Notification Content to Be Specified... Includes Recurrence Prevention and Protection Plans
Enforcement Fine of at Least 2 Million Won Per Day for Obstructing Investigations
Legislation Planned to Encourage Security Investment
Representative Lee Haemin of the Innovation of the Motherland Party (a member of the Science, ICT, Broadcasting, and Communications Committee) proposed two bills on June 12 aimed at improving the response system to hacking incidents: the Partial Amendment to the Personal Information Protection Act (Individual Notification Obligation Act) and the Partial Amendment to the Act on Promotion of Information and Communications Network Utilization and Information Protection, etc. (Introduction of Enforcement Fine Act).
Representative Lee introduced these bills to address the inadequate response following the SK Telecom USIM (Universal Subscriber Identity Module) data leak incident that occurred in April. After the hacking incident, there were criticisms that victims were notified of the incident too late and that the content of the notification was insufficient. Lee stated, "Even if it is difficult to completely prevent such incidents, it is an essential responsibility to promptly and accurately inform users so that they can respond. It is urgent to establish institutional measures to protect the rights of data subjects and to strengthen cybersecurity."
The Individual Notification Obligation Act mandates that, in the event of a personal information leak, companies must individually notify data subjects using means such as phone calls, text messages, emails, or written notices. The act also requires that the notification content be more specific, thereby more robustly guaranteeing users' right to know. In particular, it stipulates that measures for preventing recurrence and plans for victim protection must be provided to both the victims and the Personal Information Protection Commission.
The Introduction of Enforcement Fine Act stipulates that, if a business operator refuses to submit materials or submits false materials during a government investigation into a security breach, an enforcement fine linked to sales revenue will be imposed. Even if it is difficult to calculate sales revenue, an enforcement fine of 2 million won per day can be imposed, thereby increasing the effectiveness of sanctions compared to the current maximum administrative fine of 10 million won.
Representative Lee stated, "These bills are the minimum measures to strengthen victims' right to know and the effectiveness of government investigations. Moving forward, I will continue to pursue legislative measures that encourage corporate security investment and do my best to create a safe and trustworthy digital environment."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
