South Korea has unveiled a new set of supervisory measures and tighter penalties, following a massive data breach earlier this week involving over 20 million bank customers.
Under the proposed changes, top executives could face the sack while firms could be fined heavily and be suspended, said the Financial Services Commission (FSC), according to Yonhap News.
The more stringent requirements on financial firms include:
- Beefing up monitoring of staff and contractors in areas related to data protection
- Tighter regulations over sharing of customer data between affiliates
- Choice for users to opt out of data sharing practices with affiliates and third parties
- Cutting down on required personal information collected such as citizen registration numbers
- Credit card firms required to delete customer data within a certain timeframe after membership cancelation
The "hastily drawn-up" measures come amid public uproar over poor management of client data by financial firms, noted the report. News broke on Sunday that at least 20 million customers under three credit card firms had their data stolen, reportedly by a temporary employee who later sold the data for 17 million won (US$16,000) to phone marketing companies. The information was taken from the internal servers of KB Kookmin Card, Lotte Card, and NH Nonghyup Card.
FSC plans to suspend the businesses of the three credit card firms for three months, and take punitive action against their top executives, noted Yonhap.