Who is responsible for the leakage of personal information?

 Who is responsible for the leakage of personal information?

This seems to be an industrial chain. In the data exchange group, some people sell resumes, some sell enterprise accounts of recruitment websites, and others help to authenticate face information.

As for the act of selling personal information, Liu Junhai, director and professor of the Institute of commercial law of Renmin University of China, told the economic observer that this is a serious infringement. If the circumstances are serious or constitute a crime and cause serious damage to consumers, criminal responsibility shall be investigated according to law. Civil liability, administrative penalty and criminal liability go hand in hand. It does not mean that an apology or compensation for losses can be exempted from liability. If a crime does not constitute a crime, administrative penalty shall be imposed, and criminal responsibility shall be investigated if a crime is constituted.

So, who is responsible for information leakage? The legislation of personal information protection is starting. How can people find a balance between digital development and personal information protection?

Who is responsible for information leakage

The reporter contacted the netizens selling resumes, and the other side said, these data are all resumes downloaded by our own company. They are accurate data, which have not been typed in the first hand. The other side claims to be from an education company and is trying to sell the reliability of the data. They collect resumes from several well-known job search websites and then screen the data. The data is mainly used for telemarketing. He also has face data information with three cents in each, but the kind of ineffective and low conversion rate.

In addition to resume, there are people selling online transaction data, car owner information, and takeaway app business information. The person selling the owners information said that the data source was internal. The price is 0.4 yuan / piece. It can be tested. 50-100 items are provided according to 0.5/piece. Pay first, determine the purchase quantity after the test, and the test will be free of charge.

Economic Observer reporter obtained part of the data content shows that the information includes vehicle series, model, vehicle model, customer name, dealer and other information, very specific and detailed.

In personal information, financial information has an important attribute, and illegal elements reselling of financial information is easy to cause subsequent property infringement. Judging from the previous cases, there are often cases in which bank employees violate the criminal law for selling customer information and are punished for infringing on citizens personal information.

In September this year, the criminal judgment of the peoples Court of Lengshuitan District, Yongzhou City, Hunan Province, released by the judicial document website, showed that the outsourcing personnel of No.1 Branch of China Construction bank embezzled the operation code of management personnel by taking advantage of their positions, secretly checked 3678 personal credit reporting reports, sold them to a small loan company with a profit of 36000 yuan, and finally committed the crime of infringing on citizens personal information, and was sentenced to three years, Suspended for three years.

It is worth noting that Yuantong Express employees leakage of customer information has aroused concern again. According to Handan police information, relevant suspects rent Yuantong companys internal employee system account at a daily cost of 500 yuan, and then log into the system account to enter the companys logistics system, export express information, sort out the stolen express information, and sell it to the whole country and Southeast Asia through wechat and QQ Such as telecom fraud high incidence area.

In each case, the selling information is about 1 yuan. The leaked information includes the senders address, name and telephone number, as well as the recipients telephone number, name and address. The number of leaked information actually exceeds 400000 pieces, and the amount involved in the case is more than 1.2 million yuan. What is leaked is identity information, including name, telephone number and other information. According to the judicial interpretation on the crime of infringing on citizens personal information issued by the Supreme Peoples court and the Supreme Peoples Procuratorate on June 1, 2017, this constitutes the disclosure of sensitive information as mentioned in the criminal law, and more than 50 articles will be punished. Zhu Wei, deputy director of the communication law research center of China University of political science and law, told reporters.

Xiao SA, director of the law society of China bank, said to reporters that in the case of illegal disclosure of user information by company employees, the most direct responsible person is the illegal employees themselves. According to article 253-1 of Chinas criminal law, Whoever, in violation of the relevant provisions of the state, sells or provides personal information of citizens to others, if the circumstances are serious, he shall be sentenced to fixed-term imprisonment of not more than three years or If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined. . The direct actor who divulges the user information needs to bear the corresponding responsibility, besides constituting a criminal offence, he also needs to bear the civil liability for compensation.

At the same time, Xiao SA said that the most noticeable issue in such incidents should be the company. Should the company be responsible for the illegal acts of its employees? Judging from the general life experience, the responsibility is individual, and the illegal and criminal behavior of employees will not be related to the company. However, in the field of personal information protection, we believe that the company has the obligation to properly collect, keep and use the users personal information. Therefore, in this incident, the company should also bear certain responsibility.

