A privacy officer has been found guilty of negligence in failing to prevent a 2017 data breach impacting over 465,000 customers.
The Seoul Eastern District Court has charged Kim Jin-Hwan, a privacy officer of the South Korean travel agency Hana Tour Service Inc., for violating South Korea’s Personal Information Protection Act (PIPA) and the Network Act.
Both PIPA and the Network Act requires the person responsible for managing personal data to take the necessary “technological and managerial measures” to prevent data breaches and to notify the Korea Communication Commission of any incidents within 24 hours.
Subsequently, Jin-Hwan was found personally liable for the company’s data breach violations, and has been fined ₩10 million (approximately $8,600). The Court has also imposed ₩327,250,000 (around $280,000) against the company by the Ministry of Interior and Safety.
This case is the first of three criminal cases, where South Korean prosecutors have sought to impose personal liability in data breach cases.
The two other cases involve Bithumb, a Korean cryptocurrency exchange, and hotel booking app, Good Choice. Both companies and their respective privacy officers are being accused of failing to implement the necessary technological and managerial measures.
The Bitchumb case involves an excel file containing the personal information of approximately 31,000 individuals being compromised. The Good Choice case involves the membership information of around 78,000 users and hotel reservation information of an estimated 910,000 users being exposed.
If both companies are found guilty, under either the Network Act or PIPA, they could face up to two years in prison and/or a ₩20 million fine.
The post Privacy: Privacy Officer in Korea faces penalty for data breach appeared first on PrivSec Report.