Wherever you go, there are garbage cans and there are deserted white slips of paper called receipts. Receipts can be annoying to dispose of and people often don’t care about them. But did you know that those receipts are blueprints of your own personal information? Did you know that those pieces of papers are pieces of a personal information puzzle about you?

Trivial Things That aren’t Trivial
Take a look at what is included on receipts. Receipts show where you have been, when you were there, what you purchased or ate and how much it cost. But that is not the end. Today, credit card numbers are sometimes partially included on receipts depending on where you used your card. That means that if someone has two or three of your receipts, he or she could figure out your full card number and it can be used for criminal purposes. Your personal information is also available online. Many websites are only fully available after signing up with your personal information and agreeing to the access terms, which are rarely read. Most often, there is a convenient button called “I agree with all” that allows users to “agree” with access terms in one click. As a result, from the time you sign up, your personal information is not that “personal” because you agree to privacy policies and terms of service that save your information. This is not only an online issue.

2014 Began not with a Leakage but a Flood
In January 2014, the confidential personal data of customers of three major card corporations, KB Kookmin Card Co., Lotte Card Co. and NH Nonghyup Card Co., was leaked. The leak included resident registration numbers and names, as well as personal phone numbers, resident addresses, office addresses, office telephone numbers and also personal credit information of customers, totaling up to nineteen clauses. The real number of victims is estimated to be about twenty million. Following this disastrous event, three major mobile service corporations, SK Telecom, LG U-PLUS, and OLLEH KT, also leaked their customers' personal information the following March. The point is that this was not the first time and these events are creating not just a leakage but a flood of confidential information. Confidential information of customers has worn out and it is no longer confidential but vulnerable.

Who Should Hold the Cleaning Broomstick?
OLLEH KT Corporations (KT) is not implementing proper compensation policies. At first, they delivered “apology letters” to victims and investigated how this leakage occurred and what the damage was, noting that compensation policies would be implemented after diagnosing the causes and damage of the event. Two months has passed after they said like that but no compensation has been delivered to victims. Corporations are not mollifying victims, but rather making them angry by evading their responsibility to protect and take care of confidential information. The corporations responsible for the leaks seem to have no guilt, and as such victims are preparing to file a lawsuit. On the other hand, the Government revised the law on personal information (PERSONAL INFORMATION PROTECTION ACT, Act NO.12504, MAR.24, 2014), but it does not seem to be effective. According to the REVISED PERSONAL INFORMATION PROTECTION ACT, article24 (Limitation of Unique Identifiable Information), the resident registration numbers of a person must be saved and encrypted. In addition, no more resident registration numbers can be collected. The personal certificate issue is also enforced and requires special certification. However, it is suspicious that the encryption object is limited to resident registration numbers. This needs to be extended to passports or driver's license numbers and credit card numbers. It will also take a great deal of time and money to show plausible effects.

People Need a Firewall, not a Cleaning Man
There is no use crying over spilt milk. This disaster shows that people need realistic and effective preventive measures, not follow-up actions. According to the personal information leakage inspection group of KT, KT's homepage was first built without any ID verifications when collecting personal information and hackers knew this. In addition, the three card corporations' leakage can be considered internal in light of the fact that they are all based on the same outsourcing project by the Korea Credit Bureau (KCB) and the outsourcing employee of KCB could have intercepted customers’ personal information. Governments and corporations should start with this basis. They should thoroughly investigate where the leakage started and establish coherent and effective preventive measures. Rather than making the issue steps complicated, information security must be enforced to ensure that no more leakages occur. The Board of Audit and Inspection needs to be granted more independence to properly implement such measures, making its role more important. Lastly, corporations' employees should be cautious when handling customers’ personal information and anti-leakage solutions must be installed in spite of work inconvenience.

The Root of Personal Information Is You
No matter how strong a protection policy might be, customers should be cautious. The first supplier of confidential information is the customer and it is the customer who starts the cycle of information. As members of the information age, customers' information safety frigidity must be solved too. Personal information exists not to verify but to identify. Verification means comparing someone's biological data with other data he or she saved, while identification is comparing someone's data with unspecified individuals’, so personal information must be sent to a database in order to be compared. As a result, in order to protect personal information, customers should always be aware of the possibility of information leakage. Customers should know how, where, and why their information is used, as well as monitor corporations using their information and properly dispose of unused information. Active customers along with well-made policies can protect confidential information.


ldyoverd@ajou.ac.kr

Reference
“Information leakage and financial industry” The Hankook Daily 6 April 2014 : n. page. Hankook i.com. Web. 6 April 2014.
 

저작권자 © 아주대학보 무단전재 및 재배포 금지