On January 29, the Cyberspace Administration of Shanghai (CAC) announced that it had imposed administrative penalties on a number of well-known enterprises that failed to effectively fulfill their responsibilities for the protection of consumers' personal information and had serious problems. Among them, a well-known hot pot chain brand, which is the "top stream" in the hot pot industry, is impressively listed, causing heated discussions.
According to the report, in the storage of personal information, its creation has been formed in the past 30 years500 million pieces of personal information of members and 180,000 pieces of information of company employees are not encrypted and stored, and they have been in a state of "streaking" for many years. This personal information includes the member's mobile phone number, email address, etc. The 180,000 pieces of personal information of employees even include sensitive information such as names, ID numbers, mobile phone numbers, home addresses, etc.
Unprotected and unencrypted personal information is in danger of being stolen by "ghosts". These real mobile phone numbers collected through the leakage of "inner ghosts" can be used to understand the consumption habits of members. If combined with other data sources sold on the "dark web", users can be profiled more accurately, which is extremely dangerous. The "black market" on Internet platforms is often related to the protection of user information.
Previously, some netizens called for strict investigation of the leakage of passenger flight information and the use of its fraud. There are also horrific fake orders for ride-hailing caused by the theft of taxi accounts. Fans chase stars at the airport to pick up the airport, and passengers encounter flight refund and change fraud. At the heart of such incidents is the leakage and exploitation of personal information. These are all problems caused by the lack of privacy protection of the platform, which leads to the leakage of user information.
Most of the leakage of personal information is due to the inaction of platforms or enterprises. According to the investigation, when inspecting the above-mentioned hot pot brand, the technical staff found that there were more than 20 "super administrator" accounts on its member operation and management platform. In the process of collecting personal information, the WeChat mini-program of the hot pot brand delivery also forced users to agree to turn on the location permission to obtain accurate location information when filling in the delivery address information. The larger the amount of information collected by the enterprise and the more sensitive the content of the information collected, the stricter the legal responsibility of the enterprise should be.
In recent years, personal information protection has become a hot topic of concern and an important direction of national social governance. To this end, the state has specially promulgated the "Personal Information Protection" to support the protection of personal information with special laws. According to reports, several mainstream platforms in China have cases of user data being stolen and sold by internal staff. In this regard, China's Criminal Law stipulates the crime of infringing on citizens' personal information, in which "citizens' personal information obtained in the course of performing duties or providing services, ** or provided to others", shall be "severely punished" in accordance with the regulations.
Personal information is protected by law and is related to vital interests, and must not be infringed upon by any organization or individual. Some platforms collect information not to better serve users, but to seek more commercial benefits. However, seeking benefits at the expense of the risk of information leakage obviously violates the basic norms of the Internet and the ethics of the business society. It is very important for enterprises to improve their compliance awareness of personal information security protection, strengthen the strong and make up for the weak, and earnestly fulfill the obligations and legal responsibilities of personal information protection. All major enterprises should clarify the boundaries of responsibility and serve as an example of respecting and abiding by the law in the protection of personal information. For enterprises and platforms, the relevant departments also need to smooth reporting channels, strengthen law enforcement, and promptly stop the undesirable trend of long-term "streaking" of personal information.
In the era of digital economy, big data has become an important factor of production, and personal information is the most important component of big data. Social development has been transformed by big data, and individuals have also felt the convenience of big data in their lives, but the negative impact it has brought about also requires all parties to actively deal with it. For Internet companies and platforms, some unspoken rules and sidekick operations in the past must be corrected by the law. Tightening the red line of personal information protection has become a basic requirement for all Internet companies. After all, whoever has a stronger sense of compliance and who respects users' information rights and privacy rights is likely to go further and more steadily in the future.
Upstream news commentator Kang Lei.