Companies that own and operate Internet businesses will be forbidden from collecting customers’ resident identification numbers beginning Saturday.
This comes after a law revision by the Korea Communications Commission intended to protect consumers from having their ID numbers, which are equivalent to U.S. Social Security numbers, stolen.
The KCC, the country’s communications watchdog and policymaking body, said Friday in a statement that the law will be enforced against all Internet or information service providers, including broadcasters or third party authorized sales agents.
They will also not be allowed to hold onto existing ID numbers of consumers, and must completely erase them from their database over the next two years, the KCC said.
E-businesses can only accept and use alternatives such as I-Pins or other certified numbers allocated to consumers via mobile phones or electronic authentication systems for security verification.
Furthermore, companies must immediately notify the KCC in the event of a loss of consumers’ personal information, as well as notify users of the incident by either email or telephone.
Internet service providers that have 1 million users and annual sales of 10 billion won ($8.8 million) must inform their customers of the status of their personal information.
Those that fail to abide by the revised law will be severely penalized with fines, and will be ordered to examine their database systems for security.
By Park Hyong-ki (firstname.lastname@example.org