Latest package falls short of preventing identity theft
In January, up to 20 million Koreans ― almost all users of credit cards ― saw their personal data breached by a rogue custodian. Sadly, the government's comprehensive policy announced Monday, the second such package in as many months, hardly seems to relieve the public from concerns about its recurrence.
Regulators appear to have done their best to assemble the existing and new steps to prevent the massive data breach, by drastically toughening penalties on violators, and depriving financial firms of the right to control personal information and giving it back to consumers.
Banks, card companies and insurers, for instance, will have to pay 3 percent, compared with the current 1-percent ceiling, of their sales as fines ― amounting to hundreds of billions of won in extreme cases ― when found responsible for data breaches. Financial consumers will also be able to demand service firms to erase and withdraw their data as well as apply a "do-not-call" rule to block unwanted telephone marketing.
These devices that focus on sharply enhancing penalties as a means of preventing data leakages, however, have clear limitations in protecting consumers' interests.
Above all, the new rule calls for increasing fines from 1 to 3 percent of sales, but there will be a tight tug-of-war between regulators and financial firms over the meaning of sales in this case. Even if regulators collect penalties from violators, the money will flow into state coffers, not to victims. Also, it leaves the exercise of informational self-determination to individuals, meaning each person has to check the situation concerning his or her own data at numerous financial firms.
What all this signifies is the regulators have yet to shift their priorities from service providers to consumers.
Nothing shows this better than the officials' recalcitrance to introduce punitive damages and class actions. Finance Minister Hyun Oh-seok demonstrated the bureaucrats' mentality best when the shocking incident broke out two months ago, saying, "Foolish are those who try to find out someone they can hold accountable whenever a major financial incident occurs," blaming victims and defending the industry.
The financial authorities, who should take responsibility for their lax oversight, are trying to set up a new agency exclusively responsible for data theft, adding regulations and expanding their administrative turf. Most consumers will feel like asking: Was it the lack of organization or manpower that allowed financial firms to collect personal data so easily and manage it so loosely? No, it was the regulators' mindset that put the industry's interests ahead of consumer protection, which has remained largely unchanged in the latest policy package.
It would be good if the National Assembly comes forward and enacts a strong set of laws and regulations to prevent the next data breach, taking the government's ideas into account. Unfortunately, such prospects are not very bright, either, with local polls just three months away attracting all the attention of politicians like a black hole. Legislators are urged to do their work leaving electioneering to candidates and party headquarters.
The increasingly sophisticated and diversified cyber-crimes capitalize on human vulnerabilities in this digital age. As things stand now, Korea risks ending up as the most wired ― yet most porous ― country.
In January, up to 20 million Koreans ― almost all users of credit cards ― saw their personal data breached by a rogue custodian. Sadly, the government's comprehensive policy announced Monday, the second such package in as many months, hardly seems to relieve the public from concerns about its recurrence.
Regulators appear to have done their best to assemble the existing and new steps to prevent the massive data breach, by drastically toughening penalties on violators, and depriving financial firms of the right to control personal information and giving it back to consumers.
Banks, card companies and insurers, for instance, will have to pay 3 percent, compared with the current 1-percent ceiling, of their sales as fines ― amounting to hundreds of billions of won in extreme cases ― when found responsible for data breaches. Financial consumers will also be able to demand service firms to erase and withdraw their data as well as apply a "do-not-call" rule to block unwanted telephone marketing.
These devices that focus on sharply enhancing penalties as a means of preventing data leakages, however, have clear limitations in protecting consumers' interests.
Above all, the new rule calls for increasing fines from 1 to 3 percent of sales, but there will be a tight tug-of-war between regulators and financial firms over the meaning of sales in this case. Even if regulators collect penalties from violators, the money will flow into state coffers, not to victims. Also, it leaves the exercise of informational self-determination to individuals, meaning each person has to check the situation concerning his or her own data at numerous financial firms.
What all this signifies is the regulators have yet to shift their priorities from service providers to consumers.
Nothing shows this better than the officials' recalcitrance to introduce punitive damages and class actions. Finance Minister Hyun Oh-seok demonstrated the bureaucrats' mentality best when the shocking incident broke out two months ago, saying, "Foolish are those who try to find out someone they can hold accountable whenever a major financial incident occurs," blaming victims and defending the industry.
The financial authorities, who should take responsibility for their lax oversight, are trying to set up a new agency exclusively responsible for data theft, adding regulations and expanding their administrative turf. Most consumers will feel like asking: Was it the lack of organization or manpower that allowed financial firms to collect personal data so easily and manage it so loosely? No, it was the regulators' mindset that put the industry's interests ahead of consumer protection, which has remained largely unchanged in the latest policy package.
It would be good if the National Assembly comes forward and enacts a strong set of laws and regulations to prevent the next data breach, taking the government's ideas into account. Unfortunately, such prospects are not very bright, either, with local polls just three months away attracting all the attention of politicians like a black hole. Legislators are urged to do their work leaving electioneering to candidates and party headquarters.
The increasingly sophisticated and diversified cyber-crimes capitalize on human vulnerabilities in this digital age. As things stand now, Korea risks ending up as the most wired ― yet most porous ― country.
