Republic of Korea: Issued ruling in PIPC investigation into BSC Co and SK Group compliance with Personal Information Protection Act including corrective orders and penalties

On 12 July 2023, the Korean Personal Information Protection Commission (PIPC) ruled sanctions on BSC Co for violating the Personal Information Protection Act. BSC Co, responsible for conducting the comprehensive recruitment competency test of SK Group, failed to implement proper access controls for its system's administrator page. As a result, the personal information of test takers was leaked. They also failed to destroy personal information whose storage period had passed. Therefore, BSC Co received a corrective order. Furthermore, the SK Group was found to have failed to manage and supervise the trustee and neglected to establish a written contract for the consignment of personal information processing. They received a total fine of KRW 24 million.