Illegal purchase of citizen information, development of face authentication circumvention technology... At the beginning of this year, the network security department of Guangdong Provincial Public Security Department cracked the first new network crime case in China that cracked the "youth anti addiction system", arrested 13 criminal suspects and investigated more than 500 illegal websites.
Since the Ministry of Public Security deployed the "Net 2021" special action, the network security departments of the national public security organs have cracked down on illegal collection, provision and reselling of personal information throughout the chain, investigated more than 5400 cases and captured more than 6400 criminal suspects; We severely cracked down on crimes of destroying computer information system data and illegally obtaining computer information system data, investigated more than 230 related cases, and arrested more than 420 criminal suspects.
Data security concerns the personal rights and interests of citizens, the healthy development of industries and even national security. On September 1, the Data Security Law of the People's Republic of China was officially implemented, and data security entered the track of legalization. "From bringing the data security of individuals, enterprises and public institutions into the security system to regulating the data security protection obligations of industry organizations, scientific research institutions and other subjects, the Data Security Law has established a comprehensive supervision, governance and protection of the data field." Ding Xiaodong, associate professor of Renmin University of China Law School, said.
Personal information - whole chain and whole process supervision
Once you have handled a fitness card, you will repeatedly receive the phone number of card promotion and free trial; Once I bought a product on a shopping platform, I will receive a wave of discount push every holiday... Big data, cloud computing, the Internet of Things and other technologies are developing rapidly. While the network brings convenience to people's lives, it also brings about real problems such as illegal collection of personal information, user data leakage and so on.
In April this year, an Internet user reported to the police of Zhongwei City, Ningxia, that someone in Shapotou District was selling personal information of citizens online. The police successively arrested 6 suspects in Cixi, Zhejiang, Zigong, Sichuan, Lanzhou, Gansu and Shapotou District, Zhongwei, Ningxia. The criminal suspect Wang Moumou confessed that since June 2020, he and his partner Ren Moumou have illegally invaded several online loan platforms through hacker technology to steal the personal information of citizens in the system, and then sold the illegally stolen data in bulk. By the time of the crime, the criminal gang had sold more than 1 million pieces of personal information of citizens.
The Data Security Law clearly stipulates that any organization or individual shall adopt legal and legitimate methods to collect data, and shall not steal or obtain data in other illegal ways.
"The Data Security Law regulates the collection, storage, use and provision of personal information data in the whole chain and process." Huang Daoli, director of the Network Security Law Research Center of the Third Research Institute of the Ministry of Public Security, said that the data security law provides an important legal guarantee for the public security organs to crack down on and punish violations of citizens' personal information, reselling personal data and other illegal and criminal acts in the whole chain, which will be more conducive to the implementation of the network security level protection system and the all-round protection of personal information security.
Enterprise data - normalization of security protection
"A large amount of data is gathered and circulated in the business process of enterprises. In particular, some leading Internet enterprises have ed the in-depth data of their own industries, which not only releases the value of data, but also brings data security risks." Ding Xiaodong introduced.
When downloading a new app, you need to check the "Agree" privacy policy, which is not only to protect users' personal information, but also to restrict and supervise the collection of personal information by app developers.
In October last year, Guizhou Guiyang Public Security Bureau Cyber Security Detachment received a report from the superior that three APPs registered and used by an education technology limited company in Guizhou had illegally collected citizen information data to varying degrees. It is found that the company's APP has no privacy policy and rules for the collection and use of personal information, and the user's consent is solicited in an implicit way such as the default choice of privacy policy when the user logs in for the first time; There is no effective function to correct, personal information and log off the user account.
In September this year, the network security team of the Public Security Bureau of Kaiyang County, Guizhou Province, found during the inspection of the local website that a tourism company commissioned an online company to build its website in 2016. The then responsible person of the enterprise directly placed the background management entrance of the website on the web page for the convenience of management, and there was a weak password vulnerability. The public security organ ordered the person in ge of the enterprise to directly close the website and cancel the existing expired domain names.
In two cases, two enterprises failed to perform the supervision and protection of data security, resulting in data information security vulnerabilities to varying degrees.
Huang Daoli said that regardless of the size of various websites and APPs, the relevant responsible persons and operators should carry out network security inspections in a timely manner in accordance with laws and regulations, and fulfill the obligations of network security protection.
"The data security law clarifies the responsibility of enterprises in protecting data security, and puts forward strict requirements for the data security of enterprises. In the future, the data security protection of enterprises will be gradually normalized." Ding Xiaodong said.
Public agency data - give full play to and guarantee its role as basic resources
In January this year, the network security department of Nanjing Public Security Bureau in Jiangsu Province investigated a case in which the hospital's internal information system was illegally obtained data. After investigation, the criminal suspect bought the hardware equipment maintenance personnel of the hospital, installed the hacker tools in the internal system of the hospital, illegally stole the system account password, obtained the patient treatment data of multiple hospitals, and sold them to the relevant medical practitioners. It is found that criminal suspects have illegally obtained millions of patient information data.
"Medical representatives have a strong demand for medical data, which has led to the criminal act of buying and selling medical data, and exposed the loopholes in the hospital's supervision and protection of medical data." Pu Tiangao, deputy head of the Network Security Corps of the Jiangsu Provincial Public Security Department, said that the phenomenon of private data leaking through public institutions has occurred frequently in recent years. Due to the imperfect supervision and accountability system, public institutions have some loopholes in the process of information data management, giving opportunities to lawbreakers.
According to the Statistics of China Government Data Governance Development Report (2021) jointly released by the School of Public Administration of Tsinghua University and the China Electronic Information Industry Federation, 130 provincial, sub provincial and municipal governments have launched data open platforms by the first half of 2020. The data open platform has gradually become the standard configuration for local digital government construction and public data governance. In recent years, China has continuously promoted the construction of a network power, a digital China and a smart society. The implementation of the data security law will give full play to and guarantee the role of data as basic resources in public institutions while standardizing data activities, and promote the improvement of public services.
"The data security law not only restricts the illegal collection and abuse of data, but also protects the information use of data providers and the public. It promotes the further improvement of data rules based on data openness, data protection, data flow, etc., so that data can truly become the blood of digital economy and social development." Ding Xiaodong said.
"Next, the public security organs will promote the security protection of key information infrastructure and network security level protection, strengthen the supervision of data security protection, and crack down on illegal and criminal activities that endanger data security." Wang Yingwei, director of the Internet Security Bureau of the Ministry of Public Security, said.
