Weizhong Bank report: How can over 80 % of users encounter personal information leaks?

Economic Observation Network reporter Hu Qun "Personal Information Protection, as one of the important issues of ESG, is also an important aspect of public evaluation of ESG performance. Enterprises need to improve their own data governance capabilities, optimize the service experience to ensure the user's personal information security, reduce the user’s user Increased and troublesome, avoid potential risks, and improve sustainable development capabilities. "On July 11, Weizhong Bank's" ESG 丨 Personal Information Protection Special Research Report "(hereinafter referred to as" Report ") showed that 82.5%of users I have encountered personal information leaks, but it is not clear how to deal with it.

In the digital economy, personal information protection is particularly important. At present, the digital economy is becoming the focus of GDP growth, and the legal system of the digital economy has become improved. However, it is impossible to ignore that in the era of the digital economy era, high -frequency, high -speed, and high -density information communication transmission has brought convenience to people's lives and brought some troubles. Forced collection, over tracking, illegal acquisition, illegal leakage, illegal trading, and data abuse of personal information related data have occurred from time to time, which has caused many adverse effects.

The status quo of personal information leak still needs to be valued

The digital economy has become the focus of my country's GDP growth. On July 8th, the "China Digital Economic Development Report (2022)" released by the China Institute of Information and Communication shows that the number of Chinese digital economy in 2021 reached 4.55 trillion yuan, an increase of 16.2%year -on -year, accounting for 39.8%of GDP.

For ordinary residents, mobile phones can be operated conveniently in the scenes of online shopping, mobile payment, video entertainment, travel, and financial management in life. Various personal information of users, carry out business and enhance the user experience.

In order to further promote the digital economy, my country has introduced a number of laws. On November 1, 2021, my country's "Personal Information Protection Law" was officially implemented. It, with the "Network Security Law" and "Data Security Law", constructed and improved my country's more complete, comprehensive and systematic system in the field of information protection and network security. Legal protection system.

In addition to the law, the National Internet Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security and other departments have issued a series of departmental regulations and standardized documents, as well as national standards and industry standards related to information security related to information security in recent years. Council -processing personal information provides an operation guidance, and also provides a basis for government law enforcement.

In the financial field, the CBRC attaches great importance to the protection of consumer rights and interests. On May 19, 2022, the "Draft for Consumer Rights Protection Management Measures for Consumer Rights Protection of Bank Insurance Institutions" was released, including the requirements for personal information protection mechanisms. , Use, transmit consumer personal information, etc. to protect consumer information security rights. "

However, the status quo of personal information leakage in my country still needs to be valued. The "Report" shows that 82.5%of users have experienced personal information leaks, of which 12.9%of them have encountered more than 10 personal information leaks, especially in terms of house purchase, car purchase, decoration, training registration, e -commerce shopping, etc. Advertising phone disturbance.

The "Report" shows that after personal information security is violated, users' response methods are single: Most users take black interception and other methods to avoid harassing fraud calls, but it is not clear how to communicate with companies that cause information leakage, and even do not know which ones. The company leaked personal information and did not understand the relevant regulatory complaint report channels.

How to deal with personal information leakage caused by their own interests? Legal experts in the "Report" given three solutions:

Option 1: Complaints and reports to market supervision and management departments, consumer associations, online information departments, industrial and information departments, etc.

Option 2: Report the case to the public security organs. The Criminal Law clearly stipulates the crime of infringing the personal information of citizens. If the unit or individual violates the relevant state regulations, sells or provides personal information of citizens to others, and constitutes the crime of violating citizen information, shall bear criminal responsibility.

Option 3: Prosecute to the court. Individuals can also ask the court in accordance with the laws such as the Civil Code and the Personal Information Protection Law to request a civil liability by claiming to the court to safeguard their legitimate rights and interests.

Personal information security overall cognition is low

The "Report" found that 83.5%of users "pay more attention" or "very concerned" personal information security, and only 2.6%of users are "very disliked" or "less attention" personal information security; for personal information security risk Worried, the proportion of users who choose offline is 19.8%, and the online pathway is 80.2%.

The "Report" shows that although users pay more attention to personal information security on online channels, the privacy policy provided by the app provided by the APP has low attention, and only 35.0%of users will read it carefully. Viewing the APP privacy policy is an important way for users to exercise the right to know, but the reality is that many users have the insufficient users who want to see but do not understand, or can only understand the content of the privacy policy. 10%.

Through reading privacy policies, the subject of personal information can fully understand how their personal information may be collected and used. For example, what personal information will be collected, what kind of purpose will be used for these information, and whether these information will be used for Third parties, ways and procedures for personal exercise of rights. On this basis, individuals can make a decision whether to agree with the privacy policy and other personal information processing requests under the premise of fully knowledge. Combined with user interviews, the "Report" found that users have low attention to the APP privacy policy. There are three main reasons:

First, there is a higher degree of trust in the large platform used. The apps that users currently download and use are large platforms that are highly well -known and people around them are using. Users have a high degree of trust in these platforms. I believe that their personal information will be standardized and processed. Essence

The second is that it can only be passively accepted, and it is of little significance to read privacy policies. Many users think that they are in a relatively weak position. Privacy policy is a "exemption clause" for enterprises to safeguard their own interests. If you want to use the APP, you can only passively accept the terms and policies, so the reading privacy policy is of little significance.

Third, the current privacy policy display is difficult to distinguish the key points. Most apps show privacy policies with large sections and small fonts. It is difficult for users to distinguish the focus and find what they care about.

Personal information protection has always been an important part of financial consumer protection. With the acceleration of digital transformation of Chinese financial institutions, advanced technologies for financial regulatory layers and financial institutions to strengthen financial consumer personal information protection.

In terms of technical application, taking privacy computing technology as an example, in November 2020, the People's Bank of China officially released the first privacy computing technical standard "Multi -Party Security Computing Financial Application Technical Specification" (JR/T0196-2020), and launched in 2021 The development of other privacy computing technology financial application standards such as federal learning. Driven by the top -level design, my country's Internet companies, technology companies, and financial institutions have successively developed a number of molding privacy computing products in recent years. Privacy computing has become the current main personal information protection technical means. Privacy computing can achieve common excavation of data value under the premise of protecting data privacy.

The "Report" pointed out that "in the field of personal information security, Weizhong Bank actively explores scientific and technological innovation, and has innovative exploration in areas such as cutting -edge technology (such as privacy computing) and emerging technology application models (such as distributed data transmission protocols) to ensure users Personal information security. "

As more and more domestic companies pay attention to ESG and the emphasis on the protection of personal information from all walks of life, I believe that various technologies represented by privacy computing will have more applications in the field of personal information protection, and better protect users Personal information rights.

- END -