Courier information is being leaked in large areas

Summary: Records the personal telephone, the home address as well as the real name Express single, is becoming some courier logistics practitioner's income. Recently, a number of media reports, express single information is being a large area of leakage, these express single part Taobao sellers bought brush letter

Records of personal telephone, home address and real name of the Express list, is becoming some express logistics practitioners to make a life. Recently, a number of media reports, express single information is being a large area of leakage, these express single part of Taobao sellers bought brush reputation, there are some criminals bought to do information sources to implement fraud or extortion and other criminal activities.

Personal information security involves each person's privacy and security. Information leakage will bring great trouble to the daily life of citizens, and even endanger the personal and property security of citizens. Last July, a female white-collar worker in Xiamen, Fujian province was killed by burglary, the murderer is through the delivery of information revealed on the list to find.

There are "active leaks" in enterprises

Personal information because of its enormous commercial value, so that some outlaws in the interests driven by various means to illegally acquire, buy and sell the personal information of citizens, and formed a black industrial chain. According to the Ministry of Information Research, nearly 80% of personal information leaked from the owner of the internal crime. Many organizations keep a customer's name, address, telephone and other personal information, but not in the transmission, storage, use and destruction of the link to establish a complete mechanism for privacy protection. For some employees of these institutions, they can easily get their personal information to sell without extra labor.

The enterprise has the duty and the duty to protect the user's information security, however the user's which information needs to protect, how protects, the law does not have the clear standard. Although most enterprises have taken measures to protect personal information to varying degrees, it is difficult to ensure that these measures are implemented in all aspects.

In addition, China's Law on information leakage of the punishment mechanism is weak, lack of deterrence. In China Software Development Alliance 600多万条 user name and password disclosure case, the police found that the security management system and technical protection measures are not put into place is the main cause of user information leakage, but the penalty for the site is only to provide administrative warning.

Among the information leaks, the public is most concerned about the active disclosure behavior of some software providers-without the user's knowledge, using technology advantages to steal user information, and information and advertisers to share and profit from, to achieve maximum business interests. In foreign countries, this will take a very large economic and legal risk. As in August this year, U.S. regulators asked Google to pay a civil fine of 22.5 million dollars, as Google bypassed the privacy settings of Apple's Safari browser to collect information about Internet users and to display targeted advertising.

Legal supervision still exists "main" loophole

Although our country currently has nearly 40 laws, 30 regulations and nearly 200 departments and regulations related to personal information protection, but most of the provisions have adopted a very principled statement, most of which can not be used as the basis for direct decision, operability is poor. As far as the system of law is concerned, the protection of personal information in our country is scattered in many normative legal documents, the content lacks unification, and there is lack of cohesion between each other, which is unfavorable to the application of law. As far as the effect of law is concerned, most of them are administrative regulations, local laws and regulations, and so on, which lack authority and are unfavorable to the treatment of such problems.

February 28, 2009, the 11th session of the NPC Standing Committee seventh meeting passed the "People's Republic of China Criminal Law Amendment (vii)" to increase the provision of personal information crime, which is a landmark of personal information legislation. According to the amendment, add a clause after article No. 253 of the Penal Code, the content is: "State organs or financial, telecommunications, transport, education, medical and other units of the staff, in violation of state regulations, the unit in the performance of duties or provide services in the process of obtaining the personal information of citizens to sell or illegally provided to others, serious circumstances, shall be sentenced to imprisonment for three years or criminal detention, and shall be fined at a single place. Stealing, buying or otherwise illegally acquiring the information, if the circumstances are serious, shall be punished according to the provisions of the preceding paragraph. ”

However, in the real life, in addition to the main body stipulated in the criminal law, real estate companies, property companies, intermediary agencies, education and guidance agencies, hotels, logistics companies and other institutions, and even individuals, the sale of personal information of citizens, illegally provided to others and caused serious consequences of the phenomenon is not uncommon, But these subjects are not included in the scope of the criminal law.

When the personal information protection lacks the specialized legal norm, the enterprise's self-discipline becomes another important means to protect the personal information. It is reported that China's first protection of online personal information industry norms "Information security technology public and business Service information System Personal Information Protection Guide" has been completed in the forthcoming release, the Guide for the processing of personal information including the collection, processing, transfer and deletion of four main links, which also put forward the principle of personal information protection. This principle includes eight items: Clear purpose, minimum use, public disclosure, personal consent, quality assurance, security, integrity and accountability. However, the guide is not a national mandatory standard, only has the guidance function, does not have the strict punishment measure, the request enterprise strictly according to this standard protects the user's information security to be still difficult to realize.

