Illegal trading of personal information has become a new industry
The Chinese Academy of Social Sciences (CASS) released the "Blue Book on the Rule of Law" on March 2, 2009, which pointed out that the abuse of personal information in China has become increasingly serious with the development of information processing and storage technologies. The Blue Book points out that the continuous development of information processing and storage technology, the abuse of personal information in China is becoming increasingly serious, and the social demand for personal information protection legislation is becoming more and more urgent.
September 2007 ~ December 2008, the Institute of Law of the Chinese Academy of Social Sciences for the protection of personal information for the current situation of the formation of a special group, in Beijing, Chengdu, Qingdao, Xi'an, four cities to carry out research, and the results of the members of the group is quite "alarmed". They summarized the abuse of personal information in China into the following categories:
The first is the excessive collection of personal information. Organizations collect a lot of non-essential or irrelevant personal information beyond the needs of the business they are handling. For example, some merchants require customers to provide information such as their ID number, work organization, education level, marital status, and children's status when applying for a loyalty card; some banks require customers applying for credit cards to provide information about their personal party affiliation, spouse's information, and even contact information, etc.
The first is excessive collection of personal information.
The second type is unauthorized disclosure of personal information. Institutions disclose the personal information of others without legal authorization, without their permission, or beyond the necessary limits. For example, in some places, the names, home addresses, work units, and offenses of pedestrians and non-motorized traffic offenders are made public; some banks disclose the names, identification numbers, and mailing addresses of those who are in arrears through their websites and the relevant media; and some schools disclose the reasons for the absences of their students and teachers on their campus networks, or publish the details of poor students without authorization.
The third type is unauthorized provision of personal information. Relevant institutions provide the personal information they hold to other institutions without legal authorization or the consent of the person concerned. For example, banks, insurance companies, airlines, and other institutions enjoy customer information among themselves without the customer's authorization or beyond the scope of authorization***.
Worse still is the illegal trade in personal information. Investigations have found that a large number of homeowners' information, stockholders' information, businesspeople's information, car owners' information, telecom users' information, and patients' information have been peddled in society, and a new industry has been formed. For example, after an individual goes through the procedures of purchasing a house, a car, or being hospitalized, the relevant information is sold by the relevant organizations or their staff to housing agents, insurance companies, mother and child enterprises, and advertising companies.
The survey found that while the vast majority of people believe they have the right to know about the existence of their personal information, and that they can request compensation for losses caused by misuse, many do not believe they have the right to refuse to provide the information.
42.5 percent of respondents told the panel that they had encountered situations in which their personal information had been mishandled by organizations. However, the group believes that this figure only reflects to a certain extent the situation of those who clearly feel that their personal information has been misused, and does not reflect the situation of those who are unaware of the misuse of their personal information.
The respondents generally felt that there are many problems with the handling of personal information by the organizations concerned. For example, the use of personal information is not clearly communicated; much of the information is not relevant to the business to be handled; the organization uses personal information beyond its original purpose; and the organization's mechanism for keeping personal information is inadequate, with the possibility that the information may be leaked or tampered with. This situation also exists in considerable numbers in government agencies.
In the course of the survey, many respondents expressed their desire for the organizations concerned to delete some or all of their information. This is because they either no longer receive their services or are frequently harassed by phone calls and e-mails. "The misuse of personal information is threatening my peace of mind, life and property safety, and making myself feel stressed or in a bad mood." One respondent said.
It should be noted that only about 4 percent of the respondents whose personal information had been misused had made complaints or filed lawsuits. Factors that make it difficult or discourage the public from making complaints or filing lawsuits include: not being able to determine which organizations are responsible, not being able to determine what organization to complain to or against whom to file a lawsuit, not being able to obtain strong evidence, and the cost of filing a complaint or filing a lawsuit being too high.
Even when remedies such as complaints or lawsuits were taken, only 8.1% of the people obtained remedies or achieved their goals, while the rest were either left unattended because the organizations that handled the personal information were shirking their responsibilities or stalling, or gave up halfway through the process in anticipation of not being able to obtain remedies through a complaint or a lawsuit.
The panel believes that this result has a lot to do with the fact that there are deficiencies in the existing regulations on personal information protection. Due to the lack of specialized regulations on the protection of personal information, there are questions about what principles should be followed in personal information processing activities, what rights the subject of information has in personal information processing activities, how to sanction information processors who misuse personal information, and what agency is responsible for enforcing the law.
In addition, the various existing regulations are generally limited to prohibiting the disclosure of personal information, but the rights of the subject of personal information to be informed, to consent, to request the correction of erroneous information and the deletion of unnecessary information, and even to obtain remedies in the collection, preservation, and utilization of information have hardly been recognized.
Almost all of the public surveyed were in favor of strengthening legislation on personal information protection (99.3%), and hoped that government agencies would strengthen law enforcement on personal information protection, crack down on misuse of personal information (99.3%), and set up a specialized agency responsible for investigating and punishing misuse of personal information (93.8%).
February 25, 2009 - The draft amendment (VII) to the Criminal Law, which was submitted to the seventh meeting of the Standing Committee of the 11th National People's Congress for the third review, adds that if a unit sells or illegally provides personal information of citizens obtained in the course of performing its duties or providing its services, the seriousness of the situation will be punished by criminal law.
The second review of the draft stipulates that a person who sells or illegally provides to others personal information of citizens obtained in the course of performing duties or providing services by a state organ or a staff member of a financial, telecommunication, transportation, education or medical unit under aggravating circumstances shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, and shall be sentenced to a fine or a single fine.
