Governments can’t do everything

Jung Kyung-min

It was recently reported that data from more than 50 million accounts was stolen from three major credit card companies - KB Kookmin, Lotte and NH Nonghyup - in January. That was an underestimate. Actually, more than 100 million accounts were affected. The public’s outrage was directed at the government for negligence in its oversight of the industry. Under fire, the government hastily came up with measures to protect consumer information.

A long list of new regulations and guidelines arrived at credit card companies, limiting them to gather only six to 10 pieces of personal information from customers instead of more than 50. It required them to enlarge the fonts in the fine print and explain to customers their information collection. Data on customers had to be scrapped within five years. Fines for information leaks shot up to as high as 5 billion won ($4.73 million) from a paltry 6 million won.

But at the end of the day, the three companies blamed for allowing the worst-ever theft of personal data got away after paying those paltry fines of 6 million won each.

In late December, U.S. retail giant Target announced that its computer system had been hacked and that it lost the information of more than 100 million customers, including PIN numbers of debit cards and social security numbers. The retailer came under heavy attack for poor security by the media. Washington, however, remained silent. It merely levied a fine that translated to 3.8 trillion won. Target, however, faces class-action suits and the damages awarded for such a high-profile breach could be astronomical. The incident spurred companies to enhance their security systems and technology so that they do not become the next victim of hackers. They came up with some clever ideas such as a smartphone app that makes credit cards valid only during use, as well as giving one-time PIN codes for online shopping.

When faced with very similar data breaches around the same time, Korea and the United States responded entirely differently. The difference lies in the governments’ roles. In Korea, the government becomes accountable for everything, from individual tragedies to major social disasters. The government is expected to be omniscient and omnipotent, and the public doesn’t accept its lapses kindly. This is a habit from the authoritarian days when the government had to be omnipotent to push Korea to be industrialized and modern. All bright, young people aspired to work for the government.

That’s a mere memory. Today, if the government interferes, it only makes matters worse. The country’s decades-old online security system that blocks foreign buyers from making online purchases from Korean websites is another throwback. Since the 1990s, the government has been enforcing a uniform online security system requiring a first-time user to install Microsoft’s ActiveX and receive an online authentication certificate. Private security companies had little room to compete against the government rule. Companies considered themselves protected because they could blame everything on the single security system. They didn’t have to spend extra to upgrade their own security systems.

In the United States, the government does not go beyond supervision. It does not hurriedly announce emergency measures when retailers lose client information because it’s up to companies to account for any negligence toward their customers. The United States established strong consumer protection laws that facilitate class-action suits and deliver proper compensation. If a company loses data, it is directly punished by consumers and by the market. Companies vie to keep their networks safe because any misstep could cost them.

President Park Geun-hye chaired a marathon discussion on how to cut back on red tape, which was televised live. The entire country was assured that the president would command a deregulation campaign. One has to wonder why the president has to lead such a crusade. Regulations do not die easily. The government has more than 15,000 administrative regulations. The number is actually uncountable if you include regulations by local governments.

Since the president’s highly publicized marching orders, only 41 regulations have been eliminated. A televised discussion from the Blue House cannot wipe out layers of regulations. It’s also somewhat dangerous to popularize the notion that regulations are the enemy. Regulations also protect property and consumers’ rights. There was no sense of urgency in Washington after the largest-ever data breach because the United States has a consumer protection system. If regulations are entirely lifted, consumers are out there on their own.

The contrasting responses in Korea and the United States underscore the government’s role in a free market. The government must shake off the idea that it must be everywhere and do everything. Then it may be able to perform the work it should be doing. Doing away with the authority of government where it is not needed should be the essence of cutting red tape.

JoongAng Sunday, March 30, Page 30

*The author is the business news editor of the JoongAng Sunday.

By Jung Kyung-min