Yoon Jong-in, chairman of the Personal Information Protection Committee, speaks at the general meeting of the Personal Information Committee held at the Seoul Government Complex on the 10th. Photo provided = Personal Information Protection Committee
It was revealed that more than 1,000 personal information of customers using the Hanaro Medical Foundation’s health examination was leaked. More than 5,000 personal information of members of the Daewoo World Management Research Association were also leaked.
The Personal Information Protection Committee announced on the 10th that it had found violations of the personal information protection laws of the Hanaro Medical Foundation and the Daewoo World Management Research Association, and imposed a fine of 66.2 million won on them.
The Hanaro Medical Foundation, a medical corporation specializing in health checkups, is accused of leaking 1147 personal information of individuals subject to health checkups. Without knowing the fact that personal information was contained in the Excel file managed by the corporation, it was frequently transmitted to external organizations. Most of the personal information that was leaked without permission was resident registration number (1139 cases). The Personal Information Commission also confirmed that the Hanaro Medical Foundation neglected measures to ensure safety, such as improper management of access rights and access records to the examination management system.
The Daewoo World Management Research Association, a corporate judicial corporation that conducts projects such as support for training professional manpower and operation of lifelong education facilities, leaked 5569 cases of personal information (4182 cases of resident registration number) due to poor management of the website. Even though there was an error that anyone could download the member’s personal information on the Daewoo World Management Research Association’s website, it was not corrected, resulting in a long period of personal information leakage. The Personal Information Commission said, “There have been violations of the law, such as processing social security numbers without legal basis and non-destruction of personal information that has passed the retention period.”
The Personal Information Commission imposed a high penalty of 16875,000 won and a fine of 9 million won to the Hanaro Medical Foundation. The Daewoo World Management Research Association received a penalty of 24,375,000 won and a fine of 16 million won.
Sang-Hoon Song, Director of Investigation and Coordination, Personal Information Committee, said, “If the resident registration number is leaked as important personal information that can clearly identify an individual, it is likely to be abused for crime, etc., so thorough management is necessary.” “Please thoroughly take measures to ensure safety such as encryption, and make sure that there is no minor carelessness through employee training, etc.”
Reporter Seo Min-joon [email protected]
Ⓒ Hankyung.com prohibits unauthorized reproduction and redistribution