07/07/2026 | Press release | Distributed by Public on 07/08/2026 05:05
Dentons Lee recently represented a Korean public institution in a police investigation involving alleged violations of the Personal Information Protection Act ("PIPA") and successfully obtained a non-referral decision from the police on the grounds that no criminal offense had been established.
The case centered on whether a public institution's transfer of documents containing personal information to its external legal counsel, for the purpose of carrying out statutory duties and pursuing litigation, constituted an unlawful third-party disclosure or unauthorized processing of personal information under PIPA.
The matter was handled by Dentons Lee's Heejun Choi and Seul-Ah Kim and Sung-Eun Ahn. Sung-Eun Ahn conducted an in-depth analysis of the key issues and legal principles under PIPA, while Heejun Choi and Seul-Ah Kim led the response to the police investigation and secured a non-referral decision approximately three weeks after being retained.
The complainant alleged that the public institution violated PIPA by providing documents containing personal information, including a certificate of personal seal registration, to an external law firm in connection with the institution's pursuit of a recourse claim.
The complainant further asserted that the documents were used in legal proceedings, including an application for a payment order, in a manner that exceeded the scope of the individual's consent. According to the complaint, such use constituted unauthorized processing beyond the original purpose of collection and an unlawful disclosure of personal information to a third party.
Dentons Lee approached the matter not as a simple issue of sharing personal information, but as a question of lawful personal data processing carried out in the course of a public institution's statutory responsibilities and litigation activities.
The team emphasized that the public institution was legally authorized to conduct debt management and recourse-related functions and that the external law firm received and used the relevant information solely for the purpose of representing the institution, rather than for any independent purpose of its own. In this context, Dentons Lee argued that the transfer of documents containing personal information constituted an entrustment of personal data processing rather than a third-party disclosure under PIPA.
Dentons Lee further demonstrated that providing the relevant materials to counsel and submitting them to the court were necessary and legitimate steps taken for the purpose of pursuing legal claims and conducting litigation.
A key element of the defense was the distinction under PIPA between "a third-party disclosure" of personal information and "the entrustment of personal data processing." Dentons Lee successfully explained why the facts of this case fell within the latter category and therefore did not constitute a violation of the statute.
The police accepted Dentons Lee's arguments and determined that the public institution's provision of documents containing personal information to its external counsel, to the extent necessary for the conduct of litigation, did not constitute an unlawful third-party disclosure under PIPA.
Accordingly, the police issued a non-referral decision, finding no grounds to pursue criminal charges against either the public institution or the employee involved.
This decision confirms that sharing documents containing personal information with external legal counsel in connection with a public institution's statutory functions, debt management activities, recourse claims, or litigation does not automatically give rise to criminal liability under PIPA.
The case is particularly noteworthy because Dentons Lee secured an early resolution through a prompt and coordinated defense strategy that combined expertise in both data protection law and criminal procedure.
The decision is expected to serve as a valuable reference for public institutions and private-sector organizations assessing legal and regulatory risks associated with sharing personal information with external law firms, professional advisers, or service providers in the course of legitimate business and legal activities.
Dentons Lee remains committed to helping clients navigate complex issues at the intersection of data protection, criminal enforcement, and public-sector regulation, delivering practical and effective legal solutions in high-stakes matters.
Redefining possibilities. Together, everywhere. For more information visit dentons.com