Personal information security in the age of large data

With the advancement of Technology, the rapid development of Internet and mobile Internet, the advent of the large data era of cloud computing, people's lives are being digitized, recorded, tracked, and disseminated, and large amounts of data are hidden behind huge economic and political benefits. Large data like a double-edged sword, it gives us the interests of society and the individual is immeasurable, but at the same time it brings personal information security and privacy protection issues are becoming a focus of social concern. During the two sessions this year, the maintenance of network security was first written to the government work report. Yang, Chairman and CEO of the CPPCC and Lenovo Group, also called on the government to "legislate on personal information security, strengthen supervision and establish a culture of integrity" in the whole society. Maintaining personal security in the age of large data is the most important.

I. The manifestation of the violation of personal information in the age of large data

(i) Privacy violations during data acquisition

The concept of large data is accompanied by the development of Internet technology, and its data collection means mainly through computer networks. Every time a user clicks on the Internet, input behavior will be in the cloud server left a corresponding record, especially in the current mobile Internet smartphone development background, we are connected to the network every moment, and we are all the time in the network records, these records are stored on the formation of a huge database. From the whole process, it is not difficult to find that the collection of large data is not authorized by the user but private behavior. Many users do not want the data generated by their actions to be collected by internet operators, but they cannot be stopped. Therefore, the unauthorized acquisition of user data without user consent is in itself a violation of personal privacy.

(ii) Violations of privacy in the course of data storage

Internet operators tend to put the data they collect on cloud servers and use a lot of information technology to protect the data. But at the same time, the fragility of infrastructure and the failure of encryption measures create new risks. Large-scale data storage needs strict access control and identity authentication management, but the cloud server connected with the Internet makes this kind of management more difficult, account hijacking, attack, identity forgery, authentication failure, key loss can threaten user data security. In recent years, by the large data economic interests driven by many network hackers targeted at the Internet operators, so that the user data leakage incidents occur, a large number of data by hackers through technical means to steal, to the user to bring huge losses, and greatly threaten the personal information security.

(iii) Violations of privacy during the use of data

Internet operators collect user behavior data for their own benefit, so based on the analysis of these data to a certain extent, it will violate the user's rights. In recent years, due to the rapid rise of online shopping in China, users through the Internet to become a new fashion has become the choice of many people. But at the same time because the network shopping involves a lot of user's privacy information, such as real name, ID number, receiving address, contact telephone, and even the user shopping list itself is stored in the electric Shangyun server, so the electricity merchant becomes the biggest data storage person is also the biggest beneficiary. By analyzing the user's past consumption record and the cross analysis of the users with similar consumption record, the electric dealer can predict your interests relatively accurately. Or the next time you are ready to buy items, so that the ads push these items to the user to promote the user's purchase, no wonder that some netizens jokingly "now know you are not your own, but the electrical business." Of course, we can not deny the use of large data for the benefit of life, but also have to admit that in front of the electricity business users have no privacy. When users want to protect their privacy and exercise their privacy, they find it difficult.

(iv) Violations of privacy in the course of data destruction

Because of the low cost of digital information easy to replicate characteristics, resulting in large data once it is difficult to completely destroy through the simple deletion operation, it will be a long-term process of user privacy infringement. Victor Mayer Schoenberg, the father of Big data, Viktor Mayer-schonberger that "digital technology has deprived society of its ability to forget and replaced it with perfect memory" [1]. When the user's behavior is digitized and stored, even if the ISP promises to destroy the data after a certain period of time, the actual destruction is not complete, and in order to satisfy the requirements of assisting law enforcement, the laws of the country usually stipulate the period of large data preservation, The Internet operators are required to provide the data they need, and the conflict between public power and privacy threatens the security of personal information.

The measures of personal information security protection in large data age

(i) Integration of personal information protection into the protection and normative areas of national strategic resources

In the large data age, personal information is the foundation of Modern business service and network social management, and the large data composed of many personal information is the important strategic resource of studying society and understanding the public sentiment in any country. In recent years, large data use has been no longer confined to the business sector and gradually expanded to political life and other aspects. The State also attaches more importance to the analysis and use of large data to understand the changes in society and the ideas of the people, and even to find out many problems and phenomena in the process of social development, which is more realistic and comprehensive and relatively less costly than the data from the national statistical offices in the past. For example, Taobao released address change data to some extent reveals the migration of our population, this information for the development of our country is vital.

