A recent incident in South Korea gave us all a look at how countries react differently to the theft of consumer information through a breach of a large corporate entity. In the U.S. and many other western economies, while the consumer population becomes ever more cognizant of the risks associated with a data breach, most of the major corporate offenders seem content with writing a mass apology letter before shrugging and moving forward with business as usual.
They may even offer credit monitoring or a discount before looking to turn the page…assuming they report the breach to begin with of course. Not so on the Korean Peninsula. They don’t mess around. South Korea’s financial services regulators announced Sunday that three firms, two of which are major
conglomerates (KB Financial Group, owner of South Korea’s largest bank, KB Kookmin, and Tokyo-based supermarket giant, Lotte Group), all lost consumer data following data breaches last year. As a result, the regulators announced that all three will be prohibited from issuing new credit cards or loans until mid-May, effectively preventing them from doing business at all for the first five months of the year. This is a cost to each company in the many millions of dollars. This punishment was handed down even after the alleged thieves were arrested. And the punitive steps didn’t end there.
Executives at the three companies involved had to demonstrate their regret to the public by making bows and personal apologies on national TV. Some executives even reportedly resigned out of shame over the theft. While most countries don’t require such punitive actions after a data breach, to say that laws are getting more restrictive all across the globe is not an overreaching statement.
In the EU, legislation has been proposed to create a uniform code for data breach notification across all member countries. While this is still in the discussion phase, the fact that EU member countries are concerned and taking action bodes well, and most experts believe that some sort of uniform law will be in effect in the next few years. In Japan, the government is specifically targeting financial firms, raising the penalty for not disclosing when an individual user’s data has been breached from 500 yen to 10,000 yen ($75) per user. Multiply that out by thousands or potentially even millions, if the breach is large enough, and you’re talking about a very large financial deterrent where there wasn’t really one before.
Even in China, a government that usually looks at anything that may increase the cost of doing business as something to avoid the way one might seek to avoid the plague, is throwing its hat in the ring. In recent months, the Chinese government has devoted a significant amount of attention to protecting personal information through numerous new data regulations, seeking to prevent and punish the illegal use of one’s personal information for profit. With many of the economically viable nations in the world becoming aware of, and trying to rectify the problem of data security, it is hoped that criminals that operate in the cracks between the laws of nations may soon have much less space to hide.
"Data Breaches Worldwide – A Brief Look at How Other Nations Handle Data Breach Incidents" was written by Matt Davis. Matt is Director of Business Alliances at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.