Privacy & Cybersecurity Law Blog

According to MLex, on January 6, 2020, the Seoul Eastern District Court found Kim Jin-Hwan, a privacy officer of the South Korean travel agency Hana Tour Service Inc., guilty of negligence in failing to prevent a 2017 data breach that affected over 465,000 customers of the agency and 29,000 Hana Tour employees.

The privacy officer was accused of violating South Korea’s Personal Information Protection Act and the Network Act, which require the person responsible for the management of personal data to take necessary “technological and managerial measures” to prevent data breaches and to notify the Korea Communication Commission of any data breach incidents within 24 hours.

The Court imposed a penalty of 10 million South Korean Won (₩) against the privacy officer, which is roughly equivalent to $8,500. This is in addition to separate fines of ₩327,250,000 (around $280,000) imposed against the company by the Ministry of Interior and Safety.

This is not the only instance where South Korean prosecutors have sought to impose personal liability in data breach cases. In a suit currently pending, prosecutors have recommended the court sentence the chief of Bithumb, South Korea’s leading cryptocurrency exchange, to one year in prison and a ₩20 million fine for failing to take necessary measures to prevent a data breach that affected over 31,000 users. The Seoul Eastern District Court is expected to deliver the verdict in that case later this month.