100 -day action | Corporate business abide by law, data security and unsatisfactory

On September 1, 2021, the Data Security Law of the People's Republic of China was officially implemented, and the data security had a "protective cover" supported by the legal system.

Since 2022, in order to comprehensively investigate and rectify the hidden dangers of network security risks, further strengthen network security management, implement the requirements of the "Hundred Days Action" deployment of the Ministry of Public Security, and promote the "100 -day action" in summer public security strikes in the summer. Based on the "Data Security Law", the department has strengthened supervision and inspection, blocked the hidden dangers of data security, and provides solid security guarantees for citizens' personal information, corporate business data, and other important sensitive data.

Data leakage caused by a "vulnerability"

Recently, the Jiangsu Wuxi.com department found that in the daily inspection, it was found that information systems such as "Network Freight Data Upload Platform" and "intelligent monitoring and dispatching systems" used by an information technology Co., Ltd. have multiple high -risk vulnerabilities such as passwords and over -rights.

After on -site inspection, the company's two systems have tens of thousands of drivers' names, ID numbers, phone numbers, freight orders, vehicle trajectories, etc., and due to the existence of high -risk vulnerabilities, the data in the system can be downloaded directly.

Due to the timely discovery of the public security organs, and the company actively cooperated with the implementation of rectification, it did not cause serious consequences. According to Article 27 and 45 of the Data Security Law, Wuxi.com shall order the unit to order rectification within a time limit.

"Robbing" on the Internet's company business data

In early August, the Jiangsu Wuxi Netan department found that a network security inspection on a technology Co., Ltd. found that the company's daily purchase and collected entire network recruitment information was stored directly on the company's database server, involving more than 90 databases, data 4.4T together More than 89 million can be accessed and downloaded directly.

It is further understood that the company not only did not establish a data security management system during the data processing process, but also did not take any measures to ensure data security.

According to Article 27 and 45 of the Data Security Law, Wuxi.com departments shall give the company an administrative warning and punishment and order correction within a time limit.

The system test cannot ignore data security

At the beginning of August, when the Jiangsu Wuxi.com department conducted a network security inspection of a self -control technology Co., Ltd., it was found that the company had a hidden data leakage in the newly launched system.

After investigation, the company did not pay attention to the major security vulnerabilities that have notified the early warning of the public security network security department when testing a software, resulting in the data in the information system can be easily obtained.

According to Article 27 and 45 of the Data Security Law, Wuxi.com departments shall give the company an administrative warning and punishment and order correction within a time limit.

2022 Hundred Days

Data secure

1

Data is a new type of production element and a national basic and strategic resource.

2

Data security is not only about personal and units, but also national security and public safety.

3

Everyone is responsible for maintaining data security.

Source: Network Security Bureau of the Ministry of Public Security

Disclaimer: Reproduced this article out of the purpose of passing more information and conducive to the law of law. If there is an error or infringe your legitimate rights and interests, the author is requested to contact the Law of Qinghai with the authority. We will correct and delete it in time. Thank you.

- END -