Consumer Dispute Settlement Commission rebukes

SK Broadband’s (ex Hanaro Telecom) for its misappropriation of private information and  Auction for its personal data leakage

[SK Broadband’s misappropriation of private information]

On December 3, 2008, the Consumer Dispute Settlement Commission of the Korea Consumer Agency (Chair: Mr. Kouwhan Jeong,) ordered the Broad & Internet Service (ex Hanafos) to compensate KRW 300,000 of condolence to each subscriber for misappropriating personal information of their clients.  920 subscribers had requested the KCA to commence the Collective Alternative Dispute Resolution against SK Broadband (ex Hanaro Telecom) for giving away personal data without their consents. 

The Consumer Dispute Settlement Commission has made the above decision based on documents which had been received by SK Broadband as per subscribers’ requests.

Consumer Dispute Settlement Commission recognized that SK Broadband violated the Act on the Promotion of Information and Communication Network Utilization and the Protection of Data by committing several unlawful practices which includes the omission of consumers’ written consents, personal data disclosure prior to consumers’ consents, signature discrepancy on the consumers’ written consents, and excessive data disclosure more than permitted levels.  However, the CDSC did not acknowledge SK Broadband’s liability for the private data disclosures made based on the permitted levels of consumers’ consents

[Personal information leaks by Auction]

On the same day, Consumer Dispute Settlement Commission asked Auction to bear the responsibility and to compensate for subscribers’ mental damages from personal data leaks.  5,747 subscribers’ personal information was leaked by hackers.    

Even though 4 Chinese hackers have been arrested by the Chinese police, Korean police is yet to make any

arrests of the principal hackers in Korea, and no investigation details regarding the hacking methods and

hackers’ identities have been revealed as of far.  The CDSC asked Auction to compensate for personal data

leakage by hacking since Auction should bear the liability for negligence in private information protection.

According to the CDSC, Auction, as an information & communication service provider, should have installed web fire wall and should have encrypted personal data like resident registration numbers in order to protect their subscribers’ personal data on their database.  Nevertheless, Auction failed to take those preventive measures, neglecting their duties in protecting 18 million subscribers’ private information.  

After taking into consideration the fact that that Auction immediately informed consumers of the information leak in order to stop the damage proliferation, the CDSC asked Auction to compensate KRW 100,000 for bigger damage and KRW 50,000 for smaller damage (KRW 100,000 : all personal information was disclosed including name, Auction ID, address, telephone No. resident registration No. bank account no. / KRW 50,000 : partial data were exposed)    

Within 15days of notification to all concerned parties (SK Broadband, Auction, damaged consumers), the above decision shall be executed when all the concerned parties accept the settlement decision.  If then, the settlement decision equals to “Judicial compromise” and SK Broadband and Auction are required to compensate the condolence to their subscribers.  If they do not fulfill what has been agreed, the damaged consumers can exercise “compulsory enforcement power.”