Financial firms to face heavy penalty for data leaks, clients can prevent sharing of personal info
SEOUL, March 10 (Yonhap) -- Financial firms will be slapped with fines amounting to 3 percent of their annual sales when responsible for a massive leak of personal data, and clients will be given an option to revoke their consent to providing their private information, the country's financial regulator said Monday.
Also, financial firms will be required to delete clients' data upon termination of financial transactions during a given grace period and barred from sharing the data with their affiliates beyond a set limit, according to the Financial Services Commission.
A number of personal data protection measures, the fleshed-out version of earlier plans, came as the country deals with a January revelation that some 20 million clients' personal data were leaked from three credit card firms -- KB Kookmin, NH Nonghyup and Lotte -- as well as Kookmin Bank, which shared customer data with its affiliated card firm.
Following the leak, the regulator and other related government agencies have been working to prevent a recurrence of such a massive data breach.
Under the proposed measures to go into effect in the second half of this year, a financial firm will face a heavy fine equivalent to 3 percent of its annual sales with no ceiling on the amount that can be levied when it's responsible for a data leak.
They will be prohibited from demanding excessive personal information such as citizen registration numbers. Clients will provide their citizen registration numbers only for their first-time transactions and in an encrypted form.
Financial firms' affiliates and third parties will not be allowed to use clients' personal data without their consent.
Financial firms must delete clients' data within three months following the termination of transactions. Some key data used for insurance payouts, however, can be kept for five years, according to the regulator.
Clients will be given the right to erase their data held by financial firms and tighter protection of their personal information, it said.
The financial regulator also said it is working on measures that can force phone operators to block lines used in illegal financial marketing activities and financial frauds, known as voice phishing.
The country has been battling financial crimes carried out through phones, but investigators and regulators have been unable to catch up with scam methods that are becoming more and more sophisticated in conning unsuspecting citizens into giving up their personal information.
In a bid to avert growing cyber attacks, the financial regulator also said it will require banks to separate their network systems into two sections -- one for internal use and the other for online use -- within this year.
Under the measures, banks must split their main operating system first before gradually splitting the network systems at headquarters and branches, which will likely take a few more years, the FSC said.