2 trillion won in fines imposed over the past four years
Personal Information Protection Commission considers creating a victim relief fund
Ministry of Economy and Finance remains cautious on the proposal
"If the people are the ones harmed by the personal information leak, why does the government take the fine?"
Recently, the Personal Information Protection Commission imposed a record-high fine of 134.8 billion KRW on SK Telecom for its responsibility in a hacking incident, sparking controversy over the allocation of such fines to the national treasury. Although companies pay fines for violating the Personal Information Protection Act, these fines are absorbed into the national treasury, making it difficult for individuals whose personal information was compromised to receive any tangible benefit. As a result, there are growing calls to establish a fund that would use fines imposed for personal information leaks to protect and compensate actual victims.
Koh Haksoo, Chairperson of the Personal Information Protection Commission, is announcing the disposition regarding the SK Telecom personal information leak incident at the Government Seoul Office Building. On this day, the commission imposed a fine of 134.791 billion KRW and a penalty of 9.6 million KRW. August 28, 2025 Photo by Cho Yongjun
According to the Personal Information Protection Commission on September 16, the commission is currently considering the introduction of a "Personal Information Damage Relief Fund" (tentative name), which would be financed by fines collected from companies found in violation of the Personal Information Protection Act, based on opinions from academia and the private sector.
For ordinary citizens, even if their personal information is leaked, it is not easy to receive proper compensation or support from the company involved. Legal disputes also require significant time and expense. Therefore, the commission aims to create a fund to use these fines for the actual protection of victims. The goal is to establish an institutional mechanism that provides swift relief for damages caused by personal information breaches. Looking at recent trends in fines imposed by the commission: 8.2 billion KRW in 2021, 101.8 billion KRW in 2022, 23.2 billion KRW in 2023, and 61.1 billion KRW in 2024, totaling nearly 200 billion KRW.
The idea of converting fines into a fund was initially considered as an internal proposal within the commission, but it was formalized in the "Plan to Strengthen the Personal Information Safety Management System" announced on September 11. Choi Janghyuk, Vice Chairperson of the commission, stated, "Currently, fines are absorbed into the national treasury, but there is a growing demand to use them for the actual protection of victims," adding, "We need to consult with the Ministry of Economy and Finance regarding this matter."
However, the Ministry of Economy and Finance, which is responsible for fund-related matters, is taking a cautious stance. According to the ministry, establishing a new fund requires careful consideration of how to secure resources, the appropriateness and relevance of projects to be financed, and whether the fund can be maintained stably. An official from the ministry told Asia Economy, "If fines, which are administrative sanctions, are collected and used to support victims of personal information leaks, it could be seen as helping the perpetrator (the company responsible for the leak) and may lead to moral hazard," expressing concerns about potential negative consequences.
With a series of recent personal information leaks, the debate over creating such a fund is expected to intensify. Lee Jinsu, a professor at Seoul National University's Graduate School of Public Administration, said, "We need to prepare for situations where urgent relief for victims is necessary," and emphasized, "We should actively consider establishing a fund related to personal information protection."
On the other hand, an industry representative commented, "If victims are compensated through a fund, it could reduce the responsibility of the perpetrator," and added, "Even if a fund is established, we need to carefully assess whether it truly serves the purpose of providing effective relief to victims." Another industry insider stated, "The purpose and intent of a damage relief fund must be clearly defined," and stressed, "Rather than just providing one-off compensation, it is important to use the fund to improve the ecosystem, including supporting small and medium-sized enterprises that are vulnerable to personal information breaches."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
