Cha Hobum, SKT CPO: "Privacy Protection Must Begin at the Service Planning Stage"

Special Lecture on Digital Privacy at Korea University

"Scope of Authority Emerges as a New Threat in the Age of AI Agents"

"AI agents make payments, send messages, and schedule appointments on my behalf. They keep acting without my explicit permission each time. Does a single 'consent' apply to all future automated actions?"

Cha Hobum, Chief Privacy Officer (CPO) of SK Telecom, raised new privacy risks in the era of AI agents during a special lecture given to students of the Smart Security Department at Korea University.

Cha explained, "In the past, the core of personal data protection was to prevent leaks, but now everything is completely different. Even if AI data is deleted, traces remain because the information is 'embedded' in models; information not provided can be inferred, and collection, judgment, and execution are autonomously handled."

He particularly pointed out that the scope of authority given to agents to make decisions on our behalf could become a new threat in the era of AI agents. This includes issues such as not knowing what data we are handing over, or whether data entered in Korea is protected by law when processed on overseas servers.

Cha introduced real-world cases of personal information protection violations and emphasized the need to design privacy strategies from the initial system design stage.

Specifically, he cited examples such as reducing mandatory fields like resident registration number, address, occupation, and marital status on application forms to less than half; masking resident registration numbers in call recordings automatically in real time; separating location resolution by purpose (for ads, by neighborhood; for emergencies, by building); and implementing measures such as immediate and automatic deletion from all systems—including backups and logs—when membership withdrawal is clicked. These are ways to implement privacy protection from the data lifecycle design stage.

Cha referenced SK Telecom's AI-based voice phishing detection solution and stated, "Utilizing data does not have to be a risk; it can become a means of customer protection and building trust." SK Telecom is expanding education and communication on digital trust to help future talent understand changes in privacy in the AI era. This special lecture was part of those efforts.

SK Telecom plans to incorporate privacy protection into service planning from the earliest stages, based on the principle that "trust design is the core competitive edge in the AI era." Additionally, the company aims to raise digital privacy awareness by sharing field-based cases and practical guides in collaboration with universities, public institutions, and industry, and to foster a safe AI usage ecosystem through customer education and outreach.

In a career guidance session for students, Cha introduced eight career tracks for security professionals, such as security engineers and privacy engineers, and advised them to develop expertise in at least two fields among technology, law, and business.

Cha emphasized, "In the AI era, competitive advantage comes not from data, but from trust design," adding, "Security and privacy are not merely the work of those who develop technology, but of those who take responsibility for it."