Skip to menu Skip to content

Korean e-government homepage mark This site is the official e-Government website of the Republic of Korea.

zoom
100%

Reporting on Divulgence of Personal Information

Overview

What is divulgence of personal information?

It refers to the personal information controller’s loss of control over the data subject’s personal information or to allowing an unauthorized person’s access to the data subject’s personal information without reliance on laws or the free will of the personal information controller.

What is the personal information divulgence reporting system?

It is a system that obliges personal information controllers to take a security measure to prevent divulgence of personal information and make a report in such cases following the standards below:

What is the Reporting on Divulgence of Personal Information System
Target Personal information controller Information and communications service providers, etc. Commercial enterprises and corporations
Reporting
Standard
If the personal information of 1,000 or more data subjects is divulged If the personal information of one user is divulged (lost, stolen or divulged) The personal credit data of 10,000 or more data subjects is divulged (leaked)
Reporting
Deadline
Immediately (within 5 days) Immediately (within 24 hours) Immediately (within 5 days)
Details of
reporting
  • 1. Whether it was notified to data subjects
  • 2. List and scale of personal information divulged
  • 3. Time and account of the accident
  • 4. Measures to minimize damage and result
  • 5. Method that the relevant data subject may take to minimize the damage and relief process available
  • 6. Contact information of responsible department and person in charge
  • 1. Whether it was notified to users
  • 2. List and scale of personal information divulged
  • 3. Time and account of the accident
  • 4. Measures taken by information and communications service providers, etc.
  • 5. Method that the relevant user may take to minimize the damage and relief process available
  • 6. Contact information of responsible department and person in charge
  • 1. Whether it was notified to credit data subjects
  • 2. List and scale of personal information divulged (leaked)
  • 3. Time and account of the accident
  • 4. Measures to minimize the damage of divulgence (leakage) and result
  • 5. Method that the relevant credit data subject may take to minimize the damage and relief process available
  • 6. Contact information of responsible department and person in charge
Basis Article 34 of the Personal Information Protection Act Article 39-4, of the Personal Information Protection Act Article 39-4, of the Credit Information Use and Protection Act

Legal Basis

Article 34 (Data Breach Notification), and Article 39-4 (Special Cases on the Notification and Reporting on the Divulgence of Personal Information) of the Personal Information Protection Act, and Article 39-4 of the Credit Information Use and Protection Act (Notification, etc. of Divulgence of Credit Information)

Division in charge and Reporting agency

Division in charge

General Investigation Division of the Personal Information Protection Commission

Reporting agency

  • Korea Internet Security Agency (KISA)
  • The Personal Information Protection Commission designated KISA as the operating agency to receive the reports on personal information divulgence cases, etc., according to relevant laws and regulations, including the 「Personal Information Protection Act」. Please, click the button below to report divulgence cases, and call 118 for further inquiries

※ Contact

Contact
Name of institution Korea Internet Security Agency (KISA)
Phone number 118 without an extension
E-mail address privacyclean@kisa.or.kr
Internet site https://www.privacy.go.kr
Zip code (58324) KISA Jinheung-gil 9, Naju, Jeollanam-do

※ For information on reporting divulgence by financial institutions such as banks, securities companies and insurance companies, credit information companies and claims collection agencies, please contact the Financial Services Commission (1332, www.fscs.kr).