GWACHEON, KOREA, April 19, 2021 /24-7PressRelease/ — A Protestant pastor in Korea has been charged with violation of the Personal Information Protection Act and sentenced to two years of probation and 360 hours of community service.
The Daejeon church pastor posted a list of names and personal information of over 4,500 members of a different church in Daejeon, Korea called Shincheonji Church of Jesus.
The list was allegedly from 2007, but according to Shincheonji Church the list had been shared from the Daejeon church pastor to other pastors in Korea as well. This list included names and also resident registration numbers (much like social security) of the members.
The leak of Shincheonji members’ information came after an investigation by Korean officials on a localized COVID-19 outbreak in a Daegu Shincheonji church location in February of 2020.
The outbreak occurred when an unknowing and asymptomatic COVID-19-positive Shincheonji member (“Patient 31”) attended a worship service with other church members. At the time, the Korean President had deemed worship services safe to attend without restriction and no regulation had been put in place on mask-wearing. As soon as “Patient 31” was found to be positive, Shincheonji moved all their services and meetings online to avoid more virus spread. Within the coming weeks, it was found that about 5,000 members of the Daegu church had tested positive for COVID-19.
Korean officials launched an investigation onto the church’s response to the outbreak. In order to conduct contact tracing, the government requested lists of all members’ personal information, including unrelated church locations and overseas missions. The officials deemed the lists incomplete or falsified, but it was later found after court trials that church leaders were innocent of violating laws or the Infectious Disease Prevention Act.
However, some of the lists with personal information were leaked (including from the Daejeon church pastor) and had widespread effects. Because many Korean media outlets label Shincheonji as a cult, a sect or otherwise secretive organization, many Korean citizens already have a negative view of the church. The leak of this personal information caused many Shincheonji members to be “outed” to their families or co-workers without their consent. After this leak, over 5,500 reports were made of human rights violations on Shincheonji people, including dismissal from jobs, physical attacks and ostracization from family members.
South Korea boasts some of the strictest Personal Information protection laws of democratic countries. The Personal Information Protection Act (PIPA) enforced by South Korea states that use of personal data without obtaining consent is only permitted if used “within a scope that is reasonably related to the original purpose of collection” and “after considering whether the data subject’s rights would be infringed upon and/or measures to secure the integrity of the personal information have been properly taken.” Shincheonji argues that obtaining personal information from unrelated members or members overseas is not “reasonably related to the original purpose of collection”. They also mention that investigators did not consider the human rights implications of the data collection.
Other democratic countries also have strict penalties associated with releasing private information, including the United States. According to the NY Social Security Number Protection Law enacted in 2008, first-time violators could get up to a $100,000 fine for releasing multiple social security numbers at one time. Federal social security laws in the United States enforce a penalty of at least $1,000 for small-scale Social Security number leaks and up to 1 year in federal prison.
# # #