Gov't to enhance virus-related privacy protection amid concerns over data breach

SEOUL, Sept. 11 (Yonhap) -- The South Korean government on Friday announced additional measures to protect personal information, as the prolonged fight against the coronavirus pandemic has led to excessive data disclosures.

The Personal Information Protection Commission (PIPC) released the measures to protect privacy amid the COVID-19 pandemic, aimed at minimizing harnessing private information.

Under the measures, businesses cannot demand the names of customers on handwritten entry logs but only part of their home addresses and phone numbers.

And local governments should follow the government's privacy protection guidelines issued in March when they reveal the detailed location histories of COVID-19 patients in their regions.

The move came as the PIPC concluded that there was a high risk of data breach, after inspecting how personal information was gathered and managed during the quarantine process.

High-risk facilities and most business establishments, like cinemas, cafes and restaurants, require visitors to submit either a QR-code based entry log or a handwritten one. But privacy concerns have been raised with the latter, as people are often required to write down their personal information -- a name and a phone number -- on the same sheet of paper.

The government is also considering removing the requirement of mandatory entry logs in the case of a takeout order by a customer in a face mask.

Information gathered through smartphone QR codes was found to be safe, as they are automatically deleted after four weeks, the commission said.

Meanwhile, the use of phone-based entry logs will be expanded for those who are not familiar with using QR codes.

The system automatically collects a caller's information when the person makes a call to a designated number. The information will be automatically deleted after four weeks.

The commission said it will mandate the central government's guidelines on personal data, citing 435 cases in which regional governments failed to follow the state recommendations to protect the privacy of coronavirus patients.

In March, the Korea Centers for Disease Control and Prevention (KCDC) recommended local governments hold back any detailed information that could identify patients, including their addresses and companies they work for.

The guidelines, however, allow the disclosure of such private information when a patient may have infected a large number of colleagues at work.

The PIPC said it will continue removing personal information circulated on various social media sites, in cooperation with relevant agencies.

From May to August, it successfully deleted some 4,555 cases of personal information on such sites, among the total of 5,053.

"We will use private information only when it is absolutely necessary for quarantine efforts, and ensure their safe use," Yoon Jong-in, chairman of the commission, said. "We seek public cooperation in the government's push to use the relatively safe QR-code entry log."

jaeyeon.woo@yna.co.kr
(END)