiles and Roads in Transport in the 21st Century PLATE (SMART PLATE) in early 1999. These new plates with embedded IC chips will contain driver and vehicle information for the purpose of traffic control, a notice of arrival of cars to hotels and hospitals, collision prevention, automatic pay-to-road tolls, and tacking stolen cars. Since April 2006, a pilot test program using smart licenses has been operating in taxicabs in Chiba City. Critics are concerned about potential misuse of information by the government.

Anti-Spam Laws

Unsolicited commercial emails ("spam") have been growing problems around the world. In 2002, Japan introduced two anti-spam laws. One is a revision of the law for specific commerce and the other is a new law for appropriate transmission of specific e-mail. Both of the laws not only apply to emails but also to mobile text-messages. The laws require "opt-out" to be the default and spam to be clearly identified as such, as well as state a valid return email address and telephone number. The laws may not apply to foreign spammers, but spammers in Japan sending spam to foreign consumers are also subject to the laws. The revision of the Law for Specific Commerce regulates advertisement owners rather than spammers, with a maximum penalty of three million yen (approximately USD 25,425) and/or imprisonment of up to two years. The new law for appropriate transmission of specific e-mail regulates transmission. In the case of mobile text-messages, telecom companies may stop transmitting spammers' messages to protect their system from being overloaded. The new law imposes a penalty of 500,000 yen (USD 4,237) per incident. These two laws have been successful. Some spammers complied even before the two laws went into effect and telephone companies such as DoCoMo are blocking some spammers based on a legal judgment. This is attributed to not only Japanese citizens' weaker sense of civil disobedience but also actual legal enforcement.

Laws Concerning Data Security and Privacy

Further, as privacy invasion on Internet bulletin boards increased, the Internet Provider Responsibility Law of 2001 (IPRL) went into effect. The IPRL regulates Japanese Internet Service Providers (ISPs) for disclosing customers' information by requiring ISPs to delete private information from Web sites. In the following year, in response to the IPRL, ISPs issued the self-regulating guidelines. The guidelines restrict dissemination of private information without specific consent, allow ISPs to delete user information to comply with the IPRL, and require information posted by users about public figures to be maintained. On March 31, 2003, the district court of Tokyo, interpreting the IPRL, first ordered Yahoo Japan to disclose information about one of its users who had posted a defamatory comment about a plaintiff on its bulletin board. In October 2004, the new guidelines for the IPRL were published. The 2004 guidelines, although not legally binding, give the regional Civil Liberties Bureaus under the Ministry of Justice the authority to demand ISPs to delete the names or photographs of teenage criminal suspects from their Web sites. If ISPs refuse to comply with the demand, then ISPs are required to explain the reason of the refusal.

2. China

Constitutional Foundation

The Chinese Constitution provides limited rights to privacy because the rights are subject to broad exemptions for protecting the security of the country. Although Article 36 of the Chinese Constitution provides for the government's protection of normal religious activities, it also includes a broad exception which states "[N]o one may make use of religion to engage in activities that disrupt public order, impair the health of citizens or interfere with the educational system of the state." This has been interpreted very broadly in favor of the government. Article 40 provides for the freedom and privacy of correspondence of the individual and also allows broad exemption by stating "[e]xcept in cases where, to meet the needs of state security or of investigation into criminal offences, public security or procuratorial organs are permitted to censor correspondence in accordance with procedures prescribed by law."

Historical Background

Historically, China has outstanding marks in keeping records of its entire population, which are used for conscription, taxation, and even authorization for moving from one home to another. The government has kept records of the name, age, and address of every citizen. On the civil side, article 101 of the General Principles of the Civil Law of the People's Republic of China (PRC) states that citizens and corporations have "right of reputation." On the criminal side, article 251 of the General Principles of Criminal Law of the PRC provides for criminal sanctions for government officials, stating "[S]tate organ who unlawfully deprives a citizen of his or her freedom of religious belief or infringes upon the customs and habits of an ethnic group...shall be sentenced to fixed-term imprisonment of not more than two years or criminal detention." Article 252 added, "Whoever conceals, destroys or unlawfully opens another person's letter, thereby infringing upon the citizen's right to freedom of correspondence...shall be sentenced to fixed-term imprisonment of not more than one year or criminal detention."

