South Korea's Personal Information Protection Commission (PIPC) announced Monday it will conduct inspections of outsourced call center operations across five industries after a recent case in which a delivery app customer service agent exploited customer data for criminal activity.
According to police, a customer service agent who had been planted at an outsourced call center for Baedal Minjok, South Korea's leading food delivery app, was found to have accessed customer personal information, including home addresses, unrelated to work duties and used the data for criminal purposes. The investigation revealed the agent had passed the information to a criminal ring that solicited "revenge attacks" through Telegram, receiving tens of millions of won in return.
The PIPC said it sees an urgent need to review the overall system governing access to and management of personal information through call centers. The inspections will cover five sectors: delivery services, home shopping, online shopping, rental services and wired telecommunications.
Specific areas of review include: △whether access privileges granted to customer service agents and other personal information handlers are minimized; △whether access rights are changed or revoked when job roles change; △whether account sharing occurs; △the status of access log retention and review; and △the state of training, management and supervision of subcontractors.
The PIPC plans to identify and address deficiencies preemptively through the focused inspections and will issue corrective recommendations or other measures as needed.