Who is responsible for the leakage of personal information?

category:Finance
 Who is responsible for the leakage of personal information?


This seems to be an industrial chain. In the data exchange group, some people sell resumes, some sell enterprise accounts of recruitment websites, and others help to authenticate face information.

As for the act of selling personal information, Liu Junhai, director and professor of the Institute of commercial law of Renmin University of China, told the economic observer that this is a serious infringement. If the circumstances are serious or constitute a crime and cause serious damage to consumers, criminal responsibility shall be investigated according to law. Civil liability, administrative penalty and criminal liability go hand in hand. It does not mean that an apology or compensation for losses can be exempted from liability. If a crime does not constitute a crime, administrative penalty shall be imposed, and criminal responsibility shall be investigated if a crime is constituted.

So, who is responsible for information leakage? The legislation of personal information protection is starting. How can people find a balance between digital development and personal information protection?

Who is responsible for information leakage

The reporter contacted the netizens selling resumes, and the other side said, these data are all resumes downloaded by our own company. They are accurate data, which have not been typed in the first hand. The other side claims to be from an education company and is trying to sell the reliability of the data. They collect resumes from several well-known job search websites and then screen the data. The data is mainly used for telemarketing. He also has face data information with three cents in each, but the kind of ineffective and low conversion rate.

In addition to resume, there are people selling online transaction data, car owner information, and takeaway app business information. The person selling the owners information said that the data source was internal. The price is 0.4 yuan / piece. It can be tested. 50-100 items are provided according to 0.5/piece. Pay first, determine the purchase quantity after the test, and the test will be free of charge.

Economic Observer reporter obtained part of the data content shows that the information includes vehicle series, model, vehicle model, customer name, dealer and other information, very specific and detailed.

In personal information, financial information has an important attribute, and illegal elements reselling of financial information is easy to cause subsequent property infringement. Judging from the previous cases, there are often cases in which bank employees violate the criminal law for selling customer information and are punished for infringing on citizens personal information.

In September this year, the criminal judgment of the peoples Court of Lengshuitan District, Yongzhou City, Hunan Province, released by the judicial document website, showed that the outsourcing personnel of No.1 Branch of China Construction bank embezzled the operation code of management personnel by taking advantage of their positions, secretly checked 3678 personal credit reporting reports, sold them to a small loan company with a profit of 36000 yuan, and finally committed the crime of infringing on citizens personal information, and was sentenced to three years, Suspended for three years.

According to a criminal judgment issued by the peoples Court of Zoucheng City, Shandong Province, during May 2018, Yang, as the business director of the E-marketing center of Shanghai Pudong Development Bank, obtained more than 200000 pieces of customer personal information by taking advantage of his work, which was illegally provided to a company for telephone marketing; at the same time, Li, an employee of the e-commerce company, after processing and sorting out the information, paid a price of 0.3 yuan per piece It was sold to a third person, Li Xiaohong, who then sold the personal information to Chen to carry out telephone fraud.

It is worth noting that Yuantong Express employees leakage of customer information has aroused concern again. According to Handan police information, relevant suspects rent Yuantong companys internal employee system account at a daily cost of 500 yuan, and then log into the system account to enter the companys logistics system, export express information, sort out the stolen express information, and sell it to the whole country and Southeast Asia through wechat and QQ Such as telecom fraud high incidence area.

In each case, the selling information is about 1 yuan. The leaked information includes the senders address, name and telephone number, as well as the recipients telephone number, name and address. The number of leaked information actually exceeds 400000 pieces, and the amount involved in the case is more than 1.2 million yuan. What is leaked is identity information, including name, telephone number and other information. According to the judicial interpretation on the crime of infringing on citizens personal information issued by the Supreme Peoples court and the Supreme Peoples Procuratorate on June 1, 2017, this constitutes the disclosure of sensitive information as mentioned in the criminal law, and more than 50 articles will be punished. Zhu Wei, deputy director of the communication law research center of China University of political science and law, told reporters.

Xiao SA, director of the law society of China bank, said to reporters that in the case of illegal disclosure of user information by company employees, the most direct responsible person is the illegal employees themselves. According to article 253-1 of Chinas criminal law, Whoever, in violation of the relevant provisions of the state, sells or provides personal information of citizens to others, if the circumstances are serious, he shall be sentenced to fixed-term imprisonment of not more than three years or If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined. . The direct actor who divulges the user information needs to bear the corresponding responsibility, besides constituting a criminal offence, he also needs to bear the civil liability for compensation.

At the same time, Xiao SA said that the most noticeable issue in such incidents should be the company. Should the company be responsible for the illegal acts of its employees? Judging from the general life experience, the responsibility is individual, and the illegal and criminal behavior of employees will not be related to the company. However, in the field of personal information protection, we believe that the company has the obligation to properly collect, keep and use the users personal information. Therefore, in this incident, the company should also bear certain responsibility.

