South Korean Crime Task Force Targets Customer Data Trafficking in Retail Industry

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By James Lim

Feb. 3 — A South Korean government task force fighting privacy crimes Feb. 1 announced a crackdown on retailers trafficking data obtained illegally from prize competitions and sales promotions.

The announcement by the Government Combined Investigation Unit on Personal Information Crimes came with prosecutors' indictments against officials and employees of the Homeplus store chain owned by Tesco Plc of the U.K. for allegedly profiting from the sale of personal information obtained from customers signing up for bogus prize giveaways organized by the company between December 2011 and July 2014.

According to a statement from the Supreme Prosecutors' Office, the country's third largest mass market retailer—with $10 billion in annual sales from 730 stores nationwide—sold 24 million pieces of personal information obtained without customer consent to insurance marketers for a total gain of 23.2 billion Korean won ($21 million).

The sold data troves included 7.12 million pieces of information solicited from customers who filled out prize contest application forms. The company allegedly collected people's birth dates and family status as well as names and contact information for insurance marketing purposes.

Among the indicted were six former and current Homeplus executives and employees as well as two insurance company officials.

Not an Isolated Case

This is the first time a major retailer has been accused of violating the Personal Information Protection Act in South Korea, but industry officials familiar with retail industry sales practices say that it isn't uncommon that privacy protections are blurred in marketing tactics.

“There are many privacy pitfalls in the marketing activities of retailers operating on the borderline of legal compliance,” an official at the Korea Chain Stores Association, who asked to remain anonymous, told Bloomberg BNA Feb. 3.

The Government Combined Investigation Unit on Personal Information Crimes, which was launched in April 2014 as a task force of privacy crime investigators from the government and the private sector, said it will make recommendations for tightening legal loopholes to prevent data trafficking in the retail industry.

To contact the reporter on this story: James Lim in Seoul at

To contact the editor responsible for this story: Katie W. Johnson at


Request Bloomberg Law: Privacy & Data Security