Declaration of System Reform and Strong Response at National Assembly Inquiry
"Annual Penetration Tests and On-Site Inspections Planned"
On December 3, Song Kyunghee, Chairperson of the Personal Information Protection Commission, stated at an emergency inquiry on the 'Coupang Personal Information Leak' held by the National Assembly’s Political Affairs Committee, "As the main authority on personal information, the Commission takes this matter very seriously. We will promptly verify the facts and do our utmost to prevent further damage." She emphasized, "We will thoroughly investigate Coupang's violations of the Personal Information Protection Act, including failures in safety measures, and impose penalties. We will also work with the Ministry of Science and ICT and the National Police Agency to prevent secondary damage, such as smishing attacks."
Chairperson Song explained the scale of the leak, saying, "The personal information of 33.7 million member accounts has been confirmed, including names, email addresses, delivery addresses, phone numbers, and order information. Some delivery address information even contains shared entrance passwords." She added, "We will accurately verify the circumstances, scale, and specific items involved in the personal information leak."
Regarding the ISMS-P certification system, she clarified plans for improvement. Chairperson Song said, "In November, together with the Ministry of Science and ICT, we established a task force for system improvement, and in December, we are planning on-site inspections of the 24 companies that experienced incidents despite being certified." She continued, "Currently, certification is granted through document reviews and investigations, but going forward, we will introduce a preliminary review system and on-site inspections. We will also conduct annual penetration tests and on-site checks to ensure actual compliance with certification standards. If companies fail to meet the standards seriously, we plan to revoke their certification."
She also mentioned the direction of future institutional improvements. She stated, "We will swiftly devise fundamental institutional reforms to prevent similar incidents from recurring or repeating." She added, "We will strengthen fines and seek ways to enhance the effectiveness of punitive damage compensation systems." She further commented, "We will also design effective incentive systems to encourage businesses to directly invest in personal information protection."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
