One can never know if their personal information on the internet is stored safely. In the 21st century, the importance and value of information are increasing and, at the same time, personal data are being more exposed to abuse and misuse on the internet. It is often believed that celebrities are the only targets of personal information abuse. However, a recent incident that happened on campus proves otherwise.
Park, an employee working in the Global Service Center of the International Department sent private and inappropriate messages to numerous Chinese female students through Kakao Talk, some of them saying “I want to be friends with you,” or “I fell in love with you at first sight.” It has been revealed that Park, who first came to work on March 16 on behalf of an employee on maternity leave, had contacted the students by using their personal information he had obtained while working, since his first day of employment.
How KU Dealt With the Incident
Students who received the text messages informed this bizarre incident to the Korea University International Student Assistance (KUISA) and the Chinese Student Association. Soon afterwards, KUISA reported the problematic situation to the school authorities and later confirmed that there were around 40 victims. Recognizing the problem, Korea University (KU) took steps to cancel his recruitment, stating that they sent a letter of notifying Park about the termination of his contract and that all of his rights as a faculty member had been suspended.
The Global Service Center filed a complaint to the Seoul Seongbuk Police Station against Park on the charges of violating the school privacy law. Soon, on March 23, the Seongbuk Police station announced that the crime had been confirmed and the investigation on the specific scope and route of the leakage of the victims' personal information had started. The Digital Information Service Center cooperated closely with the police in an attempt to speed up the investigation by providing and analyzing Park's computer activity records.
The incident has also become a big issue among students. On March 19, screenshots of the text messages were uploaded on the internet community Everytime. The same post was also posted on another online school community Koreapas, but it was soon deleted.
The Global Service Center and the school communication team emphasized that it is now important to speak up about the situation transparently and actively with all students who may potentially be exposed to the same risk. In addition, when faced with a similar problem, one should immediately inform the school in order to prevent further damage, resolve the situation, and alleviate any psychological damage that the problem may have caused.
How This Happened
According to an interview conducted with Choi Chul-ho, the deputy director of KU Information Infrastructure by Korea University Weekly, KU received the Information Protection Management System (ISMS) Certification in June 2019, following the Information and Communication Network Act. ISMS evaluates whether the information protection management system complies with the certification criteria, which means that KU has a high reputation in terms of information security. ISMS, which aims to prevent infringement of personal information through abnormal route, could not keep the faculty member with authority from conducting a deviation. The problem was not on the system itself, but rather on one individual's misconduct and lack of respect towards other people's privacy. This indicates that while the school was able to mangage the cyber system's safety and defense to a certain extent, they relatively failed to educate the faculty members about the awareness of personal information and privacy. Therefore, when employeeing new members of the staff, they should focus on conducting more intensified education programs on ethical behavior, especially information privacy.
The Biggest Problem of All
However, there is still a more fundamental and serious problem left. This incident, a leakage and misuse of personal information and misuse is not the first of its kind. In fact, similar crimes have occurred several times in Korea. A police officer contacting a civilian privately, a College Scholastic Ability Test (CSAT) supervisor courting a student by using her personal information and more cases have been witnessed. The problem is that these crimes are, in many cases not prosecuted properly―court rulings conlcuded that they are not guilty or only receiving light punishment.
According to the current Privacy Act, if the manager who handles private information for task purpose misuse the information they are punished, but there is no legal basis for punishment if a person under the direction of the manager conducts the crime. The Personal Information Protection Commission (PIPC) Advisory Counsel Kim Borami mentioned during an interview with *SBS News*, “It is first and foremost priority to make an explicit provision to punish those who have access to personal information and use it differently from the original purpose described in the Privacy Act,” pointing out the need for institutional improvement.
This incident in KU does not only end with causing discomfort to the victims, but also gives a sense of anxiety and fear to all the students attending the school whose personal information is stored in the school computer system. It is clearly undesirable for such incidents to occur in the school, but it would be more meaningful if this becomes an opportunity to recognize the current societal problem and try to make institutional improvements to prevent the recurrence of such incidents.
Kweon Seoyoung
kb071531@korea.ac.kr