Personal information security incidents in China are endless

Absrtact: National People's Congress, Guangdong Mobile general manager Zhong Tianhua March 7 News, the NPC deputies, Guangdong Mobile general manager Zhong Tianhua recently published its "on strengthening personal information security protection Recommendations" (hereinafter referred to as the "recommendations"), he said, with the global

NPC representative, Guangdong Mobile general manager Zhong Tianhua

March 7 News, NPC representative, Guangdong Mobile general manager Zhong Tianhua recently published its "Personal Information security Protection Recommendations" (hereinafter referred to as the "recommendations"), he said, with the rapid development of global information and mobile Internet, personal information security issues gradually highlighted, phone message fraud, theft and trafficking of personal information , spam messages and other illegal crimes are rampant, personal information security has become the relationship between the development of information consumption, people's well-being, social harmony and stability of the strategic issues.

Personal information security incidents in China are endless

Zhong Tianhua in the proposal, on the one hand, information consumption contains enormous economic benefits, information leakage of criminal activities have a greater profit-making space; On the other hand, information consumption involves production, manufacturing, sales, warehousing, logistics, payment and other links, personal information security protection chain is longer and more difficult.

At present, personal information security incidents are endless, the information security situation is not optimistic. "The Internet is very good, hackers also think so," according to the "2013 Chinese Netizens Information Security Status study report" shows: in the second half of 2013, 74.1% of domestic netizens encountered information security problems, because of information security incidents caused by personal economic losses of 19.63 billion yuan. China is currently the main victim of cyber attacks, only in November 2013, offshore trojan or zombie program control of domestic servers close to 900,000 host IP. Violations of personal privacy, damage to the legitimate rights and interests of citizens have occurred. With the advent of the mobile internet era, smart phones will also face Super mobile Trojan, traffic consumption Trojan, hackers through mobile phone remote video surveillance and other personal information security threats. In 2012, for example, the United States used the "Earthquake virus" virus to bring about the paralysis of Iran's main nuclear facilities, and the 2013 "Prism" program was a complete exposure to global public communication and network behavior;

He pointed out in the "suggestion", this year, the Spring Festival popular "micro-letter" Red envelopes are exposed to "fake red envelopes", "Fishing red envelopes" and other security risks. In addition, express, banking, telecommunications, real estate agents, hospitals, hotels, job search, car, buy insurance, handle membership cards, questionnaires, etc., have become personal information leakage channels. For example, October 2013, Yuantong Company's express single message by mass traffic, at the end of 2013, "Check open room" site will be 20 million open room privacy public.

The system of personal information security protection in China needs to be perfected

Zhong Tianhua in the recommendation that at present, more than 50 countries and regions in the world have enacted relevant laws to protect personal information, while in our country, although the criminal law of 2009 will disclose personal information, there are also regulations on personal privacy in the general rules of civil law, "Consumer Protection Law" The personal information is protected as a consumer's rights and interests confirmed, but these laws on personal information security protection norms are relatively fragmented.

It is reported that earlier, the NPC Standing Committee adopted the "Decision on strengthening the protection of network Information" for the follow-up of relevant administrative regulations to provide a basis, but compared with the developed countries, our country's information security protection legal system is still in its infancy, legislation, law enforcement, legal popularization process still to be further advanced, The universal legal precaution consciousness and the information security education popularization still need to ascend.

Recommended to strengthen industry regulation and regulation

He presented several suggestions for strengthening personal information security, including:

One is to improve the personal information security protection system. To promote the Personal Information Protection Act as soon as possible legislation. According to the principle of "who operates, who is responsible", the personal Information protection of government departments, finance, telecommunication, transportation, education, medical, intermediary and other units shall be strictly stipulated to protect personal information security comprehensively. In order to disclose and resell personal information, the illegal acts should be severely combated by law, increase the cost of violating the personal information security, enhance the deterrent force of law, and make personal information "obtain according to law, spread according to law and use according to law". Promote the overall management of personal information security. Under the leadership of the Central network security and information construction Leading group, we should break the management pattern of "Jiulong water control" and establish a cooperative management mechanism across departments, cross-industry and cross enterprises to strengthen the protection of personal information security. For example, to strengthen the "radio spectrum resources" management, multisectoral linkage, increase the "pseudo base station, telephone fraud" and other violations of the crackdown.

The second is to strengthen the regulation and supervision of the industry. To develop industry norms, strengthen the various types of personal information of the government units, enterprises and individuals to standardize the management, clear their responsibility and obligation to protect personal information security, standardize the collection of personal information, storage and use behavior, clear the relevant personal information should be deleted in time after use; for the act of disclosing personal information, Take stringent industry punitive measures. To promote self-discipline in the industry, strengthen the guidance of personal Information Service industry, actively promote industry self-discipline, improve personal information protection, form self-improvement, self-improvement mechanism, and jointly maintain user's personal information security. To strengthen the supervision of the industry, it is suggested that the government departments should strengthen the testing and certification of products and services involving personal information according to law, encourage the establishment of THIRD-PARTY security assessment and monitoring mechanisms, and strengthen the monitoring and management of personal information contact interface, circulation link and communication channel.

Third, enhance the personal information security protection technical ability. Increase the support of policy funds, strengthen the information security industry, enterprises, projects, support, encourage enterprises to develop high security business and products, from the source to strengthen the network security protection, and continuously improve the level of network security. Strengthen the research and development of information security technology, through the establishment of special Incentive Fund and other ways, to guide State organs, scientific research institutions, enterprises to strengthen the study of information security issues, and vigorously promote the cloud computing, IoT, mobile Internet and other areas of hardware and software security technology innovation and application.

Four is to improve the whole society's personal information protection consciousness. Strengthen the publicity of personal information protection, strengthen the public's personal information security protection awareness, avoid disclosing personal identity card number, bank card number, home address and other important information, and actively guard against all kinds of information leakage and fraud. Perfecting the social supervision system of personal information security, perfecting the information security reporting mechanism, encouraging the news media and the public to expose and report the illegal use of personal information, and to implement prevention to form a good atmosphere for the whole society to protect personal information security.