skip to main contents skip to main menu
KOTRA Trade-Investment Promotion Agency buy korea For Seller Inverst KOREA
Korean

FOREIGN INVESTMENT OMBUDSMAN

FOREIGN INVESTMENT OMBUDSMAN

Korean

Government Legislation

  • Enforcement Decree of the Credit Information Use and Protection Act
    • Competent Ministry : Financial Services Commission
    • Advance Publication of Legislation : 2020-03-31
    • Opinion Submission Deadline : 2020-05-11

(1) Reasons for Proposal

In accordance with the amendment to the Credit Information Use and Protection Act (promulgated on Feb. 4, 2020, to enter into force on Aug. 5, 2020), this proposal aims to prescribe delegated matters necessary for enforcement of the amended Act, etc.

(2) Major Provisions

A. Requirements to Obtain Permission for Credit Information Business, Personal Credit Information Management Business (MY DATA) (Article 6)

Prescribe detailed personnel and physical facility-wise requirements for persons wishing to obtain permission for credit information business or personal credit information management business.

B. Requirements to Obtain Approval for Change in Majority Shareholder of Credit Information Companies, etc. (Article 9)

Prescribe requirements to obtain approval for change in majority shareholder of credit information companies, personal credit information management companies or claims collection companies and application procedures, application contents, application review periods, etc. for application to obtain approval of change in majority shareholder.

C. Requirements in Reviewing Qualifications of Majority Shareholders (Article 9-2)

Exclude specialized personal credit evaluation companies among personal credit evaluation companies from companies subject to review of majority shareholder qualifications, and prescribe requirements, etc., in reviewing qualifications of majority shareholders.

D. Combined Management of Credit Information Companies, Personal Credit Information Management Companies, Credit Investigation Companies, and Claims Collection Companies (Article 11)

Prescribe in detail the scope of work eligible for combined management through licenses and permits, etc., granted under other Acts, etc., according to characteristics of each business such as personal credit information management businesses and electronic document transmission work.

E. Additional Work of Credit Information Companies, Personal Credit Information Management Companies, Credit Investigation Companies, Claims Collection Companies (Article 11-2)

Prescribe in detail the scope of work eligible for additional work which may be carried out in addition to the proper work according to characteristics of each business such as advertising, promotions, and consulting with respect to financial products.

F. Prohibition on Use of Similar Names (Article 11-3)

Enable persons to use words such as ‘credit evaluation’ or ‘my data’ in their trademarks or names even though they are not credit information companies, personal credit information management companies or claims collection companies where credit evaluation companies according to the Financial Investment Services and Capital Markets Act use words such as ‘credit evaluation’ in their trademarks or names or where national administrative agencies according to the Government Organization Act have been acknowledged to use words such as ‘my data’ in their trademarks or names.

G. Requirements for Collection of Disclosed Information without Consent (Article 12-2)

Prescribe that the scope of disclosed information eligible for collection without consent from the owner of credit information shall be those for which consent of the relevant owner of credit information has been objectively deemed to have been given after considering the nature of the disclosed personal information, the form and scope of the disclosure, the deducible intent and purpose of the owner of credit information in disclosing such information, the personal information processing format, relevancy between the collection purpose and disclosure purpose, etc.

H. Combination of Information Groups (Article 14-2)

Prescribe criteria on combining, providing, and storing information groups that shall be complied with by credit information companies, etc., and third parties intending to combine information groups when they combine data through specialized data institutions, and newly insert that specialized data institutions have obligations to regularly report combination related matters.

I. Exceptions to Deletion of Disadvantageous Credit Information (Article 15 (4))

Recognize as exceptions to the rule that disadvantageous credit information shall be deleted within a maximum period of five (5) years from the date the grounds giving rise to the disadvantage have been solved, cases where integrated credit information concentration institutes perform investigation or analysis for public benefit or where it is necessary for credit information providers/users to register the grounds for termination of transaction in the integrated credit information concentration institutes such as extinguishment of obligation or exemption from debt, etc.

J. Inspection of Personal Credit Information Management and Protection Status (Article 17 (6))

Prescribe in detail the scope of credit information companies, etc., with obligation to regularly inspect personal credit information management and protection status and prescribe that such companies shall conduct inspections at least once a year and submit the results to the Financial Services Commission after reporting to their representatives and Boards of Directors.

K. Period for Storage of Pseudonymous Information (Article 17-2 (3))

Enable pseudonymous information processors to store such information for the period determined when processing after considering the managerial, physical and technical protection standards regarding additional and pseudonymous information, impact on information owners when pseudonymous information has been made re-identifiable, probability of re-identification, purpose of use, minimum period required for achieving such purpose, etc.

L. Action Rules for Credit Information Companies and Personal Credit Information Management Companies (Articles 18-3 through 18-6)

Prescribe in detail action rules to be complied with by credit information companies and personal credit information management companies.

M. Collection of Credit Information by Personal Credit Information Management Companies (Articles 18-6 (3) through (7))

Prescribe that personal credit information management companies shall not collect credit information to be delivered to owners of credit information by directly storing, etc., access mediums, that credit information providers/users may mutually identify, certify, and check personal credit information using a pre-determined method agreed between the transmitting entity and the receiving entity, and that credit information shall be transmitted via encryption using commercial encryption software or safe algorithms.

N. Personal Credit Evaluation System Verification Committee (Article 22-3)

Enable the personal credit evaluation system verification committee to deliberate on matters such as the results of analysis on processing of public petitions regarding personal credit evaluations and sole proprietor credit evaluations, prescribe qualifications of the head of the verification committee and committee members, and prescribe in detail the deliberation cycles and procedures, etc., of the committee.



Regulatory effect assessment
  • 신용정보법 규제영향분석서 최종.hwp [download]
Legislative proposal (draft)
  • 신용정보의 이용 및 보호에 관한 법률 시행령 일부개정령안.hwp [download]
Kotra - Korea Trade-Investment Promotion Agency
Foreign Investor Aftercare Office, 6th floor, Invest Korea Plaza, 7, Heolleungno, Seocho-gu, Seoul, 06792, Republic of Korea TEL : 1600-7119
Copyight(c) All Rights Reserved. OFFICE OF FOREIGN INVESTMENT OMBUDSMAN [OFIO], KOTRA