yesterday, a passenger using the mobile phone to scan your own ticket information. By the scanning software available to train two-dimensional code containing ID information. Newspaper reporter Pu peak photo
Recently, the Ministry of Industry under the China Software Test Center revealed that the personal information they jointly drafted by more than 30 units of information security technology, the information systems of public and commercial services Protection Guide “has been officially accredited, is approval of the national standards.
Security Co-ordination of the Ministry of Industry, deputy director Ouyang Wu Jieshao to carry out this guide for industry self-regulation provides a good reference, developed a code of conduct for businesses handle personal information. According to reports, China’s IT protection is not optimistic, and even the formation of the black chain to use personal information to engage in illegal profits. In particular, the end of last year revealed that the Internet’s largest leaks, and the protection of personal information to the cusp.
many developed countries have already begun the protection of personal information and legislative work. China in recent years launched a personal information protection-related work.
last year, the National Information Security Standardization Technical Committee on the development of the Personal Information Protection Guide. This committee is principally engaged in the information security standardization work, the current director of part-time by the Ministry of Industry Vice Minister Yang Xue Shan.guide the full name of the
protection of personal information is information security technology, public and commercial services information systems, personal information protection guidelines, standards, led by the Ministry of Industry under the China Software Test Center, the joint drafting of nearly 30 units .
revealed that the center’s executive vice Renhuang Zi River, the Guide is still waiting for the approval of the text, but its final release should be “just around the corner. But this guide is not a national compulsory standards.
personal information with immediately delete
the lack of special laws in the security of personal information specification, an industry standard has become the hope of the industry.
“Last year, the formal adoption of the review, approval of national standards, the China Electronic Information Industry Development Research Institute, China Software Testing Center Director Rowan through the standard this year to expand the protection of personal information systems.
“Personal Information Protection Guide on the handling of personal information, including collection, processing, transfer and delete the four main aspects, which also put forward the principle of protection of personal information. Ouyang Wu Jieshao,
Security Co-ordination of the Ministry of Industry, deputy director of this principle include the purpose, use at least, open and informed consent of the individual, quality assurance, security, integrity honor and accountability, eight “
” least used “principle is to obtain the amount of information of a person, to meet the purpose of the use on the line.
Yellow River, for example, some sites this is to do a small thing, and allows the user to fill, including home address, phone number, including a lot of information, this is not consistent with the principle of “least used”.
“security” is to be personal information managers collect personal information necessary to establish a personal information protection system, clear lines of responsibility and internal management processes, as well as to address the risk of leakage of personal information.
China Software Test Center, deputy director of high-Chi Yang estimated that 70% -80% of the leakage of personal information is the internal modus This is the principle of “security” did not implement.
He said that some commercial companies to master a lot of personal information management system oversight, internal staff without authorization will be able to obtain customer information.
in accordance with the Personal Information Protection Guide, after the collect personal information session to inform the “purpose” to immediately delete personal information.
Times, he was an airline website to purchase tickets, use the telephone to pay staff to collect his payment information: name, ID number, credit card numbers and credit card last three high-Chi Yang,
bit payment number. The ticketing successful.
However, over time the tickets go, the other asked him, “four in the end you can still use the card number is **** the credit card payment? If it is, just tell me you can
“(company) information.” March 26, Ko Chi-Yang recounted, shaking his head.
high Chi-Young said he experienced airline telephone booking the experience, the airline the booking purpose is reached, the failure to delete the customer information.
information protection guidelines non-mandatory standards
“for economic benefit, no benefit can not afford early.” High Chi-Young estimates, at present, no industry does not exist to information disclosure .
such as pregnant women giving birth home, just over the phone selling milk, and the patient checked the body, the checklist not understand the pharmaceutical companies has been called to sell drugs to.
China Software Testing Center researcher Liu Tao personal information metaphor of “a lot of money for the the papered bank can easily be cracked by the hackers.” According to their findings, the public is most concerned about the financial, telecommunications and other fields personal information security.
worrying, this guide standards are not mandatory standards, not even the recommended standards, the standards will industry play a much normative force remains to be seen.
China Software Testing Center, assistant director Zhu Xuan said that the personal information security and national standards are technical guidance documents. ”
national standards are divided into three, a mandatory standard, recommended standards, a guidance document, the standard can be used as a reference. National compulsory standards in the field of food safety and more.
However, the Yellow River, the standard applies in addition to various organizations and institutions outside the government agencies and other public administration duties, especially telecommunications, medical and other issues involving sensitive personal information more service agencies.
■ status quo
hard to constraint the leakage of personal information
the Ministry of Electronic Science and Technology Information Institute, deputy director Liu nine such as statistics, there are nearly 40 legal, 30 remnants and regulations, as well as nearly 200 regulations involving the protection of personal information, including regulating Internet information requirements, the provisions of the medical information, personal credit management procedures.
and a lot of laws and regulations for personal information, however, more scattered, low level of laws and regulations. “Lau Kau said.
Criminal Law Amendment (g) is considered one of the landmark event of the personal information legislation.in 2009
, the Criminal Law Amendment (g) to determine the sale of illegally providing personal information of citizens “,” illegal access to personal information of citizens “charges, the first time the personal information of citizens into the scope of criminal law protection provisions should be investigated for leakage, theft and sale of the personal information of citizens behavior of criminal responsibility.
However, this offense is the main state organs, such as finance, telecommunications, transportation, education, medical units staff. In addition, there are agencies and units of the Internet companies, real estate companies, property companies, automobile manufacturers, hotels, public accounting firm grasp of personal information.
many of the legal profession, criminal law is not a clear definition of the offense, this provision further improve and perfect space.
In addition, experts believe that the law on information disclosure is not enough punishment mechanism. CSDN (Software Development Union)
some time ago, the police have uncovered more than 600 million user name and password leak case, “the current date on the website is punishable only by an administrative warning, too light, this penalty almost no deterrent. “administered by the Beijing University of Science and Technology Institute Professor Mei Shaozu said.
Mei Shaozu that, if in foreign countries, large-scale users such as information disclosure, at least there should be economic sanctions.
in 2009, the passage of the Tort Liability Act “, so that the” human flesh search “responsibility for violations of the rights of victims identified to have a unified legal regulation, if the site is to ignore the shielding of the victim, delete requirements is necessary to jointly and severally liable.
However, PR China, Academy of Social Sciences researcher, said, “Criminal Law” and “Tort Liability Act, all belong to the post relief supervision of the whole process, to network security and personal information in the Internet age more effective.
personal information security law is not into the legislative process
“personal information security law” is not never try to break the ice.
of Industry and Information Technology Vice Minister Yang Xue Shan memories, April 2003, the State Council Informatization Office is dedicated to the research topics of personal information legislation deployment expert draft of the Personal Information Protection Act 2005 has been submitted . However, the legislative proposals have been unable to enter the formal legislative procedures.
to participate in the expert opinion is issued Mei Shaozu said the text from the State Council Informatization Office reported to the State Council Legislative Affairs Office, the reason can not enter the formal legislative procedures are very complicated, mainly from urgency in terms of not too concerned about this issue.
Mei Shaozu admitted, should always be prioritized, relevant departments will be considered, but taking into account the reality of China’s personal information leakage and theft, violation of personal privacy and personal information transactions are worse and worse. develop that may affect the entire social and economic activities, “I think have already been made of the urgency of each level may not feel the same, some people think is not so urgent”.
the Ministry of Industry Vice Minister Yang Xue Shan advocated speeding up legislation.the share: welcome the , comment I want to Comments the
Previous 1 Next
Recommend | microblogging microblogging hot today