Nearly 80% of personal information leaked from the internal crime of the information owner

Absrtact: Gao Yan, deputy director of computer and Microelectronics Development Research Center, Ministry of Industry and Information technology. Dialogue background April 12, the Ministry of Industry and Information Technology announces information Security Technologies: Guidelines for the protection of personal information in public and business Services Information Systems (hereinafter "

People files

Gao Yan, Deputy Director, computer and Microelectronics Development Research Center, Ministry of Industry and Information technology.

Dialog background

April 12, the Ministry of Industry and Information Technology announced the "Information Security technologies: public and business Services Information System Personal Information Protection Guide" (hereinafter referred to as "the Guide") has been completed, through consideration, reported to the National Standardization Management Committee. The guide is expected to be introduced this year.

In recent years, the State Council, the Banking Regulatory Commission, the CIRC and other departments have issued personal information protection related regulations nearly 200, but the personal information disclosure cases are still in the recent concentrated outbreak of the trend. In this context, what is the significance of the introduction of the guide, what needs to be filled in the refinement of standards? What are the causes of the lag of legislation? What is the status quo of the public's self-protection and protection consciousness? Recently, the Chinese youth Daily reporter interviewed the "guide" the main drafters Gao Yan.

China Youth Daily: How to view the significance of the introduction of the guide?

Gao Yan: The forthcoming guide is a holistic standard and framework. In this way, individual users and related institutions have the reference standards, the industry authorities can also comb and evaluate the development of the industry.

The guide is a national standard in the field of personal information. On this basis, we also need to introduce specific management requirements, technical requirements and evaluation criteria according to the nature and requirements of various related industries. The industries that deal with personal information include medical, insurance, banking, housing intermediaries, dating sites, and so on. The demand for personal information protection varies from industry to company, and the standards are naturally different. For example, for a hospital, the user's height, weight, etc. is a general information, but on the dating site, these are sensitive information. So, the future is based on the basic framework, there are many details to be filled.

China Youth Daily: Why is legislation in this area stalled?

Gao Yan: In my opinion, the law needs two prerequisites: One is the foundation of the legal provisions, which requires the common recognition of the law academia and the industry authorities and the community. At present, many basic concepts, legislative angles and basis of legal scholarship have not been cleared up in this field.

The second is the introduction of the opportunity, that is, the introduction of the law is there demand. The frequent occurrence of personal information leakage cases and the enhancement of user protection demand have been concentrated in the past two years, thus causing the lag of law. But I think the time is ripe for legislation. We must prevent the information security problem to restrict the future informationization development.

China Youth Daily: There is also the view that personal information protection, collection involves many related fields and departments. It is the interest relations among various industries and departments that have not been cleared up, leading to the stagnation of legislation. What do you think about that?

Gao Yan: Different industries and departments must have their own considerations and needs, there is a dispute exists. It will take some time to draw a line between their respective rights and obligations in the field of personal information.

China Youth Daily: For some users, personal information disclosure will bring about what harm, is still a relatively abstract concept. Public awareness of prevention and self-protection is still weak. Can you give an example of how your address, financial situation, and other information leaks will hurt individuals?

Gao Yan: For example, mobile phone fraud is a common criminal method. In recent years, this criminal method has spawned a new way. When the offender obtains the name of the number and the number of the contact person in the cell phone, it often uses a new number to notify the contact: I changed the number, I am a so-and-so, please Huicun. After receiving such information, we usually do not further confirm the sender of the message. As a result, the number used by criminals replaces the original user's number.

This is just the early stage. After a few weeks, the criminal will use this number to borrow money from the contact person. As a result, the credibility of the entire scam is enhanced. This case is only the tip of the iceberg of the dangers of personal information disclosure. There are also a number of huge business scams that originate from personal information leaks.

China Youth Daily: At present, what is the main channel of personal information leakage?

Gao Yan: In the survey, we found that nearly 80% of the personal information leaked from the information owner's internal crime. But the survey also found that in the internal leakage incident, the leakage of the main body is the individual staff, rather than the relevant agencies. The reason is that for an institution, the return on the sale of user information is disproportionate to the resulting economic and reputational loss. Most companies can still do self-discipline work. But for some individual employees, the revenue from selling user information is really impressive.

This exposes a problem: Because as the information manager's related organization does not carry out its responsibility effectively, only then causes the technical and the management system to have the flaw, causes the customer information to divulge. Therefore, how to remedy these loopholes is the relevant institutions should reflect on.

In recent research, we have found that as managers of information, some institutions lack the minimum awareness of prevention. For example, in their internal cell phones, the use of electronic equipment such as computers should be strictly limited, such as the storage of personal information computer installation location to be aware of, can not be directly out of the screen, such as user information after use, should be done in a timely and complete deletion;

China Youth Daily: Under the background of the current technical and legal protection, what precautions should individual users have?

Gao Yan: At present, individual user's demand for information protection is very strong, but the protection consciousness is generally weak. For example, after copying an ID card, we should write "This ID card for a certain purpose" in four weeks in case someone else uses it. For useless personal information, we should be able to crush or delimit important information. When asked to fill in the address, age, unit, ID number and other information, we should be vigilant in mind: do I need to provide this information? For example, in the mall to do a membership card, in fact, just fill in the name is enough, other information should be refused to provide.

For individuals, the most important information includes identity, property and location. Also, the processing and processing of information, individual users can not participate and control, but the collection and deletion link is that we can improve.