[Asia Economy Reporter Lim Hye-seon] Cases of personal information infringement have more than doubled over the past four years.
According to data submitted by the Korea Internet & Security Agency (KISA) to Yang Jeong-suk, a member of the National Assembly's Science, Technology, Information and Broadcasting Committee (STIBC), the number of reports and consultations related to personal information infringement last year totaled 210,767 cases, an 18.8% increase from the previous year. Compared to 2017, four years ago (105,112 cases), the number has more than doubled. From January 2017 to May of this year, the total number of reports and consultations reached 888,771 cases.
'Identity theft including resident registration numbers and other personal information' accounted for 393,209 cases, representing 44.2% of the total. Cases related to 'voice phishing and other financial fraud' also reached 222,182 cases (25%), raising concerns about economic damage to the public.
Yang’s office stated, "As cyberattacks such as hacking have surged recently, concerns over personal information leakage have increased, leading to calls for companies that hold large amounts of personal information for extended periods, such as information and communication service providers, to be required to obtain the 'Information Security Management System and Personal Information Protection Management System Certification' (ISMS-P) mandatorily."
ISMS-P, operated by KISA, is a certification system concerning personal information management systems and safety measures. While the Information Security Management System certification (ISMS) was made mandatory in 2013, ISMS-P is not yet mandatory. However, companies subject to ISMS requirements can choose to be certified under either ISMS or ISMS-P, and in practice, ISMS has been replaced by ISMS-P. ISMS includes 80 certification items, while ISMS-P adds 22 more, totaling 102 certification items.
ISMS-P has been issued since October 2019, and the last issuance of the existing ISMS was in August 2019, so all certifications are expected to expire by August this year.
On the 24th, Assembly member Yang Jeong-suk introduced the 'ISMS-P Mandatory Legislation' (Partial Amendment to the Personal Information Protection Act) as the lead sponsor. The targets are personal information processors with annual sales or revenue of 150 billion KRW or more, or those in the information and communication service sector with previous year sales of 10 billion KRW or more, or those with an average daily user count of 1 million or more over three months.
Yang emphasized, "From the perspective of preventing personal information infringement, it is necessary to make ISMS-P, which is currently voluntary, mandatory for businesses above a certain standard, just like ISMS. This should include information and communication network service providers, integrated information communication facility operators, and those with annual sales or user numbers above a certain scale among personal information processors."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
