US retail giant Target company attacked by hackers at the end of last year

Since the end of last year, US retail giant Target company was hacked, to China recently exposed Ctrip caused a large number of users of bank card information leaked, in the information security as a global focus of attention, while the public's voice for national regulation is increasingly high. How to regulate the Internet financial field involving information disclosure in China, some examples abroad can provide some experience.

The controversy over the disclosure of information about the company's users has not yet subsided, although the US's second-largest retailer has repeatedly apologized and said it was a victim of cyber attacks, but the Massachusetts prosecutors ' concerns about the company's data security flaws have not dissipated, Target Chief information Officer Beth Jacob has been under pressure to resign recently.

As early as 2012, the Obama administration unveiled the consumer Privacy bill, which includes 7 basic protections, in response to developments in the Internet era. The bill allows consumers to control the types of data that internet companies collect, and internet companies must disclose their plans to use consumer privacy data. These companies must also guarantee and be responsible for the handling of consumer privacy information and must take strong measures to protect privacy information.

The typical example of legislation for information disclosure incidents was the massive credit card information leaks in South Korea in February this year. In March this year, South Korean authorities formally issued a comprehensive plan to prevent the disclosure of personal information in the financial sector. According to the Act, when using illegally leaked customer information, South Korean financial firms will pay 3 times times as much fines as before, with no upper limit;

Not only the United States and Korea, the French law stipulates that the use of a network of other means of counterfeiting other people's identities and using the original information of others to cause harassment of the obligee may be punishable by a one-year sentence and a fine of 15,000 euros; will take legal responsibility for this.

Recently Ctrip leaked user data incident is showing that China's Internet financial supervision is also imperative. From overseas monitoring of Internet information, it is not difficult to see that the relevant government to choose to strengthen the regulation of the method is no more than two aspects: first, to strengthen the punishment of offenders, the second is to the relevant network companies and financial enterprises in the retention of customer information restrictions. Reporters believe that these two aspects of China's regulatory authorities can be used for reference, in particular the United States on the Internet company's laws and regulations, such as the United States related laws and regulations, Internet companies can voluntarily choose whether to use the Consumer Privacy Act of the provisions of the Principles, But internet companies, which have publicly pledged to abide by these principles but are blatantly violating those principles, will face mandatory lawsuits.

On the other hand, the reporter said, such as Ctrip involved in internet finance enterprises, should be the network information security, independent of the special information security company to carry out the operation, and then the government to the corresponding information security companies to strictly monitor. This can make the network information security enough attention, and can make supervision become targeted, and not like today, the separation is the fault of Ctrip technology or net silver fast docking loophole.