Minor Mistakes and System Errors Exempt from Penalties
[Asia Economy Reporter Eunmo Koo] The Personal Information Protection Commission (PIPC) held its 18th plenary session on the 10th and announced that it resolved to impose a total fine of 45.6 million KRW along with corrective orders on seven businesses that violated personal information protection regulations.
The PIPC initiated an investigation following reports of data leaks by the businesses. The subjects of this action include seven companies?Musinsa, Weverse Company, Dong-A Otsuka, Korea Credit Data, DL E&C, GS Retail, and KT Alpha?that failed to fulfill their obligations for necessary personal information safety measures, resulting in the leakage of users' personal information.
According to the investigation, Musinsa experienced a developer error that caused the personal information of one user of the ‘Kakao Easy Login’ feature to be accessed by another person. Additionally, during the process of linking account information across services, duplicate accounts were created, leading to the personal information of 23 users being viewed by others. Weverse Company confirmed that during an emergency response to abnormal service traffic, a development error caused login under another person's account, exposing 137 cases of personal information to unauthorized parties.
Dong-A Otsuka mistakenly applied the newly developed ‘Select Existing Delivery Address’ feature on the member product order page to non-members as well, resulting in the exposure of personal information of 10 individuals who purchased as non-members. Other sanctioned businesses were also found to have violated safety obligations by exposing personal information to unauthorized personnel during processing.
Although all seven businesses are subject to fines for violating safety obligations, the personal information leaks were due to minor mistakes and the damages were minimal; therefore, fines will not be imposed.
Song Sang-hoon, Director of the Investigation and Coordination Bureau at the PIPC, stated, “Personal information handlers must be vigilant that leaks can occur not only from external attacks such as hacking but also from internal factors like staff negligence and operational errors.” He emphasized, “Although fines were waived today in accordance with the principle of proportionality for the leakage incidents resolved, businesses handling valuable personal information must continuously inspect their obligations to ensure personal information is managed safely.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
