Will the health code reveal personal information? Relevant state agencies will take many measures to protect personal information, which generally will not lead to privacy leakage.
On March 4, at the press conference of the joint prevention and control mechanism of the State Council, the Ministry of Industry and Information Technology encouraged all provinces to strengthen their own prevention and control, promote mutual trust and benefit among provinces, and provide convenience for people returning to work. At the same time, the Ministry of Industry and Information Technology will strictly implement data security and personal information protection measures to prevent data leakage, abuse and other violations.
The government should issue normative documents to ensure that information collection has a legal basis, and at the same time stipulate the protection and use of privacy. Government departments and public security departments should strengthen cooperation and combine self-filled data with state-controlled data.
The administrative department should strengthen the supervision of the platform, establish a disciplinary mechanism and increase the channels for complaints and reports; Strengthen the publicity of popularizing the law and enhance the public's awareness of legal rights protection; Relevant platforms should improve the level of science and technology, strengthen the protection of citizens' information, and prevent the disclosure of personal information from the source.
How to avoid the frequent occurrence of personal data leakage, virtual property theft, virus invasion, data reselling, telecom fraud and other events by health code has caused huge losses to users. At this time, the "health code" involves the personal privacy of hundreds of millions of users, and the information and data it carries are detailed and true. To keep the information security of the "health code" and prevent it from being illegally used, it is necessary to make good use of the "Mishima Pass".
First, the collection of "health code" data should be standardized and properly kept. The user information data collected during the epidemic period is mainly used for epidemic prevention. So as to identify the user's health condition, travel track, etc. This kind of information belongs to the user's personal privacy and can only be collected by the government or designated platforms, limiting the scope of information collection and following the minimum collection plan. And in accordance with network security laws and regulations, strictly keep information and data to prevent the risk of leakage and theft.
Second, the "health code" data should have a scope of use and a time limit. The "health code" is very easy to use. You can know the health status of users by scanning the code. However, at present, there is no uniform standard for the use of "health code" in various places, and there is a risk of abuse and misappropriation. Therefore, it is necessary to establish a unified standard for the use of "health code", which can only be used in public places where users need to check their health status and in areas such as returning to work. At the same time, it is necessary to set the use period of "health code" data, and seal up and destroy the data after the outbreak to avoid the use of the data beyond the time limit.
Third, the "health code" needs to protect users' right to know. At present, all localities have taken compulsory measures when popularizing the Health Law. In order to cooperate with the prevention and control work, users can only passively accept the rules of information and data collection and use, which leaves a hidden worry of infringement for "health code". Therefore, it is necessary to protect users' right to know according to law, clearly inform the data collection scope, use norms and time limit of "health code", and make reasonable information disclosure to avoid exposing users' personal privacy information, so that users can use "health code" with confidence.
Only by controlling the "health code" well and preventing the risk of personal information leakage behind it can we reassure the majority of users and better realize its positive role in epidemic prevention.
Suggestions on the protection of personal information of health code At present, the relevant standards of health code have not been unified, and they are still being explored and improved. When developing, using and managing various "health codes" and "free codes", there are the following preliminary suggestions for the protection of personal information:
1. Personal information should not be directly encoded in the health code in clear text, and personal sensitive information should not be directly encoded in the health code in the form of simple transcoding.
2. The basic rules of informing consent should be followed when generating health codes. When generating health codes, users should be clearly informed of what personal information of users needs to be collected directly or indirectly, and what information of users will be extracted when scanning health codes, and the explicit consent of users should be obtained.
3. The principle of health code generation should be clear and explainable, and only the necessary information needed for health code generation should be collected and obtained.
4. Fully explain the action mechanism and suggested scope of use of health codes in relevant application interfaces to avoid misuse and mixing.
5. Technical measures (such as encryption, authentication, access control, etc. ) Measures should be taken to prevent the health code information from being accessed by unauthorized code scanning clients, and the contents displayed after code scanning can be displayed after the identification of personal sensitive information is removed.
6. Without my consent, no organization or individual may publicly disclose its health code information.
7. Technical measures should be taken to ensure that the code scanning client can only view and use health code data, and cannot save or export it unless approved by the competent department.
8. Set the validity period of the health code. After the expiration of the validity period or actively stop using the health code, delete the relevant personal information in time or properly dispose of it according to law.
9. For those who cannot provide the health code due to no objective conditions (such as no mobile phone and no recent data). ) and the user has doubts about the health code display results, and try to make feasible solutions as much as possible.
10, try to avoid self-built health code related system, but choose the general health code system issued by the relevant departments of epidemic prevention and control to ensure safety and compatibility.
1 1. Enterprises and institutions, as technical services and support for health codes, shall strictly abide by the relevant requirements of authorized institutions, and shall not keep health codes and their related personal information privately or change their use purposes.
It is suggested that users should read the service agreement and privacy policy carefully when registering their health codes when using the health code service, and do not share their health codes in public channels at will. If you find personal information security problems, you can report them to the relevant departments.
How to strengthen supervision based on relevant laws and development trends, prevent data leakage and abuse, respect and protect relevant rights including personal right to know, and eliminate people's privacy anxiety, and put forward the following three reference suggestions:
1, the state should speed up the formulation and implementation of relevant technical standards, standardize data collection, use and enjoyment, strengthen data security management, prevent data leakage, and publish relevant standard documents in time;
2. All health code operators should improve user agreements and privacy policies. Protect users' right to know, and use data legally and in compliance to avoid data abuse;
3. After the epidemic is released, a data deletion mechanism should be established. If it is really necessary to continue to use the relevant data, the purpose of using the data shall be clarified and the citizen's authorization shall be obtained.