As a series of personal information leaks have occurred at corporations certified under the ISMS-P (information security and personal information protection management system), fueling debate over the system's effectiveness, Personal Information Protection Commission Chairperson Song Kyung-hee said the certification process would be overhauled. Coupang also faced heightened scrutiny after multiple incidents, including a large-scale leak, were revealed while it maintained certification twice.
Personal Information Protection Commission Chairperson Song Kyung-hee said at the National Policy Committee's current issues hearing on the 3rd, "ISMS-P has had the effect of raising the basic level of security, but there are many areas that need systematic improvement." When Democratic Party of Korea lawmaker Kim Yong-man noted that "33 leaks occurred at 27 of the 263 certified corporations," Song acknowledged that the current process leans toward document reviews and limited sampling, and outlined directions for improvement.
Song said, "We are reviewing the introduction of a preliminary review and expanding on-site inspections," adding, "Even after certification, we will verify compliance annually through measures such as penetration testing, and we will seek to revoke certification for corporations that seriously fail to meet the standards."
In response to a question about reflecting this in the budget, Song said, "An increase was not made, but we will push ahead regardless." When People Power Party lawmaker Yu Young-ha criticized, "You say you are strengthening it, but nothing is changing," Song said, "We have formed a system improvement task force with the Ministry of Science and ICT and are discussing reform plans, and we will conduct on-site inspections of 24 certified corporations where incidents occurred in Dec."
The effectiveness of punitive damages also came under scrutiny. Democratic Party of Korea lawmaker Kim Seung-won noted, "Given that Coupang's annual sales are 41 trillion won, a penalty surcharge of up to 1.2 trillion won can be imposed, and punitive damages could be applied up to 6 trillion won." Chairperson Song Kyung-hee said, "There are relevant provisions," but since the system was introduced in 2015, it has never been applied in practice due to the clause requiring proof of "intent or gross negligence."
Song said, "We will prepare measures to enhance the effectiveness of the punitive damages system, including strengthening the penalty surcharge."