|
|
|
|
|
Newsletter | May 2014, Issue 2 |
|
|
|
|
|
|
INSURANCE |
|
|
|
Government Announces Comprehensive Plan to Prevent Personal Information Leakage in Finance Sector |
|
|
|
The Korean Government announced on March 10, 2014 that it has prepared the Comprehensive Plan to Prevent Personal Information Leakage in the Financial Sector ("Plan") in order to provide fundamental and comprehensive preventive measures against personal information leakages and recurring hacking incidents in credit card companies, which have recently made headlines. |
|
|
|
The Plan was established with the following four main goals: (i) to protect financial consumers' rights during all phases of personal information processing - collection, storage, use and destruction - and increasing the responsibilities of the financial institutions; (ii) to establish a system where the financial institutions take full responsibility for information leakage, such as increasing the CEO's liability; (iii) to enhance the security measures against intrusions, such as hacking; and (iv) to establish plans to respond to potential damages arising from the personal information already transferred to third parties or when leaked. |
|
|
|
In particular, the responsibilities of financial companies were emphasized in relation to information leakage accidents. |
|
|
|
Increase the responsibility of the CEO where the financial companies prepare annual reports on information protection status and related policies, directly report to the CEO and board of directors and submit such report to the regulatory authorities. |
|
|
|
Financial companies will bear strict responsibility for information leakage accidents even for the information provided to agents or third parties. |
|
|
|
Increase the level of punitive fine imposed on financial companies in case of information leakage accidents, increase the level of punishments to the maximum level under the finance-related law, and strengthen institutional sanctions, such as the business suspension of financial companies. |
|
|
|
The Government seeks to immediately implement some aspects of the Plan and work towards passing pending bills for amending the relevant laws within the first half of 2014. The Government also announced its intention to continuously review compliance with the Plan by establishing a Customer Information Protection Normalization Task Force. |
|
|
|
Given the Government's clear intent to impose severe sanctions on financial institutions involved in personal information leakage or hacking incidents, financial institutions must strictly comply with the relevant laws for the collection, storage, use, and destruction of personal information, undertake regular management reviews of personal information provided to the loan sales agents and other third parties, properly document the results of such reviews, and prepare a manual for responding to information leakage accidents. |
|
|
|
Back to Main Page |
|
|
|
|
|
If you have any questions regarding this article, please contact below: |
|
|
|
|
|
|
|
For more information, please visit our website: |
|
|
|
|
|
|
|