South Korea's largest online shopping mall, 'Raon,' suffered a hacker attack resulting in the leakage of 40 million pieces of personal information. Due to legal amendments, Raon was fined 300 billion KRW, equivalent to 1% of its sales revenue. This is depicted in the drama 'Extraordinary Attorney Woo.' It is a story that reflects reality as it is. Meta Platforms, the parent company of Facebook, recently faced a massive fine of 1.2 billion euros (1.71 trillion KRW) in Europe for negligence in protecting customer information. The reason was that personal data of European users was transferred to the United States. This is the largest fine ever imposed for violations of the European Union's General Data Protection Regulation (GDPR). South Korea is no different. Seoul National University Hospital, which lost information of 810,000 patients to a North Korean hacking group, was fined about 75 million KRW. The Ministry of Land, Infrastructure and Transport was also fined 25 million KRW for exposing the resident registration numbers of about 27,000 people.
![[Inside Chodong] Is My Personal Information Safe?](https://cphoto.asiae.co.kr/listimglink/1/2022061011113098845_1654827090.jpg)
Personal information leakage incidents are a global issue. As interest in generative artificial intelligence (AI) like ChatGPT grows, concerns about information protection are increasing. There are many potential risks arising from generative AI training data, such as teaching users how to create hacking programs.
To protect personal information, strict regulation according to legal systems, which are the minimum safety measures, is necessary. In South Korea, sanctions against companies responsible for personal information protection are minimal. Under the European GDPR, if a violation is deemed serious, a fine of 4% of the total worldwide annual turnover of the previous financial year or 20 million euros, whichever is higher, is imposed. South Korea's amended 'Information Protection Act,' effective from September 15, changed the maximum fine from '3% of sales related to the violation' to '3% of total sales.' However, a proviso was added excluding sales unrelated to the violation. This essentially means there is little change.
If the severity of punishment is low, companies may neglect investment in personal information protection. In fact, last year, the average proportion of information security (IT) investment relative to information technology investment among 627 companies was about 9.13%. Compared to major advanced countries such as the United States (23%) and the United Kingdom (20%), South Korean companies' investment in information security technology was less than half. Attention should also be paid to child information protection. As children's digital activities increase, commercial attempts to collect and use personal information through online services targeting them are also rising.
Moreover, the South Korean government is preparing for the 'Digital Platform Government' era. The government's blueprint includes a national happiness platform that eliminates citizens' inconveniences by embracing digital technology and private sector innovation capabilities, a corporate growth platform that provides growth opportunities for businesses, and a government innovation platform. The government plans to integrate data scattered across ministries to create a digital platform and open data to provide customized services. Personal information protection inevitably becomes more important. For the Digital Platform Government to be realized, personal information protection policies must be supported. This is because personal information could be misused during the process of sharing data among ministries. The government is also preparing measures to minimize concerns about personal information infringement. Efforts must be made to protect personal information so that citizens can trust it. Superficial solutions are not needed. The fundamental causes of repeated customer information protection incidents must be considered. Could it be that too much personal information, including resident registration numbers, is being collected?
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
