Kakao carries out its duty and responsibility to protect users' privacy with the privacy protection governance.
Kakao conducts a privacy impact assessment on user services to secure personal information.
It aims to eliminate risk factors in advance by closely examining observance of the law throughout the process of service planning, modifying and closing, as well as effects on users' personal information.
Kakao conducts various precautionary inspections such as security vulnerability checks, security coding, and code review in order to maintain the level of security above that required by law.
All Kakao services are periodically checked for vulnerabilities from the pre-planning stage, before the service release, to the closing stage.
Precautionary Inspection: Kakao conducts various precautionary inspections such as security vulnerability checks, security coding, and code review in order to maintain the level of security above that required by law. Kakao will exert the utmost efforts to provide secure service by enhancing security and proactively responding based on new trends and technologies.
Kakao's personal data processing system and a membership database are maintained under strict access control. Only the minimum number of authorized users can access after going through a strict process. Each responsible person judges the necessity based on the scope of work, grants access, and monitors authorized personnel and intrusion detection system that blocks all unauthorized access attempts. Kakao has installed, managed, and operated a server firewall to protect sensitive information.
Kakao analyzes and monitors the access and handling of personal information while recording and storing the history of permission requests, changes, and deletions. Kakao immediately withdraws unnecessary permissions through periodic reviews. As a leading data company, Kakao is equipped with data privacy pledges required from its employees. In order to enhance privacy awareness among employees, Kakao has offered privacy protection training more than twice a year. Moreover, malicious code-finder programs are installed on employees' PCs to detect and confront malware.
Kakao's 24/7 Security Control Center operates a dual monitoring system run in parallel by Kakao and independent experts. We immediately identify causes and effects upon detecting abnormal symptoms such as massive login attempts from a particular IP in the course of providing various services.
In case of detecting privacy data spill, Kakao has established a procedure to notify the damaged party of such fact and report it to the authorities concerned under the relevant laws and regulations. Kakao has always made it a rule to provide countermeasures and counseling contacts along with notification of privacy data spill. We also inform users of necessary instructions, such as remedy procedures, to minimize user damages. Besides, we will seek for the best countermeasure that minimizes damages incurred to our users, by closely discussing the scale and details of an issue with the relevant authorities.