Gov't to enhance virus-related privacy protection amid concerns over data breach

All News 11:47 September 11, 2020

SEOUL, Sept. 11 (Yonhap) -- The South Korean government on Friday announced additional measures to protect personal information, as the prolonged fight against the coronavirus pandemic has led to excessive data disclosures.

The Personal Information Protection Commission (PIPC) released the measures to protect privacy amid the COVID-19 pandemic, aimed at minimizing harnessing private information.

Under the measures, businesses cannot demand the names of customers on handwritten entry logs but only part of their home addresses and phone numbers.

And local governments should follow the government's privacy protection guidelines issued in March when they reveal the detailed location histories of COVID-19 patients in their regions.

This photo shows a handwritten entry log used in some business establishments in Busan, South Korea, on June 10, 2020. (Yonhap)

The move came as the PIPC concluded that there was a high risk of data breach, after inspecting how personal information was gathered and managed during the quarantine process.

High-risk facilities and most business establishments, like cinemas, cafes and restaurants, require visitors to submit either a QR-code based entry log or a handwritten one. But privacy concerns have been raised with the latter, as people are often required to write down their personal information -- a name and a phone number -- on the same sheet of paper.

The government is also considering removing the requirement of mandatory entry logs in the case of a takeout order by a customer in a face mask.

Information gathered through smartphone QR codes was found to be safe, as they are automatically deleted after four weeks, the commission said.

This photo, provided by Suwon City, south of Seoul, shows an official at a fitness center in the city checking a smartphone QR code-based entry log on June 10, 2020, the first day of the mandatory QR code-based registration of visitors at bars, clubs and other entertainment facilities across the country to stem the spread of the new coronavirus. (PHOTO NOT FOR SALE) (Yonhap)

Meanwhile, the use of phone-based entry logs will be expanded for those who are not familiar with using QR codes.

The system automatically collects a caller's information when the person makes a call to a designated number. The information will be automatically deleted after four weeks.

The commission said it will mandate the central government's guidelines on personal data, citing 435 cases in which regional governments failed to follow the state recommendations to protect the privacy of coronavirus patients.

In March, the Korea Centers for Disease Control and Prevention (KCDC) recommended local governments hold back any detailed information that could identify patients, including their addresses and companies they work for.

The guidelines, however, allow the disclosure of such private information when a patient may have infected a large number of colleagues at work.

Yoon Jong-in, chairman of the Personal Information Protection Commission (PIPC), announces measures for privacy protection at the government complex in Seoul on Sept. 11, 2020. (Yonhap)

The PIPC said it will continue removing personal information circulated on various social media sites, in cooperation with relevant agencies.

From May to August, it successfully deleted some 4,555 cases of personal information on such sites, among the total of 5,053.

"We will use private information only when it is absolutely necessary for quarantine efforts, and ensure their safe use," Yoon Jong-in, chairman of the commission, said. "We seek public cooperation in the government's push to use the relatively safe QR-code entry log."

jaeyeon.woo@yna.co.kr
(END)

Keywords