Approval Required For IT Companies to Photocopy Customers` Information

Information and communication service providers such as wired or wireless telecommunication service companies and Internet shopping companies will need approval from responsible internal authorities when printing or photocopying customers` personal information.

Department stores, wholesale markets, airliners, hotels, and institutes should minimize the number of employees who have access to personal information and limit the kinds of accessible information based on the nature of their tasks.

The Ministry of Information and Communication announced Thursday that it established "The Guidelines on Technological and Administrative Protection Measures for Personal Information".

The guidelines will be put into effect in October of this year after a six-month trial period from April. The maximum fine for companies that fail to observe the new guidelines will be 10 million won.

According to these guidelines, personal information should not be exposed through the internet, and installing vaccine programs is a mandatory preemptive measure against computer viruses on PCs used by the company official in charge of handling personal information.

When printing or moving personal data to portable storage media such as diskettes, the purpose and date of printing or transfer, the name of the person in charge of discarding the data, and its expiration date should be recorded.

Encryption is required for data containing social registration numbers, passwords or information that the subscriber refused to release, and access logs for personal information should be closely managed to prevent possible fabrication or modification.

Suk-Min Hong smhong@donga.com