Wrangling stalls data protection bills

By Korea Herald

Assembly at a standstill with a host of revision proposals gathering dust

  • Published : Feb 3, 2014 - 20:03
  • Updated : Feb 3, 2014 - 20:28
Lawmakers hold hands for a group photograph after the opening session of the extraordinary session at the National Assembly on Monday. The 26-day session is expected to be fraught with interparty discord over legislation and other ongoing issues. (Lee Gil-dong/The Korea Herald)

Personal information protection is high on the National Assembly’s agenda, but it remains uncertain whether the two main political parties will be able to set aside their differences to take timely action.

The weakness of the nation’s information security system became a hot topic after the Financial Services Commission revealed the data theft of some 20 million KB Kookmin, Lotte and NongHyup Card users last month.

The developments had both the ruling Saenuri Party and the main opposition Democratic Party scrambling to draw up preventative measures.

As part of the efforts, the two sides agreed to hold hearings and carry out a parliamentary investigation through the National Policy Committee to discuss legislation that would prevent similar incidents.

While the two parties agree that financial institutions should be severely reprimanded, they have taken different directions in drawing up the punishment.

The Saenuri Party supports the government’s plan of charging punitive fines of up to 5 billion won ($4.6 million), which will be collected by authorities.

The ruling party’s suggestion, however, has been met with criticism from the main opposition Democratic Party.

“The punitive measures are enough to be misunderstood as an attempt by the government to use the financial accident as an opportunity to expand taxation,” DP lawmakers said in a statement.

Instead, the main opposition is pushing for a regulation that would provide the victims with compensation.

On the whole, the lawmakers are to focus on four main personal information acts in the extraordinary session this month.

Among them, the Personal Information Protection Act is receiving the most attention. Eleven revisions to the act have been proposed since July 2012, with seven coming from the DP.

So far, only one bill ― suggested by the Saenuri Party ― has been passed while the remaining 10 proposals have been collecting dust for some time. The bill, passed last June, bans private and public companies from collecting resident registration numbers (RRN).

The ban on RRN collection, however, does not include real estate agencies and financial institutions, the very source of last month’s security breach. The two industries are exempt, because no adequately secure substitute for the RRN currently exists.

DP Rep. Lee Chan-yeol proposed another revision bill requiring financial companies to encrypt identification numbers, such as resident registration, driver’s license or passport numbers. This bill has been pending since its proposal in December.

Encrypting the information would add an additional layer of security so that it cannot be as easily read. The stolen information in the recent data leak was left unencrypted, adding concerns about secondary damages.

The opposition party proposed another revision bill, unifying standards for reporting data leaks.

Two sets of rules currently exist in reporting data theft and the revision is designed to reduce confusion for businesses.

The DP also proposed requiring financial institutions to pay compensation for material and immaterial damages sustained by those affected in data breach cases.

Another personal information act that is high on lawmakers’ agenda is the opposition party’s Telecommunications Network Act revision, which would require financial companies to report data leaks within 24 hours.

The Saenuri Party is also pushing for an increased fine of 30 million won in the Credit Information Protection Act for financial institutions that lack security measures. The party also proposes that the Telecommunications Business Act be revised to force mobile carriers to block text messages sent from altered phone numbers.

If the related proposals are not passed during the February extraordinary session, they will be put up for reevaluation during the extraordinary session in June. The upcoming local and by-elections may push the resolution to as late as the beginning of next year.

Some experts say that even if the proposed revision bills were to pass, it will not be easy to block personal information leaks, as the problem lies not in the legal system but with the people who handle the data.

“Isn’t it useless to build a wall over thousands of years if someone simply opens the door?” a security expert told news sources, hinting that a solid security system is useless against those who leak information from the inside. 

By Suh Ye-seul (

Choi He-suk contributed to this article. ― Ed.