Connect to share and comment

S. Korea to unveil measures for personal data protection this month


SEOUL, Feb. 19 (Yonhap) -- South Korea's financial regulator is preparing to announce a set of measures later this month that will better protect personal information handled by financial firms following a recent massive data leak, officials said Wednesday.

The measures under review include curbing financial firms from asking for "too much" personal information such as citizen registration numbers and strictly regulating information sharing among affiliates.

"The newly crafted measures may go into effect starting in April after preparation works," said an official at the Financial Supervisory Service (FSS).

The steps are being taken on the heels of a shocking revelation in January that personal data of some half of the country's 50-million population were stolen last year.

The data had leaked from three credit card firms -- KB Kookmin, NH Nonghyup and Lotte -- as well as Kookmin Bank, which shared customer data with its affiliated card firm, according to the financial watchdog.

The largest-ever data theft came to light when an employee from a personal credit ratings agency, the Korea Credit Bureau (KCB), and two others were indicted early last month for illegally obtaining confidential data from the three card firms while working as temporary consultants for the financial institutions.

The KCB employee stole the data between 2012 and 2013 by copying it onto his mobile device, according to the prosecutors.

Struggling to quell public jitters that their private information could be used for fraud and other crimes, the financial regulator said the leaked data had not been circulated when the culprits were caught.

Despite repeated assurances by the regulator, angry customers have flooded the offices of affected credit card firms, and inundated their call centers and websites with complaints.

Under the proposed measures, clients will be given the choice to opt out of information sharing among affiliates and third parties. Also, credit card firms will be required to delete customer data during a given grace period if their customers cancel their plastic cards, according to the FSS official.

The financial regulator suspended business for the three card firms for three months starting this week as punishment for the data breach. The punitive measure against the card firms is the first of its kind in 10 years.

The regulator also said that top executives at financial firms would face strong punitive measures for data theft, and negligent firms could have their business suspended for up to six months in the future.

A financial institution will be levied a fine of up to 1 percent of its revenue if its customer data are stolen or when it uses illegally obtained personal information to sell financial products, it said.

Following the data leak, the government also has been working to revise bills on personal information protection. One possible measure is requiring phone operators to block lines used in illegal financial marketing activities and financial frauds, known as voice phishing.

Also, the financial regulator is pushing to strengthen monitoring of staff at financial companies and their contractors involved in customer data management, and bar financial firms from sharing client data with their affiliates beyond a set limit.

<All rights reserved by Yonhap News Agency>