By Kim Tong-hyung
Staff Reporter
Following major leaks of customer information, certain companies are required to better protect their customer database, say critics.
Despite a strengthening of privacy protection, skeptics say that the root cause is the current practice in which businesses and organizations require people to submit their resident registration codes and other verifiable data for accessing even the simplest Web applications. Unless this is addressed, customer information protection cannot be achieved, they say.
A slew of privacy infringement cases in 2008 and earlier this year have raised public awareness of the protection of personal information and also the fears of illegal marketing activities, fraud and identity theft.
The Ministry of Public Administration and Security is determined to do something about the problem, and the first step is to expand the list of companies regulated by the privacy protection provisions under the country's Information and Communications Network Law.
The number of companies affected by the law will expand to 220,000 starting next month, the ministry said, with refineries, real estate brokers, marriage agencies, job information centers, movie theaters and video rental stores among the new additions.
These businesses will be subject to fines or criminal charges when found to have disclosed the personal information of their customers illegally or without consent, ministry officials said.
They will also be required to explain to customers why they need the data they are collecting and how long they will keep the information before disposing of it, which will be mandatory.
Previously, the privacy regulations affected only a limited number of businesses, including telecommunications operators, hotels and major retail chains, and critics have been calling for an expansion of coverage.
Ministry officials, who recently met with representatives of the industries to be newly affected by the privacy law, are planning to establish a joint committee made up of policymakers and businessmen to educate the companies on the new rules.
``Aside from closely monitoring whether the companies abide by the regulations, we are also developing online education material for companies in order to inform them of their legal obligations,'' said an official from the ministry's personal information protection division.
A number of major data leak cases have rocked the country recently, forcing policymakers to strengthen security measures.
In September last year, police arrested two employees at a GS Caltex subsidiary and two other accomplices on charges of downloading the personal information of more than 11.25 million people from company servers and attempting to sell the CDs on the black market.
Months earlier, online shopping giant, Auction (www.auction.co.kr), came under fire after reporting that a hacker had stolen the private information of nearly 11 million of its customers.
Telecommunications companies such as SK Broadband, KT and LG Powercomm were also hit with business suspensions for unlawfully providing the personal information of their clients to telemarketing companies.
The poor privacy standards by the companies has been the subject of fierce criticism, as many connect it to the rising number of fraud and ``phishing'' e-mail and phone scams that are becoming a growing social problem.
Security experts believe that the exposed problems are just the tip of the iceberg.
It remains to be seen whether the ministry's strengthened measures can produce meaningful results. Korean companies in general have yet to gain awareness of the growing privacy problems, as government figures show that nearly 45 percent with more than five employees didn't spend a penny last year on information protection.
And it's questionable whether how many of the hundreds of thousands of companies to be newly affected by the law had been properly informed about their new legal requirements.
Critics argue that the policymakers, while enforcing stronger regulations to private companies, are more lax in controlling the private information of citizens kept by government organizations.
The project to encrypt the resident registration codes, the Korean equivalent of social security numbers, kept by the country's 8,000 public organizations has been halted, with policymakers citing a lack of money.