Insurance Planner Who Secretly Changed Contracts Using Client Information... Supreme Court: "Cannot Be Punished as a Personal Information Processor"
Insurance Planner Cancels Special Contracts and Alters Coverage by Impersonating Client
Lower Courts Found Guilty, Supreme Court Overturns and Remands
"Final Authority Over Personal Data Lies With the Insurance Company"
Even if an insurance planner uses a customer's personal information without permission and impersonates the customer to change an insurance contract, the Supreme Court has ruled that the planner should not automatically be deemed a "personal information processor" under the Personal Information Protection Act and punished as such, if they do not bear ultimate responsibility for information management.
According to the legal community on April 22, the Supreme Court (Presiding Justice Kwon Youngjun) overturned the lower court's guilty verdict in the appeal trial of insurance planner A, who was indicted on charges including fraud, falsification of electronic records, and violation of the Personal Information Protection Act. The Supreme Court remanded the case to the Seoul Central District Court.
A, while working as an insurance planner, used the personal information (date of birth, address, contact information, etc.) of client B—information acquired through work—and committed the crime together with an accomplice. They deceived the insurance company's call center agent by pretending that B was calling directly, canceled special contracts, and arbitrarily changed coverage details. Prosecutors indicted A for violating the Personal Information Protection Act, arguing that A had used customer information beyond the intended scope of collection and without authorization.
Both the first and second instance courts found A guilty of all charges. The courts assumed that because A had collected and used the customer's personal data, A qualified as a "personal information processor" as defined by the Personal Information Protection Act.
However, the Supreme Court's view differed. The court stated, "Under the Personal Information Protection Act, a 'personal information processor' is defined as an entity that comprehensively determines the purpose, method, and content of personal data processing." The court pointed out, "Even if an insurance planner handles personal data in the course of soliciting or brokering insurance contracts, it is highly likely that the final authority over the purpose and management of such data rests with the insurance company." Simply collecting and using information does not immediately make an individual planner legally responsible as a personal information processor.
Hot Picks Today
!["When the Middle East War Ends, This Stock Will Lead"... Target Price Raised 71% [Click e-Stock]](https://cwcontent.asiae.co.kr/asiaresize/93/2026042115550834734_1776754507.jpg)
"When the Middle East War Ends, This Stock Will...
- "Is the Starting Salary Really 4 Million Won?"... Surprise as Navy Salary and Sa...
- Why SK Hynix Was Rejected While Samsung Electronics Was Approved: The Reason for...
- "Please Launch It in Korea!" After All the Hype... This Coffee Finally Arrives i...
- Even With a 900 Million Won Deposit and 2.5 Million Won Monthly Living Expenses,...
The court added, "The lower court erred in law by automatically regarding A as a personal information processor and finding A guilty." The court further explained, "Because the violation of the Personal Information Protection Act is in concurrence with other offenses, the entire sentence must be reconsidered, and thus the lower court's judgment is set aside." However, the court also noted, "Even if A is not deemed a personal information processor, if A qualifies as an 'actor' under the dual liability provision of Article 74 of the Act, the punishment provision may still apply. This is a separate matter."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
