"Notification to Users at Risk of Personal Information Leaks"... Kwon Hyungyup Proposes Bill

On December 1, Hyungyup Kwon, a member of the Democratic Party of Korea, announced that he had sponsored an amendment to the Personal Information Protection Act aimed at expanding the scope of notification recipients in the event of a personal information leak.

원본보기 아이콘

Under current law, notifications regarding leaked items, the timing and circumstances of the leak, and ways to prevent secondary damage are only required to be sent to those whose personal information has been confirmed as leaked. As a result, in cases that are not large-scale incidents like those involving SK Telecom, KT, or Coupang, users may remain unaware that a breach has occurred at all.

The problem is that investigations by the Personal Information Protection Commission or the Korea Internet & Security Agency can take several months, and additional victims may be identified depending on the results of these investigations. During this gap period, potential additional victims remain completely exposed to secondary harm such as smishing or voice phishing, without realizing their personal information may have been leaked.

For example, in April, the website for the Ministry of Trade, Industry and Energy's "Public Data Utilization Contest" was hacked, resulting in the leak of personal information of contest applicants. The Ministry only became aware of the hacking and the data breach 42 days later, and notified only one individual whose information had been confirmed as leaked as of that date.

Even now, seven months later, the Personal Information Protection Commission is still investigating the incident and responded to Hyungyup Kwon's office that "the scale of the leak may change depending on the final investigation results." Users of the contest website remain unaware of the incident itself, even though they could be identified as additional victims.

Hyungyeop Kwon, Member of the Democratic Party of Korea

원본보기 아이콘

At a National Assembly Political Affairs Committee audit in October, Song Kyunghee, Chairperson of the Personal Information Protection Commission, stated, "We will consider ways to improve the system so that notifications and reports can be made to victims from the stage when a personal information leak is suspected." It is also reported that the commission's "System Improvement Task Force" is reviewing such measures.

Kwon said, "The current law leaves potential victims exposed to the risk of secondary harm," and added, "We must mandate notification of all users who may be affected by a personal information leak, in order to protect the golden time for preventing secondary damage."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.