A half-baked security solutionThe government has come up with comprehensive measures to prevent a repeat of the massive leaks of personal information of banking customers. The hurried measures are the financial authorities’ response to the unprecedented leaks in January of the sensitive information of millions of customers at three major credit card companies.
The measures reflected nearly all of the suggestions that have been floated in security circles. The authorities also took a meaningful step toward protecting private information by allowing banking customers to look directly at how their personal data is handled at their financial institutions. Thanks to this remarkable shift, individual customers will have a means of protecting their sensitive information. In another significant development, the measures substantially raised the level of sanctions, including punitive damages, against the banks if customers’ data is leaked to the outside.
However, the measures stopped way short of presenting effective alternatives for replacing the resident registration numbers customers must offer before opening an account. The measures also show their intrinsic limit because they only stipulated nominal damages for the leaks - a “symptomatic therapy” aimed at preventing a recurrence instead of demonstrating a strong resolve to proactively protect banking customers’ sensitive information. Therefore, they can hardly be regarded as a government-level measure as it applies to the financial sector only. Despite the frequent occurrence of data leaks in areas other than the financial, the government still tries to confine the measures to the financial sector.
Information leaks in the non-financial sector nearly always cause secondary damage to the financial field via diverse schemes like voice phishing, smishing and illegal telemarketing. We have repeatedly urged the government to prepare effective measures to safeguard customers’ information not only in the financial area, but also for public corporations and private companies that regularly collect and manage a huge amount of citizens’ personal information. The government must find ways to check the current status of information management at telecommunication companies, Internet portals, department stores and post offices to reinforce security there.
JoongAng Ilbo, March 11, Page 30