[Asia Economy Reporter Lim Hye-seon] There is a joke that "modern people's personal information is a public good." Incidents of personal information being leaked and used without one's knowledge occur frequently. This month alone, two security incidents have already occurred involving LG Uplus and Remember. On the 10th, LG Uplus disclosed that the personal information of 180,000 subscribers was leaked. Various information such as names, dates of birth, phone numbers, encrypted resident registration numbers, addresses, subscriber unique identification numbers (IMSI), and USIM numbers were exposed. Then, on the 13th, Remember accidentally leaked the email addresses of 365 potential users who inquired about signing up during the launch process of Remember Black, a recruitment service handling only job postings with annual salaries over 100 million won, due to an employee's mistake.
Security incidents are not limited to Korea. Accidents occur worldwide. In Europe, Twitter is under investigation for allegedly leaking the personal information of 5.4 million users. Approximately 5.4 million email addresses and phone numbers were posted on communities used by hackers. Last year, Australian mobile carrier Optus experienced a data breach affecting 11 million subscribers. The health insurance company Medibank was also hacked, resulting in the leakage of personal information of 9.7 million people.
![[Initial Insight] Is Your Personal Information Safe?](https://cphoto.asiae.co.kr/listimglink/1/2022022513185158902_1645762731.jpg)
Each country has established personal information protection laws and is strengthening crackdowns on illegal activities. The General Data Protection Regulation (GDPR), enforced in Europe since 2018, is a representative example. If a company violates personal information protection obligations, it must pay a fine of up to 20 million euros (26.8 billion won) or 4% of its annual revenue, whichever is higher. Meta, which caused the Facebook personal information leak incident, was fined 17 million euros (approximately 22.8 billion won) by the Irish Data Protection Commission. Amazon was ordered by the Luxembourg supervisory authority to pay a fine of 746 million euros (approximately 1.03 trillion won) for unauthorized collection of users' unique information.
Going a step further, the European Union (EU) will enforce the Digital Markets Act from May, which prohibits the use of users' personal information for advertising purposes. Global big tech companies such as Google, Meta, and Amazon are the targets of this regulation. Violations can result in fines of up to 10% of global revenue.
Australia and the United States have similar measures. Australia imposes fines of up to 50 million dollars (approximately 62 billion won), three times the profit gained from information leakage, or 30% of revenue during the violation period, whichever is highest, for companies violating personal information protection obligations. Although the United States lacks a national personal information protection law, voices calling for an integrated personal information protection law have recently emerged, as data breach incidents increase annually.
Korea also seems to be joining the trend of strengthening penalties but has yet to overcome the National Assembly's hurdle. The second amendment to the Personal Information Protection Act, which raises the upper limit of fines imposed on companies leaking personal information from "3% of revenue related to the violation" to "3% of total revenue," has only passed the bill subcommittee of the National Assembly's Judiciary Committee so far. The existing law has fairness issues because fines are calculated based on related revenue, which is difficult to determine, and are imposed only on some service providers such as information and communication service providers. Consideration must also be given to restoration methods. There is no time to delay. A framework suitable for personal information protection in the digital age must be established quickly.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
