[Asia Economy Reporter Joselgina] LG Uplus dealerships were caught sharing system access accounts containing customer personal information with sales stores without authorization. Both the dealerships and LG Uplus headquarters, which failed to properly manage and supervise, were fined administrative penalties and fines.
The Personal Information Protection Commission held a plenary session on the 9th and announced that it decided to impose a total of 75 million KRW in administrative fines and penalties on LG Uplus and four other companies, including dealerships, for violating personal information protection regulations. This is the first case where the management and supervision responsibility of the telecommunications company, as the consigner, was held accountable for violations of personal information protection regulations by telecommunications dealerships.
The Personal Information Protection Commission received a complaint in January last year requesting an investigation into illegal personal information transactions by telecommunications dealerships. During the investigation, it was confirmed that the dealerships violated related regulations and LG Uplus neglected management and supervision of the dealerships.
As a result of the investigation, it was found that two LG Uplus dealerships subcontracted the high-speed internet membership registration work to sales stores without LG Uplus's consent and shared customer information system access accounts with unauthorized sales stores. Additionally, LG Uplus was found to have neglected proper management and supervision regarding compliance with laws by dealerships, as unauthorized sales stores accessed its customer information system from September 2016 to June 2019 without proper inspection of access locations and records.
Accordingly, the Personal Information Protection Commission regarded LG Uplus's negligence in managing and supervising its contractors as a serious violation and imposed an administrative fine of 11.6 million KRW based on the fine imposition standards. Furthermore, a penalty of 10 million KRW was imposed for negligence in access control to the customer information system, and corrective measures for the violations were ordered.
The Personal Information Protection Commission also imposed a total fine of 23.2 million KRW on the two dealerships as contractors for ▲ subcontracting personal information processing to sales stores without obtaining the consigner's consent, ▲ granting customer information system access accounts under unauthorized persons' names and sharing them with sales stores, and ▲ violating personal information encryption regulations.
In addition, sales stores that received subcontracted personal information processing tasks from dealerships were fined a total of 30.2 million KRW in administrative fines and penalties for ▲ collecting and using resident registration numbers without legal grounds, ▲ providing personal information to third parties without the data subject's consent, and ▲ neglecting protective measures for the personal information processing system.
Yoon Jong-in, Chairman of the Personal Information Protection Commission, stated, “It is necessary to sound an alarm to strengthen the management and supervision of telecommunications companies as consigners regarding the misuse and abuse of personal information by dealerships.” He added, “The Personal Information Protection Commission will strive to ensure that citizens' personal information is safely protected in their daily lives through continuous inspections of violations of personal information regulations by telecommunications companies and dealerships, not only through this sanction.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
