Does the personal information Security specification make our information more secure? _ Test

In recent years, the app defaults to check the protocol, a large number of users to collect privacy rights, improper and third-party sharing and lead to information leakage phenomenon, often. In the age of the Internet, how do you protect your information as a user who is forced to use part of the privacy exchange for convenience? When the company collects your information, how to inform and obtain your consent. When it comes to sharing data with a third party, what kind of confirmation should you make?

The above issues in the formal implementation of the May 1, "Information security technology personal Information Security Code", have detailed provisions. This national standard is applicable to the regulation of individual information processing activities of various organizations, and put forward a clear security requirements.

The main drafters He Yenjie told the south reporters, the norms in the content of only less than 100 articles, the personal information protection of the most effective measures to express clearly, easy to enterprise and user understanding absorption.

Some experts to the South have said that for users, the norms of the greatest value lies in the collection of personal information, use, sharing and disclosure of specific details made provisions. "If users don't even know the basics of data collection and use, it's hard to maintain their interests," he said. ”

Attention 1

Break the "package" mandate and implement functional distinctions

The specification requires that personal information controllers carry out personal processing activities, including the six basic principles of choice of consent, minimum sufficiency and transparency.

In particular, the enterprise shall not collect too much information about the type and quantity of the user's personal data which is not related to the product business function, and should express and disclose the purpose, manner, scope and rules of the information processing, and solicit the consent of the user and accept the external supervision.

Attention 2

To be used in excess of the stated purpose, to be delegated

When the platform collects the personal information, in the use and the processing link, also has the detail which needs to inform the user.

In accordance with the requirements of the specification, in addition to the purpose required, the use of personal information should eliminate the clear identity directivity, to avoid accurate positioning to specific individuals. In addition, the use of personal information shall not exceed the scope of a direct or reasonable association with the purposes claimed for the purpose of collecting personal information. For business needs, it is necessary to exceed the above scope to use personal information, should again obtain the personal information subject express consent.

In March this year, Facebook broke out on a massive data leak, due to a personality analysis test software promoted by the Cambridge Analytics company on the Facebook platform. In the name of "paid psychological research", the app collects more than 87 million Facebook user data, including details such as address, age, work experience, interpersonal network, preferences, etc.

However, the data were turned into commercial by the Cambridge Analytics company without the user's knowledge. In this leaked incident, Facebook was blamed for sharing user data with third parties, without limiting and guaranteeing that the data was not abused by third parties.

Attention 3

"An emphasis on cancellation of accounts"

In addition to emphasizing the user's rights in the above-mentioned personal information processing activities, the specification also states that the user also has the right to access, correct, delete, withdraw consent, obtain a copy of personal information, and cancel the account.

For the definition of deletion, the specification stipulates that "the removal of personal information from the system involved in the implementation of day-to-day business functions, so that it remains inaccessible, access status." In other words, according to the requirements of the specification, the platform should fully guarantee the user's right to cancel.

So:
1. Do you pay attention to protect your personal information? Give me a chestnut or talk about your practice.

2, if the account can be written off, you will go to write off some of the unused accounts.

3, for the "personal information security norms," You have anything to say.