Personal Information Protection Commission Sanctions Six Companies Including MS for Violations of Personal Information Safety Obligations
Imposition of 84.4 Million KRW in Fines and Penalties for Violations of Safety Assurance Obligations
[Asia Economy Reporter Eunmo Koo] On the 9th, the Personal Information Protection Commission held the 10th plenary meeting at the Government Seoul Office and announced that it imposed corrective measures including fines of 53.4 million KRW and penalties of 31 million KRW on six businesses, including Microsoft and Ground One, a Kakao Group affiliate. The Commission began an investigation after receiving reports of personal information leaks due to hacking and employee errors, and with technical support from the Korea Internet & Security Agency (KISA), confirmed the following violations.
First, Microsoft failed to implement access control for the personal information processing system administrator account, resulting in the leakage of some users' personal information, and delayed reporting the leak and notifying users. Two businesses, including Ground One, leaked resident registration numbers in an unencrypted state due to negligent password management, and delayed reporting and notification of the personal information leak. Additionally, the Korea Professional Football League was found to have failed to notify users of their right to refuse consent when providing personal information to third parties, and two businesses including the Korea Mountain Bike Federation failed to fulfill safety measures obligations such as access control to the personal information processing system administrator page.
The Personal Information Protection Commission imposed penalties on all six companies for violating legal obligations related to personal information leak reporting, notification, and safety measures. Furthermore, fines were imposed on three companies including Microsoft for violating access control or failing to encrypt resident registration numbers, and improvement recommendations were issued to three companies including Ground One for negligence in managing personal information handlers.
Hot Picks Today
"Buy on Black Monday"... Japan's Nomura Forecasts 590,000 for Samsung, 4 Million for SK hynix
- "Plunged During the War, Now Surging Again"... The Real Reason Behind the 6% One-Day Silver Market Rally [Weekend Money]
- "Not Everyone Can Afford This: Inside the World of the True Top 0.1% [Luxury World]"
- "We're Now Earning 10 Million Won a Month"... Semiconductor Boom Drives Performance Bonuses at Major Electronic Component Firms
- Experts Are Already Watching Closely..."Target Stock Price 970,000 Won" Now Only the Uptrend Remains [Weekend Money]
Song Sang-hoon, Director of the Investigation and Coordination Bureau at the Personal Information Protection Commission, stated, “If a business neglects the management of collected personal information and a leak occurs, it can be exploited for crimes such as voice phishing, causing secondary damage. We will continue strict law enforcement against violations of legal obligations necessary to prevent personal information leaks, and hope this case serves as an opportunity for businesses to pay special attention to personal information management.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
