No ID Numbers to Register With Portals

Starting as early as September, Web portals unrelated to e-commerce will be banned from asking for resident registration numbers from users upon registration.

Also, the owner of a Web site where users’ personal information has been leaked will be obliged to report the fact to users and relevant government agencies.

The Broadcasting and Communications Commission held a meeting yesterday to deal with the leakage of personal information along with the Public Administration and Security Ministry, the Supreme Prosecutors` Office, the Korean National Police Agency, the Financial Supervisory Service, the Korea Information Security Agency and communications and Internet service providers, and released the measures to prevent infringement of personal information on the Internet.

The commission is planning to propose a revision to the information communications law, which includes measures to prevent infringement of key personal information, to the regular session of the National Assembly in September.

Moreover, it will revise the regulation on safeguard measures around June to ensure that portals and communications service providers would encrypt financial information, including resident registration numbers and bank accounts, before saving it.

Also, the commission said that it would make it mandatory that Internet users should enter difficult passwords, for example, an eight-digit combination of alphabets and numbers, and change them regularly.

It is also working to raise the amount of fine on service providers who violate personal information handling obligations from the current 10 million won to 20-30 million won.

A member of the commission said, “The revision of relevant laws on the protection of personal information is going to allow authorities to sentence two years or less in jail term or impose 10 million won or less in fine or up to 100 million won in surcharge on those who violate critical obligations, including lack of technologies related to personal information protection and provision of personal information to a third party without permission.”

A new system of risk management for personal information will be applied to large Internet service providers, under which they should analyze and assess their weaknesses on personal information protection and submit the report to the government every year.

However, some say that the measures have limitations on protecting personal information because no restrictions were prepared for e-commerce Web sites for their collecting of resident registration numbers.

A security expert pointed out, “Most small online shopping malls are not properly managing and protecting personal information they have.”

In response, Cho Young-hoon at the Broadcasting and Communications Commission said, “The e-commerce law says e-commerce sites should ask for customers’ resident registration numbers. As other ministries should revise laws, we’re planning to discuss this issue with the Financial Supervisory Service and the Ministry of Public Administration and Security.”

imsun@donga.com bookum90@donga.com