Disparity in Data Breach Fines: '600 Billion Won for Firms vs. 700 Million Won for Agencies'

Concerns are rising that the fines imposed on the Ministry of SMEs and Startups and its affiliated agencies for the data breach of thousands of applicants to the 'Modu-ui Changeop' (Startup for All) platform, which also involved the leak of startup ideas, will be limited to only hundreds of millions of won.

Critics point out that this creates a lack of equity and effectiveness, especially when compared to the hundreds of billions of won in fines levied against major private companies.

According to data submitted by the Personal Information Protection Commission to Representative Lee Yang-soo of the People Power Party today (June 23), the highest fine imposed on a public institution for a data breach since 2021 was 703 million won, levied against the National Research Foundation of Korea in January of this year.

The agency received this penalty after a hacking incident in June last year resulted in the exposure of names and mobile phone numbers of 120,000 individuals.

Following this were Chonbuk National University (623 million won), the Government Employees Pension Service (532 million won), and the Korea National Council on Social Welfare (483 million won).

In contrast, the highest fine imposed on a private company was 624.7 billion won, recently levied against Coupang.

Other notable fines include SK Telecom (134.7 billion won), Meta (21.6 billion won), Louis Vuitton (21.3 billion won), Kakao (15.1 billion won), and Christian Dior Couture Korea (13.4 billion won).

The vast gap between fines for private companies and public institutions stems from differences in calculation criteria.

Under the Personal Information Protection Act, fines can be up to 3% of total revenue, though revenue unrelated to the data breach may be excluded.

However, for public institutions that have no revenue or where revenue is difficult to calculate, the maximum fine is capped at 2 billion won.

Based on this, observers predict that the fines to be imposed on the Ministry of SMEs and Startups and its affiliated agencies for this breach will likely remain in the range of hundreds of millions of won at most.

In fact, the Ministry of the Interior and Safety, which suffered a data breach of a similar scale to the '5,000 people' reported by the Korea Institute of Startup & Entrepreneurship Development under the Ministry of SMEs and Startups, was recently fined 273 million won.

Representative Lee emphasized, "Because fines are calculated under current regulations, those for public institutions are disproportionately lower than those for private companies," adding, "To prevent public institutions from leaking citizens' information, as seen in the 'Modu-ui Changeop' case, thorough security measures and corresponding punitive fines must be implemented."

(Photo: Yonhap News)
※ Please note: This article was translated by AI and may contain errors.