Thursday, September 24, 2015

Fake ID cards and Korean data privacy laws.

In Korea, the use of stolen or forged ID cards by teenagers to enter drinking establishments or purchase alcohol or tobacco products has become a problem. If caught, the teenagers are not prosecuted but the convenience store or drinking establishment that sold the product may have its operating license revoked or need to pay a fine. Even if the owner insists that the ID card was verified during the purchase, without evidence in the form of CCTV footage, no justification is possible. This becomes a target of abuse when teenagers skip out on paying restaurant or bar bills, or when underage employees employed by a business owner drink alcohol at a competing establishment and then report the event leading to social problems when administrative measures are required.

To solve these problems, some companies have recently begun selling a machine for the verification of real names and fingerprints in Korea. This machine scans a customer's ID card and uses the customer's name and ID number to verify the customer's real name and then verify the customer's fingerprint. Although the machine is expensive, because administrative measures such as fines are a major detriment to business, there are an increasing number of business owners who have purchased the machine to prevent problems.

This machine, however, has problems of its own as it violates Korean data privacy laws. As it collects the customer's private data such as the customer's photo, date of birth, and fingerprint, the customer must agree to this process or revoke his/her consent. Most private data ends up being collected without the customer's consent, however, leading to a serious situation where customers' data is stored on individual PC's and may be exposed to data theft/leakage.

To verify if a minor's ID card is stolen of forged, using a trustworthy UV detector for a visual inspection with the naked eye is most appropriate. If the scene of the inspection is recorded using CCTV and saved, it can be used as evidence for justification if charges are pressed to avoid administrative measures and follow data privacy laws.

You can contact us : uvleddetector@mv21.co.kr

--- Extract of the news report ----
.
.
.
Although 35,000 terminals of this type have been installed at businesses nationwide, almost none of the sites informed customers that their data was being saved.

<Recording> Business employee(voice modified) : "Because it commonly found in other businesses, most people just show their ID to us and scan their fingerprint to enter. We almost never explain the process..."

This is a violation of data privacy laws.

Consent must be given according to data privacy laws for data to be collected and allowances must be made to revoke previously given consent.

Lee Sang-il(Nation Assembly Education, Culture, PE, Tourism Commitee Member)
<Interview> "In accordance with National Human Rights Commission, in order to verify the entrance of minors, only the date of birth needs to be confirmed. Scanning and collecting fingerprints is tantamount to excessive data collection."

Manufacturers of the terminals assert that it is the duty of business owners to ask for consent from customers. After recording started, it was announced that steps to include consent in the program would be pushed for.
-------------------------------------

Click on the following link for more detailed information.


September 19, 2015 / KBS TV