When consumers join a site, the company gets consent from consumers to keep the personal information safetly. According to the agreement, the company promises they will manage the collected personal information safely. Nevertheless, illegal leaks of personal information still have not been resolved. The Ministry of Science and ICT[1] (MSIT) announced in a report on October 13th that the personal information leakage cases increased from 4.36 million in June 2020 up from 13.02 million in 2019. It has also increased more than 12 times in the last three years. We should not merely stand by and acknowledge this personal information leakage. Recognizing the importance of the people's personal information, and powerful punishments are needed to companies for their negligence of leakage.

  First, when personal information is leaked, it can be abused for other crimes. The leaked personal information is used for voice or messenger fraud to one's family members. It can even cause the victim to lose money. According to the Financial Supervisory Service, the amount of damage about messenger phishing crimes tripled from 36.9 billion won to 127.8 billion won from 2018 to 2020. This shows how serious the crime of abusing personal information.
  Second, personal information is difficult to handle once it has been leaked. This is because the leaked data is not only circulating in Korea, but also spreading abroad such as to China and the United States. In addition, the difficulty of searching for the cause of the leak is a more serious problem. It also interferes with the recovery process. Personal information leakage is usually caused by hacking or employee negligence. However, there is also a problem with the limitations of a security technology within the companies. Hacking technology has rapidly advanced. On the other hand, companies are less interested in protecting personal information than hackers are in accessing it. Article 28 of the 'Act on Promotion of Information and Communication Network Utilization and Information Protection' said, 'Information and communication service providers should take technical and administrative measures to ensure the safety of personal information when they process it.' Despite these laws, companies still neglect to manage the personal information they collect. If a company had been alerted to privacy protection and focused on developing security technologies, it could prevent the damage from personal information leakage more effectively.

       According to Jang Hang-bae, a professor of Department of the Industrial Security at Chung-Ang University, "Companies prioritize sales and profits. However, the security is perceived as subordinate, so they do not find justification for investment until after an accident occurs." As he said, sales and profits are important, but above all, companies should know the importance of personal information. Also, they should make more efforts to protect it. It is time to impose heavier penalties on companies that neglect personal information security. Thus, it is necessary for companies to prevent complacent response from personal information leaks.

[1] ICT: Information and Communication Technologies