Continuous Personal Information Divulgence and Exposure Incidents
Seoul National University Hospital has more personal information divulgence cases (Asia Today, Jul. 13, 2022)
The online shopping mall ‘Brandi’ responsible for 6,390,000 cases of personal information breach subject to an administrative fine of KRW 380 M (The Korea Economic Daily, Jul.13, 2022)
Hana Tour responsible for personal data divulgence of 460,000 customers faces a fine of KRW 10 M (Seoul Economic Daily, Jul. 21, 2022)
The titles above are news articles about personal information divulgence incidents that had occurred for the past one month. It seems that personal information divulgence and exposure incidents are reported on a regular basis. Can you give your information to an enterprise that has ever experienced data breaches?
Minimum measures to be taken by personal information controllers are stipulated as shown below, in the Standards for Technical and Managerial Measures for Personal Information Protection and the Standards for Securing the Safety of Personal Information.
Standards for Technical and
Managerial Measures for Personal Information Protection Article 4 |
(1) The information and
communication service provider shall only grant access permission to personal
data handling systems to the privacy officer or personal data controller for
providing services. |
Standards for Securing the
Safety of Personal Information Article 6 |
(1) A personal data controller shall take measures including the following functions to prevent unlawful access and infringement through a telecommunication network: 1. Restriction of unauthorized access by limiting access permission to personal data handling systems via internet protocol (IP) address; and 2. Detection of and response against attempts for unlawful exposure of personal data by analyzing IP addresses accessing a personal data handling system |
Personal information and data security are of growing importance in line with the amendments to the three data acts in 2020, the adoption of the EU GDPR adequacy decision on the Republic of Korea in 2021, and the implementation of MyData 2022. Since the information technology general control (ITGC) audit of the internal accounting management system, which is a corporate IT audit, was expanded and the security and control activities of IT operation systems are subject to an audit, companies should formulate an IT security plan.
What is Access Control?
How can enterprises protect their data from a variety of threats such as hacking and security incidents? One of the most representative ways is data access control.
Access control allows or refuses persons or processes’ access to systems or files for reading, writing, execution, etc. As the necessity for access control arises in corporate data, the corporate DB security market for database access control solutions is being expanded.
According to “2021 Survey on Domestic Information Protection Industry” published by the Korea Internet & Security Agency (KISA), the sales of the domestic information protection industry in 2020 grew by 6.4% year on year due to the expanded non-face-to-face environment, telecommuting, etc. during the COVID-19 pandemic, and the demand for access control solutions increased accordingly.