Protecting personal information has become one of the most important factors in determining corporate competitiveness in the wake of massive data leak scandals a cybersecurity academic has said.

“If privacy fears continue, consumers will lose trust in the companies and this can put them in serious trouble,” said Lim Jong-in, dean of Korea University’s graduate school of information security, in an interview with The Korea Herald. 

Cybersecurity issues have been growing in Korea over the last few years, and recently, 150 million pieces of personal information were leaked from major card issuers KB Kookmin Card, Lotte Card and Nonghyup Card.

Following that, massive data leaks occurred at telecom and Internet operators KT, LG Uplus and SK Broadband.

When adding a string of data breach cases from major information technology companies such as SK Communications, Nexon and Ticket Monster, it seems like no information is safe.

“So far, both companies and the government have neglected stepping up measures for protecting personal information,” Lim said.

According to a government survey on personal information protection in 2013, only 1.3 percent of companies have divisions responsible for cybersecurity, and 95.9 percent do not even budget for it.

Further, among companies that have leaked personal information, 91.5 percent failed to inform their clients. 


Weak penalties

Government sanctions have also been far from stringent.

The three card companies mentioned above were fined just 6 million won ($5,600), while the penalties for 738 companies that violated information protection laws stood at a combined 3.5 billion won over the last five years, according to lawmaker Choi Min-hee.

“It is good news that the regulators plan to impose stronger sanctions. However, actual enforcement is more important,” he added.

Both the Financial Services Commission and the Korea Communications Commission said they would apply stricter sanctions.

They will now impose a fine of 3 percent of the relevant sales for information breaches. CEOs or executives can be punished depending on the gravity of the situation.

“International cooperation will be more important as the online world is becoming borderless,” the professor said.

Some of the recent incidents have required international cooperation to seek criminals. Data from LG Uplus and SK Broadband are said to have been hacked from China. Further, even though criminals are located here, if they save data on foreign companies’ cloud services, there is no way to investigate them.

He said international cooperation on cybersecurity was critical, citing the crackdown on tax havens as an example.

“Tax havens have long been a problem for illicit money laundering. However, they are now on the decline as countries are cooperating to get rid of them.”

Despite the cyber scandals, Lim was upbeat about information protection in Korea.

“There now seems to have been a consensus formed among the government and companies that stronger sanctions and systems are required to protect personal information.”

He referred to the U.S Sarbanes―Oxley Act of 2002 as an example. The United States set new standards for all U.S. public companies as a reaction to a number of major corporate and accounting scandals including those affecting Enron. Penalties for fraudulent financial activity became much more severe, prompting firms to address the problem.

“Cybersecurity issues are like environmental problems. The more we develop it, the more inherent problems will follow. Though we cannot eradicate cyber problems entirely, it is important for us to manage cybersecurity as an acceptable level through sanctions and system.”

(shinjh@heraldcorp.com)