Korea to punish lax personal data protection

By Yoon Min-sik
  • Published : Jul 31, 2014 - 21:10
  • Updated : Jul 31, 2014 - 21:10

South Korea plans to strengthen personal information security by implementing stricter punishments for companies that fail to protect customer data while providing incentives to invest in battling cyberattacks, officials said Thursday.

A pangovernment task force unveiled the plan to enhance data protection in response to the rampant data theft that has hit the country in recent years.

In January, over 104 million pieces of customer data were stolen from major credit card companies, prompting Prime Minister Chung Hong-won to form the task force to cook up countermeasures.

“The investigation (by the task force) found gaping holes in information protection systems in both the public and civilian sectors,” said Choo Kyung-ho, minister of the Office for Government Policy Coordination at the Prime Minister’s Office. “Considering that (there’s a) lack of proper sanctions on firms that allowed data leaks, (the government) needs to raise the alarm on the issue and prompt corporations to invest in cybersecurity.”

The Ministry of Security and Public Administration conducted a probe into 1,234 state-run agencies and 191 civilian firms from January to June and found violations in information management, including excessive collecting of personal information and insufficient management of crucial data.

Punitive damages of up to three times the damage caused by data breaches will be imposed on companies that fail to protect their customers. The ministry will revise the related laws later this year.

The government will also work on establishing legal grounds for supervisory services to recommend the sacking of a CEO who is found responsible for a data breach.

In order to motivate companies to make efforts to boost their defenses against hackers, the government is pushing to reduce the tax on corporate spending to enhance the cybersecurity infrastructure.

The new plan also touches on compensating the victims of data theft.

People who suffered financially from such incidents will be able to receive compensation of up to 3 million won ($2,923) via a court ruling even without proving they have suffered damages. The tall task of having to find evidence of the damage themselves has prevented many victims from demanding compensation for data leaks.

The plan also touches on the widely used but often loosely handled resident registration numbers, which function similarly to social security numbers in the U.S. Experts presume that due to numerous past hacking incidents, a massive amount of the 13-digit numbers may already be circulating in the black market.

Because the number is issued to each Korean citizen at birth, it has been difficult to prevent the information from being used in crimes after being stolen.

After the new measures have been implemented, a person whose resident registration number was stolen and who suffered serious financial damage as a result will be allowed to get a new number.

By Yoon Min-sik (