Gov’t tackles data leaks but panic still continues
The Financial Services Commission (FSC) yesterday announced enhanced measures to prevent a repeat of the personal information leaks from credit card companies that have aggrieved millions of Korean consumers.
The measures are also supposed to protect consumers from fraud and other crimes as a result of their personal data being leaked.
“A country with lax security on personal information cannot become a finance powerhouse,” said FSC Chairman Shin Je-yoon at a press conference in Gwanghwamun, central Seoul, yesterday. “The authority will conduct a thorough inspection of the process of collection, storage, management, distribution and elimination of customer information by financial companies.”
All financial companies will be required to ask for consent from consumers to share information with their subsidiaries when opening new accounts. Companies will only be given access to a “minimum amount” of customer information, according to the plan.
Currently, financial companies notify customers of their right to pass customer information to third parties when they open accounts. They ask customers to sign a “comprehensive agreement” accepting the sharing of their information. There is usually no list of third parties, so consumers do not know which or how many companies will possess their personal information.
In the future, consumers can choose which companies they allow their information to be shared with when they open accounts. Consumers will also choose the ancillary services they want. Without prior consent, financial companies will not be allowed to give customer information to third parties.
Still, they will be allowed to share the details with subsidiaries in their own groups under the current financial holding company law.
Financial businesses should collect and store a “minimum amount” of customer information that is considered “essential,” the commission said. The authority will conduct an investigation into how much customer data each financial company has by March and will order companies to stop collecting unnecessary types of information.
According to the FSC, some companies collect up to 50 pieces of information. In general, companies collect around 20. After its investigation, the FSC will analyze how much customer information is needed for financial companies to operate and give a definition of “minimum.”
In addition, the commission introduced a punitive fine system for companies that make money by sharing customer information with unauthorized parties.
Companies that boost their revenues by using data that should not be shared will face unlimited fines. But the commission set a temporary limit of 1 percent of revenue increase for fines to kick in.
Companies found to have provided customer information to other companies but didn’t benefit with boosted revenues will face a maximum of 5 billion won ($4.68 million) in fines. Companies will also be suspended from operating for six months, up from a current penalty of three months.
The government’s moves come as public panic showed few signs of abating because more than two million customers of the three credit card companies - KB Kookmin Card, Lotte Card and NH Card - demanded cancellations or reissuances of credit cards as of noon yesterday.
According to the Financial Supervisory Service, cancellation and suspension of credit card requests numbered more than 1.02 million, while requests for reissuances added up to more than 1.27 million.
The Financial Supervisory Service found Sunday that information leaks affected 104 million accounts, including those of people who didn’t have cards from the three companies and customers who died years before.
On Jan. 8, prosecutors announced that an employee of the Korea Credit Bureau, a private credit information agency, stole the personal information of 104 million credit card holders for several months last year, which he sold to loan marketers. The leaked data included not only basic information such as names and addresses but also financial information like annual incomes and credit levels.
The three credit card companies will be slapped with the strongest punishment in February, which currently is a three-month suspension. Former chief executive officers and executives of the companies who served during the period when the data breach took place will also be punished. Incumbent executives and employees will also be sacked or suspended from work.
Analysts were skeptical of the government’s measures.
“The government’s delay in acting has made the latest incident a national crisis,” said a research fellow at a private institution. “Today’s measures are disappointing because they repeated phrases like ‘responsible executives will face stringent punishments’ or ‘the government will further investigate and announce measures.’?”
BY SONG SU-HYUN [email@example.com]
More in Finance
[NEWS ANALYSIS] As foreigners rush back, market does an about-face
CU gets into the foreign exchange transaction business
Kospi hits another record high despite Covid spike
5-day winning streak ends as Kospi drops 0.62 percent
Debt is the latest hot product being pushed into the market