Financial Services Commission Announces Proposed Amendments to Credit Information Business Supervision Regulations
Follow-up Measures for 'MyData 2.0 Promotion Plan'
Mandatory Use of 'Safe Provision System' When Selling Information to Third Parties
Guideline Revisions to Enhance User Convenience and Strengthen Information Protection
On the 9th, officials were busy moving in the hallway of the Financial Services Commission at the Government Seoul Office in Jongno-gu, Seoul, where financial authorities decided to include mortgage loans (Judaemae) in the 'debt refinancing' infrastructure scheduled to launch in May by the end of the year. Financial authorities explained that the purpose is to reduce the interest burden on mortgage loans by establishing a debt refinancing platform that allows users to compare financial sector loan interest rates at a glance and switch loans easily. Photo by Dongju Yoon doso7@
From now on, face-to-face sales by MyData service providers will be allowed, and the age at which individuals can use MyData without the consent of a legal guardian will be expanded from 19 to 14 years and older. Additionally, MyData service providers must use the 'Safe Provision System' when selling information to third parties with the consent of the data subject.
On the 29th, the Financial Services Commission announced that, as a follow-up measure to the 'MyData 2.0 Promotion Plan' announced in April, it will conduct a public notice of the proposed amendments to the Credit Information Business Supervision Regulations until November 8. For some tasks that do not require legal amendments, the MyData guidelines will be revised to allow service providers to quickly reflect them in system development.
The amendment first allows MyData service providers to conduct face-to-face sales. Until now, MyData services were only provided through non-face-to-face channels such as mobile and internet, which somewhat limited access for digitally vulnerable groups. Going forward, MyData services will be permitted at face-to-face channels such as branches, but internal work regulations must be established to set standards and procedures that employees must follow during face-to-face sales to protect users (credit information subjects) and prevent misuse of credit information.
The amendment also improves the use of MyData by adolescents by changing the age at which they can use MyData independently without the consent of a legal guardian from 19 to 14 years and older. Currently, adolescents under 19 require the consent of a legal guardian to use MyData, but it has been practically restricted due to difficulties in verifying legal guardians through non-face-to-face channels, causing challenges in exercising the right to request transmission under the Credit Information Act.
Accordingly, the amendment changes the age requiring legal guardian consent to under 14 years, while maintaining regulations that restrict the collection, provision, and use of information to prevent indiscriminate use of MyData information of adolescents under 19.
The amendment clarifies the standards for information combination by MyData service providers. Due to the lack of clear standards related to MyData information combination, combining information collected through MyData with information already held by providers has been limited. The amendment permits such information combination but requires an appropriateness evaluation of pseudonymization and anonymization by a data specialized institution when providing information to third parties.
The amendment also mandates that MyData service providers use the 'Safe Provision System' when selling information to third parties with the consent of the data subject. Previously, when MyData providers supplied MyData information to third parties as ancillary tasks, the users' data files themselves were provided to third parties, making security vulnerable and post-management difficult. Therefore, the amendment requires providers to use a transmission system established by the Financial Security Institute that ensures safety and reliability when selling information to third parties.
Furthermore, the amendment stipulates that when a person who has pseudonymized personal credit information wishes to extend the retention period of the pseudonymized information, they must judge the appropriateness themselves, but when combining information sets, they must receive an appropriateness evaluation from another data specialized institution.
Meanwhile, the Financial Services Commission stated that for parts of the 'MyData 2.0 Promotion Plan' that do not require legal or regulatory amendments, it plans to support rapid system development by service providers through guideline revisions.
First, more detailed and diverse information will be provided in MyData services. Previously, users had to select and connect individual financial assets one by one, but going forward, they will be able to connect and view all financial assets by industry sector at once. Additionally, dormant deposits and insurance money will be added to the provided information, and the seller's business name, etc., will be provided together when providing payment transaction information to improve information accuracy.
Convenience for MyData service users has been enhanced. A basis for linkage has been established to allow users to view and close small inactive accounts by linking MyData services with Account Info. Also, duplicate transmission request procedures have been integrated, simplifying the existing two-step consent process into one step.
Moreover, information protection for MyData services has been strengthened. The user's subscription validity period will be extended from the current one year to a maximum of five years, but if the user does not access the service for more than six months, regular transmission will be suspended, and if there is no access for more than one year, personal credit information will be deleted, establishing information protection measures for long-term inactive users.
Shin Sang-rok, Director of the Data Policy Division, said, "We will continue to make every effort to promote 'MyData 2.0' for the sustainable and sound development of the MyData industry," and explained, "This amendment to the Credit Information Business Supervision Regulations will be implemented within the year after going through procedures such as review by the Regulatory Reform Committee and approval by the Financial Services Commission following the public notice of regulatory changes."
He added, "Once service providers complete system development reflecting the revised MyData guidelines, users are expected to experience more convenient MyData services."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
