Personal Information Protection Commission Sanctions 19 Public Institutions for Violating Safety Measures Obligations

Published 08 Sep.2021 14:15(KST)

Updated 16 Jan.2025 16:22(KST)

open/close

Personal Information Protection Commission Sanctions 19 Public Institutions for Violating Safety Measures Obligations

[Asia Economy Reporter Eunmo Koo] On the 8th, the Personal Information Protection Commission held the 15th plenary session and announced that it decided to impose a total fine of 93.6 million KRW, issue corrective recommendations and orders, and take corrective actions such as public disclosure against 19 public institutions that violated personal information protection regulations. Notably, fines were imposed on five local governments (including two education offices) for violations of personal information protection regulations, marking the first case since the enactment of the Protection Act.

During last year's National Assembly audit, concerns about the leakage and misuse of personal information by public institutions were raised, including security vulnerabilities on the website pointed out by Assemblyman Young-bae Kim, who was then a member of the National Assembly’s Public Administration and Security Committee. In response, the Personal Information Protection Commission established a plan to inspect the personal information handling status of public institutions, selected 20 public institutions suspected of violating the Personal Information Protection Act, conducted investigations, and confirmed violations in 19 institutions.

The main violations included ▲inadequate management of access records, such as failing to check access logs to personal information processing systems at least once a month, ▲allowing access to personal information processing systems from outside without additional authentication procedures, requiring only ID and password input, ▲sharing a single account among multiple users, and ▲transmitting passwords without encryption.

Park Sang-hee, Secretary General of the Personal Information Protection Commission, stated, “The obligation to implement safety measures is the most fundamental aspect of personal information protection,” adding, “This disciplinary action will serve as an opportunity to raise the level of personal information protection in public institutions that handle large-scale personal information of the public.”