On the 30th, the Ministry of Science and ICT announced that the "Amendment to the Act on the Promotion of the Information Security Industry (hereinafter referred to as the 'Information Security Industry Act'), which establishes the legal basis to verify the accuracy and reliability of information security disclosures," passed the plenary session of the 404th National Assembly (extraordinary session).
The information security disclosure system is a voluntary and mandatory system that publicly discloses companies' information security status, such as investment, personnel, and certification status, according to Article 13 of the Information Security Industry Act. To guarantee the public's right to know about companies' information security status and to achieve the purpose of safe internet use, the accuracy and reliability of the disclosed information must be ensured. Last year, the mandatory disclosure compliance rate was 99.5% (594 out of 597 companies).
Currently, verification, correction, and cancellation of information security disclosures have been operated as administrative guidance based on the "Notice on Information Security Disclosures." However, there was no legal basis to enforce companies to submit necessary materials for verification or to compel verification if companies submitted materials insincerely or refused verification, making legislative supplementation necessary.
With the passage of the amendment to the Information Security Industry Act, it is now possible to verify disclosure contents and request corrections if the disclosed information is false. Refusal to comply with verification or correction requests will result in a fine of up to 10 million KRW.
Detailed verification methods and procedures will be established through subordinate legislation revisions in the second half of the year.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