However, law enforcement officials can issue search warrants on their own authority ignoring legal requirements. According to the U.S. 2006 Country Reports on Human Rights Practices, the Chinese government restricts freedom of speech and the press, including oppressive control and censorship of the Internet. There have been increasing numbers of imprisonment as a result of such surveillance against individuals who were seeking to exercise their constitutional rights. Other reports are also consistent with the U.S. 2006 Country Reports.

Smart ID Card and Concerns of Data Security and Privacy

The Chinese government requires all Chinese citizens over the age of sixteen to carry an identification card, issued by the Ministry of Public Security, which contains personally identifiable information such as the name, date of birth, and gender of each individual. In early 2000, the Ministry of Public Security launched a project for Chinese citizens' new second-generation ID cards into which IC chips are imprinted, called a "smart ID card," which not only contains much more personal information but are also more difficult to forge. The city of Shanghai already adopted the use of the smart ID in 2001, and eight million smart ID cards had been distributed nationwide by 2005. All Chinese citizens over 16 years of age should receive the smart ID cards by 2008.

In January 2004, the Law of Citizen Identification Cards was enacted. The law mandates registration for an ID card and permits only the police authority to demand or hold citizens' ID cards and requires keeping confidential personal information obtained from the ID cards. However, public security agencies have always had the right to check an ID card at any time. Although the purpose of government activities is to protect its citizens, history teaches us that once a government has such information, that government may use private information to harass and silence those who question its policies. The public fears that the authority may use smart ID cards to monitor citizen's activities, including their Internet usage, since most local regulations require cybercafé customers to use swipe cards that automatically record the users' identity and track the Web sites they visit.

Regulations on the Internet

Despite some efforts to improve, the Chinese government continued interfering with the free flow of information for Chinese Citizens and imposing prison sentences for exercising their freedom of expression. Recently, the Chinese government's interference on the free flow of information has been extended to the use of the Internet. China has a unique policy that makes an effort to keep up with new communication technologies, yet extremely shields their political regime against the use of technology to assist anti-government activity. All international connections to China go through proxy servers at official gateways, which were built with technical assists from Western companies such as Cisco, Sun Microsystems and IBM. The government officials can spot individual users, monitor network traffic, and filter or block contents as necessary.

The Chinese government also monitors chat rooms and forums and regulates Internet cafes through licensing. Chinese law requires all Internet cafés to be licensed. Licensed internet cafés require patrons to register each time they visit. In 2001, the local bureau of public security distributed "security management" software to more than 1,700 Internet cafés in Chongqing. The software filters materials deemed inappropriate by the Chinese government. It can also capture computer screens and cast the screen shots to local public security bureaus. However, over sixty percent of China's Internet cafés are unlicensed and use anonymous prepaid phone cards, which give some degree of freedom that might not otherwise be possible with registering.

In addition to the distribution of security management software, in April 2001, a Chinese government investigation on all public Internet service providers began. The State Council also temporarily ceased to issue new licenses for Internet cafés during the investigation period. Three months later, as a result of the investigation, more than 6,000 Internet cafés were disconnected and 2,300 were out of business. In June 2003, the Chinese government began to issue an Internet café "chains" license. This has been viewed as the Chinese government's attempt to create much fewer but easier to control administrative and functional structures for Internet cybercafés. In 2005, the Beijing Internet Safety Service Center of the Beijing Public Security Bureau recruited 4,000 Web watchdogs to monitor cybercafés and Internet service providers in Beijing. This monitoring has induced several arrests of online activists which end up serving prison time. U.S. corporations are also blamed as being part of the Chinese government's surveillance on Internet activities. Yahoo, through its Chinese partner company, Alibaba, has provided private and confidential information about its users to the Chinese authorities. Microsoft, upon the Chinese government's request, shut down the blog of New York Times researcher Zhao Jing and restricted use of certain terms to users of MSN Spaces. Google provided a censored version of its international search engine in China.

