Despite the strengthening of information protection by the government, complaints related to personal information leak reaches around 1,000 each year in South Korea, according to the government data.
Financial Supervisory Service said it received around 470 complaints related to information leak in the first half of this year. The number of complaints stood at 965 in 2012, 836 in 2013, and the figure is expected to hit 1,000 this year, industry observers said. The complaints include financial damages from personal information leak, excessive gathering of personal information from financial institutions and their negligence in management. Among them, complaints about financial damage came to 83, accounting for 17.7 percent of the total.
The financial watchdog said most personal information leak came from SMiShing, or SMS phishing, on smartphones. Smishing is a form of criminal activity to acquire personal information by masquerading as a trustworthy entity via text messages. The criminals used keywords such as wedding, college entrance, delivery, training and gift to mislead smartphone users.
"Smishing attack has been carried out since 2013 but there are still many users vulnerable to the attack. In order to prevent the damage, users should install smishing prevention app or vaccine app on smartphones," said an official from EastSoft, a local online vaccine company.
Apart from the personal damages, the government and public organizations' management on personal information protection appears still insufficient even though it has been four years since the Act on Personal Information Protection was first implemented. Park Nam-choon, a lawmaker from the New Politics Alliance for Democracy, revealed data from the Ministry of Government Administration and Home Affairs on Wednesday marking the Information Protection Day. According to the data, 190,000 personal information was leaked on 2,749 websites for the past five years.
Leaked information due to negligence of personnel came to 160,000, accounting for 86.7 percent and homepage error stood at 20,000, accounting for 10.7 percent of the total.
Park said, "With the public concerns on personal information leak growing, the government and its agencies have still been negligent in managing the data. It is time for the government to ramp up efforts to improve the management."
South Korea's two largest online giants Naver and Daum Kakao revised their unfair clauses on gathering personal information of online businessmen in May. The Korea Fair Trade Commission ordered 21 online companies including Naver, Daum Kakao, Nate and eBay Korea to revise their unfair clauses on gathering personal information. Among them 15 companies including Daum Kakao retained personal information which they had to delete after achieving the goal of gathering information. For this, the commission ordered them to clarify the period and reasons of keeping the information.
Also, eight companies including Naver excluded business responsibility on personal information leak on the ground of ambiguous reasons such as risk of Internet and network. The commission ordered them to prove that companies take technical and managerial measures required by the law.
Amid the growing concerns on personal information leak, the government is carrying out diverse measures to mitigate the problems.
It recently implemented a law, which allows people whose information is leak does not have to prove in detail, to get compensation. They can still be compensated for up to 3 million won. For institutions and companies which intentionally leaked personal information should pay up to three times the real damages. People, who illegally collect personal information and distribute them for profits, will face up to 10 years in prison or a 100 million won fine.
The Ministry of Government Administration and Home Affairs said the revision to the act on personal information protection passed the National Assembly on Monday. The bills came as the three card companies had massive personal information leak last February.