Therefore, it is of great significance to integrate personal information protection into the protection and Planning category of national strategic resources. The 2014 government work report, for the first time, suggested that the expression "maintaining cyber security" meant that cybersecurity had risen to national strategies. This is an important event for the protection of personal information in the large data age of our country, and also has the significance of milestone.

(ii) Legislative work to enhance personal information security

In large data age, it is not enough to protect personal information by technology, and the key is to establish laws and regulations and basic principles to safeguard personal information security. The lack of legislation in this area is very serious in China, we need to actively promote the establishment of personal information security laws and regulations, and strengthen the fight against violations of personal information security behavior. During the 2014 session, the CPPCC members, Lenovo Group chairman and CEO Yang Yang called on the government to strengthen the security of personal information legislation and supervision, has aroused widespread concern and attention of the community, which fully demonstrates that this issue has become an important social problem. I personally have the following suggestions for personal information security legislation: first, the legal status of personal information security must be clarified in legislation. Personal information security and privacy "considering the lack of the law in the general privacy, it is necessary to standardize the privacy of the network to improve the general right to privacy, so first of all through the Constitution clearly stipulates that citizens enjoy the right to privacy. [2] Second, the right basis for collecting data must be clearly defined legally. Because of the frequent infringement of personal information in the process of data acquisition, both government and Internet operators must follow certain principles and bases. The Government's collection of data should conform to constitutional requirements, and Internet operators must agree to collect data. Third, the enactment of a special law on personal information security. The 2003 State Council Information Office commissioned the Chinese Academy of Social Sciences Law Institute of Personal Data Protection Law Research group to undertake the "Personal Data Protection Law" Comparative research topics and the drafting of an expert proposal draft. 2005, the final form of nearly 80,000 words of the People's Republic of China Personal Information Protection law (expert proposal draft) and legislative research report. But so far our personal information protection law has not been enacted, so speeding up the legislative process is imperative.

(iii) Strengthening the administrative supervision of personal information

In the large data era, personal information and privacy are of high economic value, many commercial organizations to use these can seek high commercial interests, so the government's supervision of personal information is particularly important, specifically, should be the development of large data on personal information security standards.

Our country has implemented the first national standard of personal information protection from February 1, 2013--The Personal Information Protection Guide for information Security technology public and business service information System. The most notable characteristic of this standard is that the personal information subject must be explicitly authorized by the individual before it is collected and utilized. This fully indicates that China's personal information administrative supervision on a new level.

(iv) Enhanced technical protection of personal information

Technical means is the most direct way to protect personal information, and also an important supplement of legal means. In the absence of perfect laws and regulations, technical protection is the most important way to protect personal information. But we see the rapid development of modern technology, the level of the infringer is also rapidly improved, the past many technical protection methods have been one by one cracked, which gives China's information industry put forward a very high demand. Therefore, the State and society should give full attention to the innovation and development of information technology, cultivate technical personnel, improve the level of information technology in order to provide protection for personal information.

(v) Strengthening industry self-regulation and supervision

The mutual supervision and supervision of the industry itself is the most effective and lowest cost method for personal information security. Therefore, the relevant departments should organize the enterprises involved in large data to establish relevant industry organizations, and establish standards or conventions within the industry, as well as the rights and obligations of mutual supervision, and provide corresponding funds and policy support to these industry organizations.

The arrival of the large data age has greatly promoted the development of the whole society. The use of large data in all walks of life gives us an accurate understanding of the many things that have been difficult to understand in the past by sampling surveys, so that we can better understand the society and further improve it. We should not deny the benefits of big data, but we should also maximize that benefit. But we should also have a good understanding of the threats to personal information security brought about by large data. Protecting personal information is not only the protection of every member of society, but also the protection of national security and long-term sustainable and healthy development of society.