Financial Supervisory Service Decides to Exempt Companies from Liability in Case of Personal Data Breach
Interest Grows Over Whether This Will Expand to Financial Sector Previously Reluctant to Remote Work
[Asia Economy Reporter Oh Hyung-gil] Samsung Life Insurance is the first in the insurance industry to promote remote work for job positions that access customers' personal information. This move follows a decision by financial authorities to exempt the company from administrative responsibility if personal information is leaked during remote work by call center counselors.
Until now, other financial companies, which were identified as hotspots for COVID-19 cluster infections but practically unable to implement remote work due to concerns over information leaks, are drawing attention to whether this will be expanded.
According to financial authorities and the insurance industry on the 8th, the Financial Supervisory Service recently issued a non-action opinion letter regarding Samsung Life Insurance's request to implement remote work for some call center counselors to prevent the spread of COVID-19. The Financial Supervisory Service stated in the letter that administrative measures will be exempted for institutions, including call center subcontracting subsidiaries, in cases of personal information leaks caused by illegal acts of individuals beyond the company's control.
A non-action opinion means that although it is generally not permitted under current regulations, it is temporarily allowed in exceptional circumstances. Previously, Samsung Life Insurance inquired with financial authorities about exemption from sanctions, judging that even if the company strengthens security measures when implementing remote work for call center counselors to prevent COVID-19 spread, there is still a possibility of personal information leakage by individuals. Following the financial authorities' opinion, Samsung Life Insurance plans to temporarily relax network separation rules to allow general employees to access the internal communication network externally during remote work.
To this end, they will use work devices with applied security policies and establish physical security systems such as network security equivalent to dedicated lines, control of external device connections like USBs and external hard drives, prohibition of printing and output, prevention of screen capture, file encryption (DRM), and blocking unauthorized software installations.
Additionally, they have prepared remote work guidelines that include separating workspaces, prohibiting entry of outsiders, forbidding unauthorized departure from the work site, conducting attendance checks for remote workers when necessary, and requiring daily security checklists to be submitted as part of security measures.
A financial authority official explained, "Samsung Life Insurance will be exempted from responsibility only if it implements physical security and security awareness enhancement measures," but added, "However, this measure will not apply to other financial companies."
Following cluster infections of COVID-19 at financial company call centers in Daegu and Guro-gu, Seoul last month, urgent demands for countermeasures surged inside and outside the financial sector. The poor working environment of call centers, where dozens of counselors work in cramped spaces, was identified as the cause of cluster infections.
Financial authorities recommended maximizing the use of remote, flexible, and distributed work at call centers, but actual cases of remote work implementation were rare. This was due to concerns that security levels would inevitably decline and personal information could be leaked if counselors with access to customer information worked remotely.
However, financial companies have implemented flexible and distributed work for call center counselors, citing that while the company is responsible for preventing personal information leaks, control becomes impossible with remote work.
Even if security pledges or security checklists are obtained from remote workers, it was considered difficult to prevent information leaks from spreading rapidly. The personal information departments within insurance companies have not implemented remote work since the COVID-19 outbreak.
An insurance industry official said, "The company can protect personal information through internal systems, but it has concluded that the same level of security cannot be established during remote work, so remote work is not implemented," adding, "There is practically no way to prevent family members or third parties from accessing work PCs, illegal copying, or filming with mobile phones."
Meanwhile, demands are rising for the primary insurance companies to take responsibility for the COVID-19 cluster infections that occurred at the Guro call center.
On the 7th, the National Office Financial Services Labor Union and the Korean Confederation of Trade Unions Call Center Labor Union held a press conference at the Ace Insurance headquarters, stating, "Counselors, who are struggling with livelihood and job insecurity as if they are being treated as the cause of the COVID-19 cluster infections, have not been provided with proper countermeasures or plans," and "Call center employees who have been representing Ace Insurance on the front lines to serve customers should not be treated this way. Ace Insurance must take responsible action as the primary contractor."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
