Websites in South Korea will soon need to find new systems to authenticate users once new laws come into place in the country later this year.
According to the Yonhap News Agency, the country’s regulator — the Korea Communications Commission (KCC) — announced that website owners will no longer be able to collect national security numbers from August 8 this year, while those that have collected users data must destroy it within the next two years.
The ramifications of the announcement are hugely significant as most South Korean websites require users to provide personal information — including real name and national security number — when signing up for services or site membership.
The system has received much criticism in recent years after a string of attacks on the servers of portal sites resulted in millions of users’ personal data being exposed. One of the highest profile hacks saw a database containing the personal details of 13 million Korea Internet gamers accessed in November.
The KCC said the following about the new rules:
The revision of this communications law will safely protect the privacy of citizens and it is hoped that it will help bring significant improvements to the standards of protecting information for domestic companies.
Once the law comes in to effect, websites will be required to report any attacks which result in the leaking of personal information directly to the KCC. Some major portal sites, such as the popular Naver, stopped collecting user data some time back and have instead been using alternative ways to authenticate users’ identities online.
The rigid ID requirements have been a frustrating issue for many in Korea’s expat community as the systems in place only supported for Korean ID numbers. The news was met with hope that signing up for sites will become easier in the future, although many remain skeptical that future requirements will accommodate non-Koreans.