Anti-Spam Laws

Recently, China has actively responded to concerns about unsolicited e-mails. In September 2004, Chinese government officials, Chinese Internet companies, and U.S. online companies joined to issue anti-spam guidelines for China. Six months later, Chinese and Australian Internet industry associations entered into an anti-spam action plan which the Internet Society of China (ISC) and Australia's Internet Industry Association (IIA) would jointly develop to prevent anti-spammers' from attacking the ISPs. Recently, there has been a dramatic decrease in the volume of spam from China. This is most likely attributable to China's effort to escape its bad reputation as a source of spam. In June 2006, China's Ministry of Information Industry (MII), along with privacy agencies, jointly launched a nationwide anti-spam campaign called "12321."This campaign consists of distributing one million anti-spam brochures, providing intensive training for numerous email service management organizations and email administrators, and collecting 200,000 signatures from users against bulk email. It seems this campaign has successfully reduced the amount of spam out of China.

3. South Korea

Constitutional Foundation

Articles 16, 17 and 18 of the Constitution of the Republic of Korea ("South Korea") provide for the protection of privacy, secrecy of communications, and liberty of private life. Article 16 states, "All citizens are free from intrusion into their place of residence... "109 Article 17 states," The privacy of no citizen may be infringed..." Article 18 states, "The secrecy of correspondence of no citizen may be infringed."

Laws for Data Security and Privacy

The South Korean government has created an online data release system which enables citizens to download government documents and obtain certain information such as property titles and registrations. As the South Korean government has been active in promoting Internet use, South Korea has a relatively long history of protecting privacy. In 1994, the Act on the Protection of Personal Information Managed by Public Agencies (APPIMPA) was established for managing computer-based personal information held by government agencies. Under the APPIMPA, government agencies must limit the amount of data collected, use it for the purposes for which it was collected, and be responsible for maintaining a public register of files, securing information, and ensuring accuracy of the information. Individuals can obtain and correct personal information held by government agencies under the APPIMPA.

Effective January 1998, the Act on Disclosure of Information by Public Agencies (ADIPA) also went into effect. Under the ADIPA, individuals may demand access to government records. The agency's committee then determines if the requested information can be released, and judicial review is available for those whose requests are denied. The courts have been in favor of promoting a right of access to one's own personal information. However, there have been problems with the ADIPA, such as improper denials of requests and non-enforcement of the ADIPA. Social activists have responded to the problems of the ADIPA by calling for the amendment of the ADIPA to improve public access to information.

Problems with identity theft and fraud involved with Resident registration numbers, Korea's version of social security numbers, have been increasing recently due to the requirement of a valid resident registration number to create an account on most Korean Web sites. Korean resident registration numbers consist of 13-digit citizen registration numbers in which each number signifies sensitive personal information such as gender, date of birth and place of birth. In July 2005, the Ministry of Information and Communication (MIC) detected a free circulation of more than 95,000 Korean resident registration numbers through a Google search. In 2006, the resident registration numbers of more than 1.2 million people were intercepted by hackers who sought to create fake accounts for online games. Moreover, during the legislation session, it was brought to attention that even the resident registration number of South Korean president Roh Moo-hyun had been used 416 times for online verification and 280 times for adult verification at X-rated Web sites up until July 2006. These incidences led to the need for a new law with stiffer penalties for the use of other people's resident registration numbers. In September 2006, a new law regarding resident registration numbers came into effect. The law provides that any act of the use of other people's resident registration number is punishable by imprisonment of up to three years and/or ten million won (approximately USD 10,654) in fines. On March 12, 2007, the Ministry of Government Administration and Home Affairs (MOGAHA) of the ROC launched a month-long program called "Clean Campaign" in cooperation with three private credit-rating companies. This program allows anyone to track the usage of their resident registration numbers for over 20,000 Web sites. Since 1999, South Korea has been widely using digital signatures for banking and other financial transactions. Although digital signatures provide another layer of protection for users, it has not reduced concerns on data security and privacy. In October 2006, South Korea introduced a new personal identification system for use on the Internet only, known as the Internet Personal Identification Number ("i-PIN"). The i-PIN, an alternative to using resident registration numbers, is meant to stop ID theft on the Internet. The use of the i-PIN on the Internet is voluntary for both Internet business operators and Internet users.

