Financial companies, when found responsible for a massive personal data leak, will face a fine of up to 3 percent of their total annual sales and customers will be given the right to order the firms to erase their personal information, according to the nation’s financial regulator.
Despite these new regulations, however, experts and civic groups continued to express dissatisfaction, claiming that the financial authorities’ plan lacked effective penalties and compensation methods.
The Financial Services Commission on Monday announced a comprehensive set of measures to protect personal information, as a follow-up of a draft announced in January, shortly after a massive leak of customer data involving some local card companies was discovered.
According to the updated regulations, financial companies found liable for the illicit circulation of customer data will be handed a punitive fine amounting to 3 percent of their total annual sales, with no ceiling on the actual amount. Previously, the fines had been set at 1 percent.
They will also be banned from sharing clients’ data with their affiliates and will be required to delete the data within three months once the transactions are terminated, officials said.
Customers, on the other hand, will be granted a wider range of authority regarding the management of their personal information.
Resident registration numbers will be required only for first-time registration and in an encrypted form. Clients may also demand that the financial firms either step up the protection of their personal data or delete it altogether.
Financial operators which do not abide by these rules may face a fine of 50 million won ($46,870) or a business suspension of up to six months.
“The government will improve the personal information management system from the customers’ perspective,” said Finance Minister and Economic Vice Minister Hyun Oh-seok.
Hyun also pledged to come up with a more fundamental and comprehensive protection plan within the first half of the year, suggesting that the regulations will reach beyond the financial sector.
Despite these incoming measures, however, the dissatisfied public seems to consider the government’s measures lax and repetitive, especially as they had been delayed several times.
The FSC said that it would suggest follow-up measures within February but soon postponed them to the first week of March, and then to the third, citing the need to elaborate further on the contents.
“The government’s plan is only an empty repetition, void of key measures, such as the reinforcement of punishment for financial firms or the introduction of a class-action suit system for large-scale data leak victims,” the Korea Finance Consumer Federation said in a statement.
By Bae Hyun-jung, new reports