Back To Top

Revised privacy law to take effect amid concerns

A revised privacy law prohibiting all public institutions and companies from collecting citizens’ resident numbers is coming into effect on Thursday as planned, but concerns linger as to its effectiveness.

Earlier this year, the government announced that it will ban firms from requesting resident registration numbers ― the most generally used form of identification here ― for commercial and financial transactions. Credit cards, banks and other financial institutions must also wipe resident numbers from all documents and databases.

In place of resident IDs, other security options such as My-PIN numbers are being introduced.

The revision was devised as the nation reeled from a personal data breach that hit millions of users here between January and March this year.

The local financial sector, however, appeared to be skeptical over just how effective the new measures would be.

While it agreed on the need to avoid yet another leak, most believed that the newly proposed options such as My-PIN would face challenges.

“The new policy has been implemented too quickly, so we expect much confusion in our customer services over the next few months,” an official from Samsung Card said.

Local banks, meanwhile, claimed that they are ready to uphold the privacy law revision.

“We have formed a task force to work on this with the government and our peers and therefore we believe we are fully ready,” said a Citibank official.

Banks are unlikely to adopt the My-PIN service that offers users a random 13-digit sequence to use for ID, and instead will choose different methods for boosting security, industry sources said.

“After all, My-PIN is just another form of resident number. There should be a move not to use identification numbers rather than making another one, which can incur similar data leak accidents in the future,” said Chun Eung-hwi, president of Open Net Korea, an organization promoting online security.

The government said it will offer a six-month grace period. First and second-time violators during this period will receive a warning, but repeat offenders could face a fine of 6 million won ($5,800). The ceiling on the fine will be raised to 30 million won once the grace period is over.

Meanwhile, neither the government nor the financial sector has yet to offer a solution for handling the information of customers who have already registered for services using their resident ID numbers.

As the revision does not apply to existing data, critics have warned of additional security breaches.

By Suk Gee-hyun (