Many South Korean crypto exchanges lack key privacy certification, report finds

A significant number of cryptocurrency exchanges in South Korea, a country with over 10 million crypto investors, have not obtained the comprehensive Information Security Management System-Privacy (ISMS-P) certification, Decenter reported, citing a study by the Korea Internet & Security Agency (KISA). According to the report, of the six coin-only exchanges that renewed their Virtual Asset Service Provider (VASP) licenses with the Financial Intelligence Unit (FIU) this year, five hold only the basic ISMS certification, which lacks personal information protection requirements. Among the major exchanges that support trading in the South Korean won, Gopax was also identified as not having the more stringent ISMS-P certification. Hwang Seok-jin, a professor at Dongguk University's Graduate School of International Affairs and Information Security, noted that recent security breaches at telecom firms, credit card companies, and even Upbit, the nation's largest crypto exchange, have increased public anxiety. He advised that exchanges should enhance their security standards beyond legal mandates by obtaining ISMS-P certification and separating the roles of Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO).