[Asia Economy Reporter Seulgina Jo] Last year, public institutions with inadequate personal information management included the Nuclear Safety and Security Commission, the Ministry of Environment, and Daejeon Metropolitan City. It was found that more than one out of ten public institutions, such as central administrative agencies and local governments, were insufficient in personal information management diagnosis.
On the morning of the 9th, the Personal Information Protection Commission reported the results of the '2020 Personal Information Management Level Diagnosis' conducted on 779 public institutions at the Cabinet meeting.
As a result of diagnosing 13 indicators in three major areas?personal information management system, protection measures, and breach response measures?the average score was 84.3 points, an increase of 3.4 points compared to the previous year. A total of 353 public institutions, including the Ministry of Science and ICT, the Korea Communications Commission, the Ministry of Justice, Jeollanam-do, and the National Pension Service, received a 'Good' grade with scores of 90 or above. Institutions with a good grade accounted for 45% of all evaluated institutions, up from 37% the previous year.
On the other hand, 95 institutions, including the Nuclear Safety and Security Commission, the Ministry of Environment, Daejeon Metropolitan City, and the Korea Post Facilities Management Corporation, received an insufficient grade. Specifically, these included 2 central administrative agencies, 31 local governments, 29 central public institutions, and 23 local public enterprises. The Personal Information Protection Commission plans to focus on managing and supporting these institutions going forward.
By institution type, the level of personal information management was relatively insufficient in basic local governments and local public enterprises compared to central administrative agencies and metropolitan local governments. The proportion of institutions with a good grade by type was as follows: central ministries (61%), metropolitan local governments (53%), central public institutions (51%), local public enterprises (43%), and basic local governments (35%).
By category, protection measures (90 points), such as establishing personal information processing policies and procedures for exercising data subject rights, were rated as good, but breach response measures (80 points), including safety measures to prevent breach incidents, were evaluated as insufficient. In particular, 'Personal Information Processing System Management' (64 points), which includes access rights management?a major cause of hacking incidents?received the lowest score.
The Personal Information Protection Commission plans to conduct a personal information processing status inspection on public institution websites and local governments in the first quarter. In the second quarter, customized on-site consulting for insufficient institutions is also scheduled. Additionally, work manuals targeting indicators requiring focused management will be produced and distributed to encourage each institution to autonomously improve their personal information management levels.
Yoon Jong-in, Chairperson of the Personal Information Protection Commission, stated, “Since public institutions collect and process large-scale personal information closely related to citizens' lives and sensitive data, a high level of personal information protection efforts is required.” He added, “Based on these results, each public institution should more closely examine their personal information processing status and system management, and focus on improving insufficient areas.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