Personal Information Protection law should be enacted as soon as possible

As far as the protection of personal information is concerned, only by making special personal information protection law, strictly monitoring and protecting personal information according to law, increasing illegal cost of criminals and punishing the illegal acts, can we ensure the safety of personal information of citizens.

In the Personal Information Protection Act, the concept of personal information should be defined, and some personal information that should be protected and not protected for a long time should be included in the protection of the law. In addition, in the information age, personal information security of the offender and the status of the victim is not equal, victims know that their personal information has been leaked, it is difficult to know where to leak, because the difficulty of obtaining evidence, the specific tort party, at the same time, in the aftermath of the formation of the victims, it is difficult to eliminate the negative impact on their own. Therefore, the personal information protection law should be clear about the legal responsibilities and obligations of personal information managers to ensure that personal information managers do their duty to manage and protect.

In the regulatory body, our country should establish a special information protection and supervision institutions, requiring information processing to register with the institution and supervise the processing of the message. Under the restriction of national laws and regulations, the personal information security of citizens will be guaranteed and supported fundamentally.

Before the special personal Information Protection Law is enacted, the government can publicize the regulations of information management and promote the national protection of personal information. Individual citizens should enhance the awareness of personal information security protection, actively prevent all kinds of information leakage and fraud, especially the need to strengthen online shopping and trade security awareness. To protect users ' information security is the responsibility and obligation of enterprises, enterprises should increase human, financial and technical input, set up information technology protection means, network security technology means to comprehensively protect the user's personal privacy information, protect the entire Internet industry healthy development.

RELATED LINKS

Information protection

Through third party "regulation"

Since 2010, the United States has attempted to implement the national strategy for the credible identity of cyberspace (draft), hoping to establish a system to "allow users to create a credible identity when online transactions" to protect personal information security. This is actually the establishment of a "Identity attribute provider" channel, as the third party trading platform in the field of electronic commerce, when users register and register on the website, they do not need to provide personal identity information directly to the website, but provide the identity certificate by a third party, which reduces the collection and safekeeping of the information of the network company to the user. Reduce the risk of user information disclosure.

Similarly, France has enacted decrees emphasizing the right to priority of personal information and prohibiting unauthorized collection and use of private information, including personal names, identities, telephones, addresses and other related information. With the society entering the Information Age, in 2006, France revised and refined the original relevant laws and established the National Information Management Committee to supervise the social groups or individuals using private information closely. If you use the industry, you have the information of others, without my consent, the disclosure of privacy information, in accordance with French criminal law can be sentenced to one year imprisonment and a fine of 15000 euros, for the disclosure of privacy information on the reputation of others or other causes of serious damage can be sentenced to 5 years imprisonment and 300,000 euros of fine. In March 2011, the French Internet privacy watchdog issued a 100,000-euro ticket to Google because Google's Street View map and geographic location for social media services violate France's privacy laws.

Extended Reading

Additional Terms

Whether the request for consent is valid

When downloading software or using an electronic product, we often receive an additional clause in the form contract, and the user wants to continue to choose "consent", so the additional clause often contains a lot of content, the user is really willing to "agree"?

October 15 this year, Singapore Congress passed the Personal Information Protection Act. The bill stipulates that an institution or an individual must obtain consent for the collection, use or disclosure of personal data and must provide a channel for individuals to contact or modify their information. Consent is deemed to be null and void if it is not an individual's voluntary consent, but is obtained or leaked by other means, or is sought with an additional clause. In addition, the individual has the right to withdraw after consent.

The Singapore government will also establish a personal Information protection Agency as the principal agency for protecting personal information in Singapore. People can register on a government-established list, and institutions or individuals will be barred from sending spam messages to people on the list. This information includes telemarketing-based telephones, faxes, text messages, and multimedia information, as well as information sent through micro-letters, but not information sent through mobile applications. The Personal Information Protection agency may impose a penalty of no more than $1 million for breaches of the bill, and a spam message to the number on the list, which could face a maximum penalty of 10,000 new dollars.