The legislation of personal information protection is on the way

On October 21, the highly watched personal information protection law (Draft) (hereinafter referred to as the draft) was published on the website of the peoples Congress of China, and began to solicit opinions from the society.

The publication of the draft has aroused widespread heated discussion, which shows the publics ardent expectation for this law. Ernst & young team said that on the one hand, the draft of the personal insurance law highlights the core of the voice of todays Network Era - that individuals have the right to control their own information; on the other hand, following the network security law, it further stipulates the management responsibilities and obligations of enterprise operators in promoting the healthy development of economic and social informatization and safeguarding the basic rights of the people. After the release of the draft, it plays a leading, regulating, protecting and relieving role for personal information. It plays a good role in punishing offenders, compensating victims, rewarding defenders, warning the industry, educating the society and comforting the public Liu Junhai thinks.

As for the publication of the draft, Xiao SA said to reporters, first of all, in terms of jurisdiction, our personal information protection has a long arm, that is, the so-called extraterritorial effect. In the current technological revolution, cross-border violations of personal information are increasing, and the cross-border effect of the personal information protection law can provide powerful weapons for personal information. The second is to link up with the civil code, clear the content of personal information, clear rights and obligations is the premise of the good implementation of the law. Finally, in the responsible departments, it points out that the national network and information department is responsible for the overall coordination of personal information protection work and plays an overall and coordinated role. This can avoid the possibility of inefficiency in cross law enforcement.

The personal information protection law should be more precise, more grounded, and more consistent with problem orientation, goal orientation and result orientation. Liu Junhai told reporters that there are many platforms and enterprise authorities introducing e-government technology, but there are still loopholes and blind areas in the protection of personal information. Liu Junhai told reporters, for example, that his personal business registration verification procedures in the process, also encountered telecommunications phone harassment. Generally, in the process of e-government processing, it is necessary to ensure that I handle it, and the verification procedures generally need to cooperate with the third-party verification unit. However, whether the protection measures of the third-party verification are in place deserves attention, and attention should be paid to the protection of biometric information and personal identity information.

How to balance digital development and personal information protection

While digitization brings convenience to life, information leakage also emerges in an endless stream. From the existing legal and regulatory level, what measures can be taken to prevent and regulate such behavior?

Liu Junhai said: first of all, he hopes that Internet platforms, e-commerce, social media and other app software developers who have access to information should be cautious and self-discipline, think about what is good, and build an information-friendly corporate governance system and internal control system. To make big data, big data comes from the personal information of consumers. We must adhere to the principles of legality, legitimacy, necessity, confidentiality and security, and shall not obtain personal information at will without the consent of consumers.

Second, the market will fail, and regulators can not fail. We hope that the personal information protection law will strengthen the supervision measures, increase the intensity of administrative punishment, closely handle the connection mechanism between administrative punishment and administrative responsibility, and introduce the mechanism of collaborative governance.

With the development of the times, digitization is an irresistible and irresistible trend of the times. On the prevention of personal information leakage, Xiao SA believes that there are three aspects: the first is the individual level. The introduction of the civil code of personality rights laid the foundation for the awakening of citizens awareness of individual rights. In the process of using digital to facilitate personal life, citizens must adhere to the awareness of rights, choose carefully and be responsible for every click.

Finally, at the level of administrative supervision, law enforcement agencies need to actively exercise their functions and powers. In the field of personal information protection, the most reliable backing is the administrative agencies, and the final safe haven is the administrative organs. It is necessary for multi departments, multi angles and multi-level to establish a complete system to maintain personal behavior and prevent information leakage.

Zhu Wei believes that the main measures include legislation and technology: first, legislation. Now, from one law, one decision, to the personal information protection law (Draft), then to the Civil Code, and then to the criminal law system and the new regulations issued by the state cyber information office, these years constitute a personal information protection with the core of one law, one decision and personal information protection law Second, innovation from the perspective of technology. For example, blockchain technology is used in many places, which can not be tampered with and has traces. Third, we should increase the intensity of punishment, severely punish according to law, and punish those who violate the law. In addition, in the infringement of personal information, such as human flesh search and other acts, regardless of the seriousness of the plot, should bear the corresponding responsibility according to law.

Source: Economic Observer: Wang Xiaowu, editor in charge_ NF