Personal Information Protection Commission: "95% Implementation Rate of Corrective Measures in Second Half of Last Year at SKT and Others"
211 Out of 222 Corrective Actions Verified as Completed
SK Telecom Completes Comprehensive Internal Inspection and USIM Authentication Key Measures
Super App Providers Such as Naver and Coupang Fully Implement Recommendations
The Personal Information Protection Commission announced on May 14 that it had reviewed the implementation status of corrective measures imposed on organizations and companies for violations of the Personal Information Protection Act in the second half of last year, confirming that 211 out of 222 cases (approximately 95.0%) had been implemented.
Song Kyunghee, Chairperson of the Personal Information Protection Commission, is delivering a greeting speech at the 9th plenary session of the Personal Information Protection Commission held on the afternoon of the 13th at the Government Seoul Office. Provided by the Personal Information Protection Commission
View original imageThe 222 corrective measures reviewed were categorized as follows: 175 for safety measures, 11 for management and supervision of personal information handlers, 7 for restrictions on processing resident registration numbers, 4 for breach notification and reporting, and 25 for other cases. All measures, except for safety measures (165 cases completed) and other cases (24 cases completed), have been fully implemented.
The Commission specifically emphasized that it had conducted on-site inspections of SK Telecom and Incruit, which experienced large-scale personal information leakage incidents last year, to verify whether specific preventive measures had been established and implemented.
As a result, SK Telecom was found to have strengthened safety measures, including identification and comprehensive inspection of personal information processing systems within its mobile network, improvement of firewall policies, and encryption of USIM authentication keys and sensitive information. The organizational structure was also reorganized so that the Chief Privacy Officer (CPO) can oversee and manage personal information assets across all areas, including IT and infrastructure, without restriction. However, installation of real-time monitoring and blocking EDR systems and expansion of authentication scope, which were included in the implementation plan, will be additionally verified during the next inspection.
Incruit implemented additional authentication systems and improved policies for detecting abnormal traffic. The company also restructured its organization to ensure the independence of the CPO, strengthened its management system by appointing a new specialized CPO with the required qualifications and experience, and clarified responsibilities.
Among the 38 public institutions that received recommendations for corrective action following a comprehensive inspection of the centralized management system, 33 have completed implementation and submitted their plans. The National Police Agency and others have strengthened access control by linking HR information with the personal information processing system to keep departmental affiliations up to date. The National Pension Service and similar organizations have improved their systems to allow for review of access logs by personal information handlers at system-using institutions.
Overseas businesses such as KUKA Entertainment have incorporated restrictions on processing and collection of resident registration numbers into their internal management plans, including a checklist to prohibit collection without legal grounds. Related training has also been provided to employees.
Additionally, the Commission reported that super app service providers (Naver, Kakao, Coupang, Woowa Brothers, Danggeun Market), for whom recommendations were made during a preliminary inspection in July last year, have implemented all recommended measures. These companies have established alternative practices to habitual requirements for mandatory consent by providing notifications to data subjects, and have enabled account deactivation and deletion for each service within the super app to strengthen user rights. Procedures for requests to suspend or delete personal information have been made easier to understand in their privacy policies.
Worldcoin and TFH have also implemented corrective measures, such as introducing procedures to verify children's ages and improving consent requirements for personal information collection, and the Commission plans to continue monitoring their actual service operations.
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Don't Throw Away Coffee Grounds" Transformed into 'High-Grade Fuel' in Just 90 Seconds [Reading Science]
- Signed Without Viewing for 1.6 Billion Won... Jamsil and Seongbuk Jeonse Prices Jump 200 Million Won in a Month [Real Estate AtoZ]
- "Groups of 5 or More Now Restricted"... Unrelenting Running Craze Leaves Citizens and Police Exhausted
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
The Commission stated, "We will further verify the implementation status of the seven organizations still undergoing corrective action reviews and encourage their compliance. To genuinely enhance the level of personal information protection, we will continue to activate specific corrective orders, improvement recommendations, and implementation reviews."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