Recently, concerns on data security and privacy have been extended to other industries. The Act on Promotion of Information and Communications Network Utilization and Data Protection (APICNUDP)135 took effect in 2000. The APICNUDP regulates service providers and users such as telecommunications companies, travel agencies, airlines, hotels and educational institutions. The APICNUDP also gives individuals the right to access personal information held by service providers. Under article 22 of the APICNUDP, service providers and users must obtain consent for the collection, use and disclosure of personal information to a third party. Moreover, article 23 prohibits the collection of delicate personal information such as ideology, faith and medical records. Article 24 further restricts the use of personal information only for the scope of the original purpose of the data collection. Particularly, the APICNUDP prohibits indiscriminate data collection from children under the age of fourteen. Under article 31 of the APICNUDP, service providers and users must obtain consent from an appropriate legal guardian for the collection, use and disclosure of personal information of children under the age of fourteen.

Anti-Spam Laws

In response to South Korea's responsibility of approximately twenty-five percent of spam in the world, article 50 of the APICNUDP added the anti-spam provisions in a 2002 amendment. Moreover, the APICNUDP emphasizes its further extension into other Acts, including Consumer Protection in the Electronic Commerce Transactions along with the Enforcement Regulation of Information Network and Privacy Protection Act (INPPA), which was amended in the same year. The INPPA has strengthened its enforcement of anti-spam regulations by strictly prohibiting spam going against an explicit refusal of such email. The INPPA further requires spam to contain the word "Advertisement" in the subject line and provide opt-out instructions both in Korean and English.

In March 2004 alone, the Ministry of Information and Communication (MIC) imposed a fine on sixty-eight online marketers. These Acts, along with the efforts of self-regulation among several direct marketers in 2002 and the imposition of financial penalties have helped reduce the number of spam emails in Korea.

III. Comparison to the U.S. Data Security and Privacy

The U.S. Constitution does not explicitly guarantee the right to privacy. However, "privacy" is protected by the U.S. Constitution through the Bill of Rights. Case laws further confirmed this position. For instance, in 1973, holding in Roe v. Wade that the states cannot bar a woman from having an abortion, the Supreme Court reasoned that it was because of the constitutional right to privacy.

The U.S. has several statutes to protect data security and privacy. The Identity Theft Penalty Enhancement Act (ITPEA) prohibits trafficking of personal information without consent. The ITPEA imposes a criminal penalty for an identity theft regardless of the actual use of the information. The Gramm-Leach Bliley Act (GLBA) is also one way to control data. The GLBA regulates financial institutions regarding the collection, disclosure and protection of personally identifiable information. Effective January 2004, the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act sets requirements for sending commercial emails by providing consumers' rights to opt out and clearly stating penalties for spammers. The Children's Online Privacy Protection Act (COPPA) prohibits the collection of data for children under thirteen years of age without the explicit parental consent to the collection of the data. Under the Health Insurance Portability and Accountability Act (HIPAA), it implements regulations regarding privacy and data security. Additionally, the U.S. SAFE WEB Act of 2006 became a law granting additional authority to the Federal Trade Commission to protect consumers from spam, spyware, and Internet fraud and deception. Furthermore, through each state's data breach notification laws, thirty-four states require organizations to notify affected individuals in the case of unauthorized usage of their unencrypted personal information by third parties such as hackers.

IV. Current Trends

International privacy standards have affected more U.S. companies because of the privacy rules in counterparts such as the European Union (EU) and Canada. Citizens in the EU, unlike U.S. citizens, have constitutional rights of privacy, and EU Data Directive statutes regulate the data collection process. Canada has also adopted privacy laws similar to European laws. It serves to regulate most Canadian businesses when collecting personally identifiable information.

In Asia, under the Pan-Asian e-Commerce Alliance ("PAA") project, six East Asian countries – China, Japan, Hong Kong, Malaysia, Korea, Taiwan, and Singapore – have been aiming to build a common e-commerce network. Moreover, there have been several regional meetings for establishing such conferences for a Korea-Japan e-commerce policy. China and Korea have already established a bilateral e-commerce policy consultation forum for sharing specific action plans.

