Citizens’ Action Network Carries Out Survey of “Internet financial organs’ sharing of clients’ personal information”
The National Human Rights Commission (NHRC), has carried out a joint survey, together with the Citizens’ Action Network, between May and September 2003 on “Internet financial institutions and sharing of clients’ personal information” in line with the NHRC larger 2003 project to research the state of human rights in Korea.
Through this study, the NHRC examined: (1) Netizens’ awareness of and attitude toward their personal information, (2) companies’ rules relating to personal information, privacy policy for protecting personal information, forms for applying to be members of different sites, (3) technological and managing strategies for protecting personal information, (4) domestic privacy laws for protection of personal information. Based on the Citizens’ Action Network survey results, the NHRC presented “Directions for Reform and Guidelines for the Protection of Personal Information.” The main survey results are as follows.
1. Serious Passivity: “87.8% of survey respondents have never raised their complaints with companies that have shared their private information”
Among the 1,042 netizens surveyed, 75.0% responded that when becoming a member of an internet site, the information they were most reluctant to submit was their resident registration number (the Korean identity verification number similar to the Social Security Number in the United States), 8.2% their cell phone number, 4.5% their phone number, 4.4% their names, and 2.8% their e-mail addresses.
However, because of local practice in Korea, the vast majority of Korean Internet sites require persons to submit their resident registration number in order to join the site. Relating to this practice, 42.9% of survey respondents replied that, “even if there is a guarantee that the ID number will be kept confidential, only sites that truly need to confirm a person’s identity should collect resident registration numbers,” showing netizens’ reluctance to reveal their resident registration numbers. Regarding the problem of fraudulent use of resident registration numbers, no less than 26.6% of respondents reported that they had actually “experienced not being able to join a website’s membership because someone else had stolen and fraudulently used my resident registration number.”
Regarding spam, 45.2% of respondents received spam “over 10 times a day,” and 80.5% reported that when they receive spam, they delete it. On the other hand, 87.8% of respondents have never raised their grievances about website’s demanding and collecting personal information to the company in question, thus indicating the passivity of netizens about their personal information.
2. “Over 70% of sites do not state to what purpose they are collecting personal information”
The study revealed that the vast majority of companies did not state the fact that they could share the individual members’ personal information with third parties. Only 17.9% (12 sites) of the websites examined contained information about third parties with whom they were currently sharing clients’ personal information. In contrast, 23 sites (34.3%) abstractly referred to the kinds of third parties and purposes, while 32 sites (47.8%) did not contain any clear information whatsoever as to whether the personal information entered would or could be shared. Additionally, 28 sites (41.8%) did not clearly inform prospective members about the procedure for obtaining members’ consent for sharing of personal information, and not even one website had a separate procedure, on a third-party company by company basis, to obtain members’ consent each time their private information is shared. Further, 57 sites (85.1%) did not state how they would inform site members in the event of a transfer of ownership of the website to another company, and as much as 56 sites (83.6%) did not state that they would seek the site members’ consent in order to keep their personal information after the ownership of the site was sold or transferred.
3. “Reform measures or guidelines for protecting personal information should be set”
After comprehensive consideration of the study results, the need for reform of the system for protecting private information—reform toward centering protections on the individual’s right of control over their own personal information—was highlighted. The study concluded with the following policy recommendations toward realizing this right of control over how and where one’s personal information is used: (1) the enactment of a general law on protection of personal information and installment of an independent supervisory organ; (2) putting an end to the practice of collecting resident registration numbers; (3) putting an end to far-reaching, generalized, catch-all “consent” agreements for sharing members’ personal information; (4) reform of policy and provisions related to protection of personal information.
