ALSO READHackers behind South Korean phone giant's mega data theft arrested North Korea rejects South Korea's offer for family reunion talks North Korea launches two short-range missiles South Korea proposes to hold family reunions N Korea test-fires four missiles to coincide with S. Korea-US joint military exercises
South Korea Monday unveiled a set of measures to prevent personal information from being leaked out of financial companies after the worst-ever data leakage incident at three credit card firms.
Collecting and utilising personal information by financial institutions will be restricted to essential information necessary for transactions, while illegal usage and circulation of confidential client data will be heavily punished, the Financial Services Commission (FSC) said in a joint statement with related ministries, reported Xinhua.
Personal information from around 20 million people, equivalent to almost all adults in South Korea, was stolen from three credit card issuers, including KB Kookmin Card, NH Nonghyup Card and Lotte Card, as they shared client information with their settlement banks.
Prosecutors forwarded the case to the financial watchdog Jan 8 saying that an unidentified, outsourced staff in charge of data-processing jobs stole the data and sold it to advertising agents illegally.
Financial companies in South Korea have been blamed for excessive collection of personal information, reaching as much as 50 items.
Under the revised rule, mandatory collection will be limited to six to 10 essential information, including names, ID numbers, home address, mobile phone numbers, type of job and nationality.
Providing other personal information with financial institutions will depend on the agreement of clients, enabling financial consumers to proceed with transactions without agreeing on comprehensive information offering.
Sharing confidential client information among affiliated financial firms will be restricted to usage for marketing under the agreement of clients in advance, and all the information held by financial companies will be deleted in five years after the completion of transactions.
All marketing activities through text messages will be banned to reduce indiscriminate junk calls. Those via phone calls and emails will be allowed only when telemarketers inform people of their identification and how they got personal information, including phone numbers and names.