V. Recommendations

The Universal Declaration of Human Rights of the United Nations states, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, not to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks." Today, this concept of privacy needs to extend to cyberspace. As trade among countries increases and litigation occurs in other countries, more U.S. companies are worried because they may be subjected to liability under other laws. The Internet is inherently international; as thus, the same kinds of concerns regarding data security and privacy are applied to the use of Internet transactions. In some instances, countries enter into data safe harbor agreements in order to work with different standards. In other instances, they use different measures, including a common resource for information sharing, an early warning system, and training of network administrators. Many countries have their own ways to regulate data security and privacy problems. However, their own regulations may not work effectively, since injury and causes do not necessarily occur in the same country. If a violator or a server is located outside of its own jurisdiction, or damage is incurred in other countries, it is unlikely to enforce laws against a violator. As such, violators can easily avoid punishment even though each country has its own laws to regulate data breaches.

Most countries have some overlap among their laws. Because of these overlapping laws in various countries, it would be more effective if those countries entered into treaties to actually enforce violators through a reciprocity system. As technology changes rapidly, it would be unrealistic to wait for Congress to implement treaties in supplementary legislation. Thus, treaties should be self-executing. Take spam as an example — most countries have their own anti-spam laws. Initially, all or most countries who are members of the United Nations enter into a treaty to agree to reciprocally enforce their laws in their countries even though damages occur in different countries. The treaty should be self-executing because of the aforementioned reasons. For example, if a spammer in Korea uses a server in China to send a spam email to an American user in the States who subsequently suffers damage, then Korean anti-spam law would be applied to the spammer in Korea, and Chinese anti-spam law would be applied to the owner of the server, if the owner knew or had reason to know that the server was used for spamming. The American user can eventually recover the damages proportionally from both wrongdoers in Korea and China. This system may induce spammers and spam-server owners to move to countries where there are less stringent anti-spam laws. This would generate a bad reputation to those countries as "spam sources" or "easy countries" because of their weak enforcement or relatively less stringent anti-spam laws. It may lead those countries to enact stricter laws or laws that are as stringent as other countries' anti-spam laws. As a consequence, it may significantly reduce spam as more and more countries try to meet a higher standard and actually enforce their laws reciprocally. Anyone who is injured has a standing and each country enforces its own law in its own jurisdiction. This system can also apply to other data breach cases.

VI. Conclusion

Cultural concepts of individual privacy in the East and the West are different. As such, their legal frameworks are not the same. However, we as human beings all wish to have a reasonable expectation of privacy regardless of different cultural and legal frameworks. In the past decade, the world has increasingly become international as a result of the emergence of the Internet.Thus, our approach to legal and policy frameworks for data security and privacy needs to be reassessed accordingly. The more countries work cooperatively, the more laws can be effectively applied to individual countries. This will indeed provide more effective solutions for data security and privacy issues around the world.

*Footnotes and sources have been omitted due to limitation of space.

Related Articles
    UC-Berkeley-Educated Korean Attorney Richard ...

Richard Kim Yu-Ho, a founder and CEO of Law2B LLC, a Vietnam-based total management consulting firm, serves as a columnist for The Seoul Times. He is a New York-licensed attorney officially registered as a foreign lawyer to practice in Vietnam. He is also a certified bankruptcy administrator with the Vietnamese Ministry of Justice. He worked for Baker McKenzie law firm as the head of the Korea practice in the Vietnam office until June 2020. Earlier he worked for a top-tier Korean law firm "LOGOS" specializing in foreign investment to Vietnam as its Hanoi branch head from 2008 to 2017. He also worked for a Vietnamese law firm "VILAF" in 2007. He authored the best-selling book “Vietnamese Laws that Investors Must Know” which is sold on Amazon USA as well. He is also a co-author of another best sellers “Vietnam Economy Report” and “Vietnam Trend 2020.”






The Seoul Times Shinheungro 25-gil 2-6 Yongsan-gu, Seoul, Korea 04337 (ZC)
Office: 82-10-6606-6188
Copyrights 2000 The Seoul Times Company  ST Banner Exchange