For leaks, who’s punishing whom?

Executives from NH Nonghyup Card, Lotte Card and KB Kookmin Card apologize for the massive leak of their customers’ personal information last month. [JoongAng Ilbo]

Chung Sun-gu

A journalist is trained to write from the reader’s perspective. For example, let’s take an article about a cut in surtax rates. It will start with a lead sentence like: “The cut will help lift the burden off households and self-employed businesses,” or “The 5 percentage point decrease in surtax rates could stimulate consumption and temporarily boost the economy.”

But it will read much differently when written from the government’s standpoint: “Tax revenue is expected to sharply fall from the cut in surtax rates.”

Hyun Oh-seok, deputy prime minister for the economy, came under fire for his comment on the catastrophic leak of personal information from account holders at major credit card companies.

“A foolish person will find someone to blame and worry when a disaster occurs, while a wise person will try to find a way to fix the problem and prevent it from recurring,” he said.

His condescending remarks provoked anger from consumers whose personal data was scattered everywhere as a result of clumsy and lax security. The Ministry of Strategy and Finance immediately released an apology, saying the deputy prime minister meant to emphasize more discretion in financial transactions when quoting a Confucian saying.

The tongue is one of the most difficult human organs to tame. “The tongue of the wise commands knowledge, but the mouth of fools gush out folly,” King Solomon once said.

The government’s response to the largest-ever violation of customer security, which is believed to have affected nearly half the population, was amateur from the beginning. Its first step was to crack down on the credit card companies responsible for the fiasco. Financial companies so far have been let off lightly for their mismanagement; they merely have to pay a fine of 6 million won ($5,530). The government now plans to slap a 1 percent tax on revenue as a penalty for leaking customers’ data. A bank with a revenue of 20 trillion won could face up to 200 billion won in fines.

The punitive tax could be a windfall on government revenue. But who is punishing whom? The victims are consumers and individuals, not the government. The people should be authorized to dole out the punishment. The funds collected should go back to the people. The fines are different in nature from those imposed by the Fair Trade Commission, which go straight to the national coffers because they are collected from companies for breaching antitrust regulations.

There is a strict statutory liability for defective products imposed on manufacturers. Under the product liability code, the manufacturer must compensate consumers for injuries and damages from product defects. Financial companies produce and distribute financial products to customers. Liability, therefore, should be extended to financial services. It would be best if the liability clause included a promise not to go to court. Consumers would be happy to be reimbursed for the damage done, and financial companies could be saved from costly individual and class action lawsuits.

But it could be ambiguous to draw the line on the scope and target of damage returns. Damages may be hard to prove. We could consider a fund to compensate consumers for their losses. The fund could be run by a public entity that reviews and decides on individual liability claims. When it is hard to prove direct damages payment, the funds could be used to invest in strengthening protection in consumer privacy and security.

Insider theft and hacking of consumer data has been frequent among financial companies because encryption has been lax. In this recent case, it only took a few minutes for a computer technician to download troves of data onto a USB drive.

Financial authorities and institutions have been ignorant about security protection through encryption. There is no legal enforcement. Moreover, encryption comes at the cost of huge investment. A financial company deals with millions of customers. It would be hard to find software capable of encrypting different codes for all those customers. And despite the costs, accuracy cannot be guaranteed.

Encryption could also create enormous hassle for employees because they would have to go through rigorous decoding procedures every time they open a customer’s account. And losing speed could weaken competitiveness.

Personal information must be protected no matter how much money and time it takes. If the government and financial institutions defended customers’ information as they do their own savings, this scandal would have been prevented. They are paying a heavy price to fix this.

The authorities and the financial sector would be fools trying to ladle the water merely through tougher regulations. If they want to be “wise men who catch the fish,” they should shape up their cybersecurity.

*The author is the business editor of the JoongAng Ilbo.

By Chung Sun-gu