PIPC, Korea

Overview

What is divulgence of personal information?

It refers to the personal information controller’s loss of control over the data subject’s personal information or to allowing an unauthorized person’s access to the data subject’s personal information without reliance on laws or the free will of the personal information controller.

What is the personal information divulgence reporting system?

It is a system that obliges personal information controllers to take a security measure to prevent divulgence of personal information and make a report in such cases following the standards below:

What is the Reporting on Divulgence of Personal Information System
Target	Personal information controller	Information and communications service providers, etc.	Commercial enterprises and corporations
Reporting Standard	If the personal information of 1,000 or more data subjects is divulged	If the personal information of one user is divulged (lost, stolen or divulged)	The personal credit data of 10,000 or more data subjects is divulged (leaked)
Reporting Deadline	Immediately (within 5 days)	Immediately (within 24 hours)	Immediately (within 5 days)
Details of reporting	1. Whether it was notified to data subjects 2. List and scale of personal information divulged 3. Time and account of the accident 4. Measures to minimize damage and result 5. Method that the relevant data subject may take to minimize the damage and relief process available 6. Contact information of responsible department and person in charge	1. Whether it was notified to users 2. List and scale of personal information divulged 3. Time and account of the accident 4. Measures taken by information and communications service providers, etc. 5. Method that the relevant user may take to minimize the damage and relief process available 6. Contact information of responsible department and person in charge	1. Whether it was notified to credit data subjects 2. List and scale of personal information divulged (leaked) 3. Time and account of the accident 4. Measures to minimize the damage of divulgence (leakage) and result 5. Method that the relevant credit data subject may take to minimize the damage and relief process available 6. Contact information of responsible department and person in charge
Basis	Article 34 of the Personal Information Protection Act	Article 39-4, of the Personal Information Protection Act	Article 39-4, of the Credit Information Use and Protection Act

Legal Basis

Article 34 (Data Breach Notification), and Article 39-4 (Special Cases on the Notification and Reporting on the Divulgence of Personal Information) of the Personal Information Protection Act, and Article 39-4 of the Credit Information Use and Protection Act (Notification, etc. of Divulgence of Credit Information)

Division in charge and Reporting agency

Division in charge

General Investigation Division of the Personal Information Protection Commission

Reporting agency

Korea Internet Security Agency (KISA)
The Personal Information Protection Commission designated KISA as the operating agency to receive the reports on personal information divulgence cases, etc., according to relevant laws and regulations, including the ｢Personal Information Protection Act｣. Please, click the button below to report divulgence cases, and call 118 for further inquiries

Click here to report on
divulgence (Korean)

※ Contact

Contact
Name of institution	Korea Internet Security Agency (KISA)
Phone number	118 without an extension
E-mail address	privacyclean@kisa.or.kr
Internet site	https://www.privacy.go.kr
Zip code	(58324) KISA Jinheung-gil 9, Naju, Jeollanam-do

※ For information on reporting divulgence by financial institutions such as banks, securities companies and insurance companies, credit information companies and claims collection agencies, please contact the Financial Services Commission (1332, www.fscs.kr).

Personal Information Protection Commission

Reporting on Divulgence of Personal Information