The Financial Supervisory Service (FSS), the Financial Services Commission (FSC), and the ruling Saenuri Party are planning to pass amendments to the Electronic Financial Transaction Act and the Act on the Use and Protection of Credit Information through the provisional session of the National Assembly this month for implementation in the second half of this year.
“The importance of personal information protection has come to the surface again, since large-scale credit card information theft as of late,” said a government source, adding, “Under the circumstances, we and the ruling party agreed to expedite the handling of the bills, and the other bills tabled by the opposition party will be deliberated together so as to put tighter restrictions on information leakage.”
According to the revisions, the punishment is strengthened from a maximum prison sentence of seven years or a fine of up to 50 million won (US$46,687.50) to 10 years or 500 million won (US$466,875) for those involved in information leakage without proper rights. In addition, anyone who provides another person with information obtained through electronic banking or financial business or who uses such information for personal purposes is subject to up to 10 years in jail or a fine of 500 million won (US$466,875) or less. The current maximum punishment is five years or 30 million won (US$27,994.20).
At the same time, the FSC is allowed to impose a penalty of 50 million won (US$46,687.50) or less on banking institutions that are considered to be lax in ensuring the security of electronic financial transactions, while the chief information security officers of major financial companies and electronic financial business operators are prohibited from holding an additional position. A legal basis is going to be prepared for the establishment of financial cyber security centers as well, which will cope with hacking attempts, cyber attacks, and potential accidents.
Also, companies and financial firms are forced to discard their credit information within five years from the termination of their transactions with customers. Such information has to be stored separately, and prior consent has to be asked for in advance before the information is to be put to use.
Any financial company that uses illegally-distributed personal information in sales activities faces a punitive fine of 1% or less of its annual sales. When no sales data is available, the amount can reach 20 billion won (US$18.6 million) according to Presidential decree. Likewise, banking institutions involved in illegal information leakage have to pay a fine of up to five billion won (US$4.7 million). A 6% surtax is imposed when the payment is overdue.