The legislation of personal information protection is on the way

The publication of the draft has aroused widespread heated discussion, which shows the publics ardent expectation for this law. Ernst & young team said that on the one hand, the draft of the personal insurance law highlights the core of the voice of todays Network Era - that individuals have the right to control their own information; on the other hand, following the network security law, it further stipulates the management responsibilities and obligations of enterprise operators in promoting the healthy development of economic and social informatization and safeguarding the basic rights of the people. After the release of the draft, it plays a leading, regulating, protecting and relieving role for personal information. It plays a good role in punishing offenders, compensating victims, rewarding defenders, warning the industry, educating the society and comforting the public Liu Junhai thinks.

At the same time, due to the enrichment of administrative penalties and the expansion of regulatory measures, it will also activate the administrative protection function of the regulatory departments for consumers, Liu said. Firstly, the responsibilities of Internet enterprises, especially Internet platforms, will be further compacted; secondly, the supervision and protection of personal information by administrative supervision departments will be further strengthened; thirdly, peoples courts and arbitration institutions will find more legal basis for the judgment of civil disputes arising from personal information infringement. In other words, the Actionability, adjudication and enforceability of the personal information protection law are worth looking forward to. This makes all the chains and links of the Internet industry, including Internet platform, e-commerce, social media and other app software developers, into the adjustment track of the personal information protection law, which is good for the development of Internet economy and personal information protection, and is also an important gas station for the sustainable development of digital economy.

As for the publication of the draft, Xiao SA said to reporters, first of all, in terms of jurisdiction, our personal information protection has a long arm, that is, the so-called extraterritorial effect. In the current technological revolution, cross-border violations of personal information are increasing, and the cross-border effect of the personal information protection law can provide powerful weapons for personal information. The second is to link up with the civil code, clear the content of personal information, clear rights and obligations is the premise of the good implementation of the law. Finally, in the responsible departments, it points out that the national network and information department is responsible for the overall coordination of personal information protection work and plays an overall and coordinated role. This can avoid the possibility of inefficiency in cross law enforcement.

The personal information protection law should be more precise, more grounded, and more consistent with problem orientation, goal orientation and result orientation. Liu Junhai told reporters that there are many platforms and enterprise authorities introducing e-government technology, but there are still loopholes and blind areas in the protection of personal information. Liu Junhai told reporters, for example, that his personal business registration verification procedures in the process, also encountered telecommunications phone harassment. Generally, in the process of e-government processing, it is necessary to ensure that I handle it, and the verification procedures generally need to cooperate with the third-party verification unit. However, whether the protection measures of the third-party verification are in place deserves attention, and attention should be paid to the protection of biometric information and personal identity information.

How to balance digital development and personal information protection

While digitization brings convenience to life, information leakage also emerges in an endless stream. From the existing legal and regulatory level, what measures can be taken to prevent and regulate such behavior?

Second, the administrative punishment mechanism can not be combined with the administrative punishment, and the supervision mechanism can not be strengthened.

Third, it is necessary to improve the complaint reporting mechanism of consumers, unblock the channels for consumers rights protection, reduce the cost of rights protection, ensure that the benefits of rights protection are higher than the costs of rights protection, ensure that the illegal costs are higher than the illegal gains, and strengthen the fence of personal information protection.

Secondly, each market subject, each enterprise in pursuit of efficiency, must consciously bear social responsibility, clear obligations to protect citizens personal information. On the one hand, reasonable collection and use of citizen information can create economic value and facilitate other social members to form a win-win situation. On the other hand, we should formulate a standard and reasonable behavior regulations to prevent the emergence of individuals who ignore their responsibilities for the sake of interests.

Finally, at the level of administrative supervision, law enforcement agencies need to actively exercise their functions and powers. In the field of personal information protection, the most reliable backing is the administrative agencies, and the final safe haven is the administrative organs. It is necessary for multi departments, multi angles and multi-level to establish a complete system to maintain personal behavior and prevent information leakage.

Zhu Wei believes that the main measures include legislation and technology: first, legislation. Now, from one law, one decision, to the personal information protection law (Draft), then to the Civil Code, and then to the criminal law system and the new regulations issued by the state cyber information office, these years constitute a personal information protection with the core of one law, one decision and personal information protection law Second, innovation from the perspective of technology. For example, blockchain technology is used in many places, which can not be tampered with and has traces. Third, we should increase the intensity of punishment, severely punish according to law, and punish those who violate the law. In addition, in the infringement of personal information, such as human flesh search and other acts, regardless of the seriousness of the plot, should bear the corresponding responsibility according to law.

Source: Economic Observer: Wang Xiaowu, editor in charge_ NF