It refers to the personal information controller’s loss of control over the data subject’s personal information or to allowing an unauthorized person’s access to the data subject’s personal information without reliance on laws or the free will of the personal information controller.
It is a system that obliges personal information controllers to take a security measure to prevent divulgence of personal information and make a report in such cases following the standards below:
|Target||Personal information controller||Information and communications service providers, etc.||Commercial enterprises and corporations|
|If the personal information of 1,000 or more data subjects is divulged||If the personal information of one user is divulged (lost, stolen or divulged)||The personal credit data of 10,000 or more data subjects is divulged (leaked)|
|Immediately (within 5 days)||Immediately (within 24 hours)||Immediately (within 5 days)|
|Basis||Article 34 of the Personal Information Protection Act||Article 39-4, of the Personal Information Protection Act||Article 39-4, of the Credit Information Use and Protection Act|
Article 34 (Data Breach Notification), and Article 39-4 (Special Cases on the Notification and Reporting on the Divulgence of Personal Information) of the Personal Information Protection Act, and Article 39-4 of the Credit Information Use and Protection Act (Notification, etc. of Divulgence of Credit Information)
General Investigation Division of the Personal Information Protection Commission
|Name of institution||Korea Internet Security Agency (KISA)|
|Phone number||118 without an extension|
|Zip code||(58324) KISA Jinheung-gil 9, Naju, Jeollanam-do|
※ For information on reporting divulgence by financial institutions such as banks, securities companies and insurance companies, credit information companies and claims collection agencies, please contact the Financial Services Commission (1332, www.fscs.kr).