Financial authorities said Sunday that they issued a caution against three insurance-related associations for 8 million cases of customer information transfer due to lax supervision.
The authorities said that between April 2009 and May 2012, the Korea Insurance Development Institute was found to have provided insurance companies with information in 4.2 million cases without customer approval.
According to the local insurance act, a private entity can send personal data to insurance firms only after gaining consumers’ consent through a handwritten signature, electronic signature, password verification or recorded verbal approval.
The KIDI was also found to have given out personal customer data that was irrelevant to accident examination in 3.7 million instances from April 2009 to December 2012.
“Insurance customers’ information is highly sensitive because it includes their health history,” said an official from the Financial Supervisory Service.
Two other major insurance organizations, the Korea Life Insurance Association and the General Insurance Association of Korea, were also issued an institutional caution and individual cautions for appropriating insurance customer data without approval from the Financial Services Commission, the country’s highest financial decision-maker.
