System Improvement Task Force to Launch This Month
The Personal Information Protection Commission will discuss measures such as punitive administrative fines and the establishment of a compensation fund for victims through a task force (TF), in response to recent large-scale personal information leakage incidents.
The Commission announced on the 13th that it will form and launch a system improvement TF within this month to prevent personal information leakage incidents and promote related institutional reforms.
Personal Information Protection Commission logo. Provided by the Personal Information Protection Commission
This is a follow-up measure to the “Plan to Strengthen the Personal Information Safety Management System,” which the Commission announced on September 11 last month, in order to prevent recent large-scale personal information leakage incidents such as the SK Telecom data breach.
Through a revision of the Personal Information Protection Act in September 2023, the Commission raised the upper limit for administrative fines from “3% of sales related to the violation” to “3% of total sales.” Nevertheless, a series of hacking incidents have recently occurred at telecommunications and financial companies, resulting in actual cases of damage caused by personal information leaks.
According to the Commission, there is growing demand for the introduction of punitive administrative fines and the establishment of a compensation fund for victims of information leaks. In response, the Commission will form and operate the “System Improvement TF” to discuss ▲ strengthening the effectiveness of sanctions ▲ encouraging greater preventive investment ▲ linking and supporting victim relief.
First, the Commission will consider strengthening the imposition of heavier administrative fines on companies that are repeatedly involved in data breaches or are negligent in protecting personal information. It will also review raising the upper limit of fines and introducing punitive administrative fines. The Commission will also examine ways to establish criminal penalties under the Personal Information Protection Act for the illegal distribution of personal information online.
The Commission will also encourage companies to voluntarily increase their investments to prevent personal information leakage incidents. To this end, it will establish a legal basis for regular inspections in sectors that process large volumes of personal information. The Commission is also exploring ways to strengthen incentives for companies that make preventive investments in encryption and authentication, improve personal information protection efforts, voluntarily report incidents, and compensate victims.
Additionally, the Commission will consider establishing a fund, financed by administrative fines, that can actually be used for victim compensation and investments in personal information protection. It will also look at increasing the requirement to individually notify all potentially affected individuals in order to prevent further harm from information leaks.
Furthermore, the Commission will review various domestic and international victim relief cases, such as introducing a consent resolution system where a company’s proposed remedies for damages can be finalized by Commission resolution, and ways to enhance the effectiveness of liability insurance for damages.
A Commission official stated, “We plan to form and operate the TF in October, consisting of experts from academia, associations, and the legal community with extensive experience and expertise in personal information protection and information security. We will also carry out related policy research, and based on the results of the TF, we plan to prepare concrete institutional improvement measures within the year and gather public feedback.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