Deliberations, some members of the Standing Committee and the department proposed that the unit engaged in the above behavior is also more serious, should be added to the provisions of the unit crime, so the draft added provisions: unit of the above criminal behavior, the unit shall be sentenced to a fine, and its directly responsible for supervisory personnel and other directly responsible personnel, in accordance with the provisions of this paragraph.
Exposure of the source of spam
-Operators: the mention of sending advertising text messages, account managers are quite cautious. Jinan Mobile's attitude is somewhat veiled, but in other mobile companies in Shandong Province, as soon as the mention of sending commercial advertising road SMS, the staff are very straightforward.
-keyword: cell SMS: In order to be able to improve the speed of SMS sending, some mobile companies also use a way - cell SMS. Cell SMS is to use the base station as a sending center to send SMS to the mobile users in the area covered by the base station.
Blacklist: In addition to the geographical restrictions on sending, they also have some special treatment for some special users. It may involve some high-level leaders are generally prohibited to send, there are blacklists will be directly filtered.
The illegal information is sent as it is: this is a foreign company that writes VAT invoices and so on. In the business hall of the Texas Mobile Company, the director of this Ma is enthusiastically for the information sent to the matchmaking.
Takeaway message: not only is the mobile company sending spam, there are some advertising companies they work with that can also send spam.
Telecommunications and other organizations that illegally sell citizens' personal information will be subject to criminal penalties
According to the report, the State Council has commissioned experts to draft a Personal Information Protection Law since 2003, and in 2005 the experts' draft proposal was completed and submitted to the State Council for consideration, initiating the legislative process for the protection of personal information. In the annual "two sessions" of the National People's Congress, there are deputies to the National People's Congress to raise their voices. This is a considerable degree of reflection, China's citizens personal information has been leaked and abused to a fairly serious degree, and has even become a social nuisance, speed up the pace of legislation, the development of personal information protection law to the point of no delay.
Prior to this, China's laws have no special provisions on personal information. In the past & lt; General Principles of Civil Law & gt; Article 101 on the protection of personal privacy, "Citizens and legal persons enjoy the right to reputation, the dignity of the citizen's personality is protected by law, it is prohibited to damage the reputation of citizens and legal persons by insulting, defaming and other means." Such a general and vague provision is too principled and lacks operability. As for the Supreme People's Court on the implementation of the General Principles of Civil Law on a number of issues of the opinions (revised) recognized by the "right to privacy", only when the personal information has been infringed upon, and the actual damage has occurred, you can claim compensation for the liability of tort, such protection is not timely, convenient, nor effective enough.
On August 25, 2008, the draft amendment (VII) to the Criminal Law (hereinafter referred to as the draft), which was first submitted for consideration, specifically added provisions to clearly stipulate that if a staff member of a state organ or a unit of finance, telecommunication, transportation, education, or medical care violates the state's regulations, sells or provides to another person personal information of a citizen that was obtained in the course of performing his/her official duties or providing services, or unlawfully obtains the said information in a serious situation by stealing or buying, the situation is very serious. illegally obtaining the said information in a serious manner, shall be held criminally liable.
The collection and storage of personal information by authorities and public ****service units is intended to improve the quality and efficiency of administration and public ****service, but on the other hand, it also makes it possible for personal information to be leaked. More than 50 countries or regions in the world have enacted laws on the protection of personal information, and it is common practice to protect personal information by limiting the means of public power. Against this backdrop, the draft is very relevant to criminalize the infringement of citizens' personal information. The role of criminal law is also limited to preventing, deterring and punishing criminal behavior. Existing criminal law provisions are focused on regulating public power, and even the most powerful criminal law can do nothing about behavior that has not yet violated the criminal law. The combination of criminal law and personal information law, and even the formation of information protection laws and regulations is the fundamental change of information protection disorder environment.
In terms of the protection of online privacy, China is still in a situation where there is basically nothing to rely on. Network infringement of privacy is mainly concentrated in the collection, processing, transmission and utilization of personal information. To summarize, the infringement of network privacy is mainly manifested in: illegal access, transmission, use of personal data, illegal intrusion into the user's private space, interference with private activities, as well as disrupting the user's personal network life peace and order, and so on.
On this issue, only the Ministry of Information Industry on November 7, 2000 issued the "Internet electronic bulletin service management regulations" mentioned that "electronic bulletin service providers shall keep the personal information of Internet users confidential, and shall not disclose it to others without the consent of the Internet users", and violators of this provision shall be ordered to rectify by the telecommunication administration. Telecommunications regulatory agencies shall order correction, causing damage or loss to Internet users, shall bear legal responsibility.
1.3 million examiners information called
1.3 million exam information 15,000 sold
December 2014 graduate list data packet a **** there are 1.3 million pieces of information, all of which is the year of enrollment in the examination of students, covering the whole country. Packaged to sell 15,000 . In order to prove the authenticity of the data in the database, graduate school information "seller" posted a screenshot of some of the graduate school student information. As you can see from the screenshot, in addition to the name of the candidate, gender, can buy the information also includes cell phone number, landline number, ID card number, home address, zip code, school, apply for professional and other sensitive information, very detailed. As for where this information comes from, the seller is not willing to say more .
In the face of the current environment, enterprises should increase in information systems related to network information security prevention of investment, the establishment of a specialized security team; if their own lack of relevant professionals to maintain, they should be outsourced to the network security maintenance of professional security companies to do.