Recently, two incidents concerning data security have caused concern. The Ministry of Industry and Information Technology has recently conducted inquiries and interviews with relevant persons in charge regarding the data leakage of the Sina Weibo App (mobile phone application). Sina Weibo responded that it has taken measures such as upgrading the interface security strategy, and will subsequently implement the responsibility of the main body of enterprise data security and effectively protect the user's personal information. Earlier, Weimeng, which provides marketing services to online merchants, suffered a business data loss incident, which had a serious impact on businesses and merchants.

Data security protection is related to the legitimate rights and interests of every citizen, as well as the development of the enterprise and the overall economic and social situation. In the era of big data, how to enhance people's data "security"?

Who moved the "you" data?

When users register a certain mobile phone software, it will pop up a clause asking users to authorize various information rights such as address book, microphone, and geographic location; at street or mall promotions, businesses invite customers to scan codes to receive prizes for free; in malls, etc In public places, seeing free wireless networks of unknown origin, some people will connect to the Internet without consideration ... In daily life, people often encounter such scenes. Inadvertently, personal data information faces the risk of being "stolen" directly or indirectly.

With the rapid popularization of the Internet and the in-depth development of informatization, various data-based information is rapidly produced, collected, stored, processed, and utilized, and the era of big data is coming.

In today's society, data is regarded as a new type of resource. Through in-depth analysis and mining of the collected user data, companies can comprehensively judge the user's consumption needs based on the customer's geographic, category, preferences, social needs and other personal information, more accurately "sell" products, and plan the industrial layout.

While big data brings new opportunities, it also brings new challenges. Security risks such as data leakage and data abuse are prominent, and the hidden dangers are not small. Once data is leaked or misused, harassing phone calls, online fraud, etc. can also be changed from "mishaps" to "precision customization".

Hold the "red line" of data security

"The handling of data security issues directly affects personal privacy and even social order and national interests. This is a challenge that must be faced on the road to the development of the digital economy." Xin Yang, a professor at the School of Cyberspace Security at Beijing University of Posts and Telecommunications, pointed out.

In the era of big data, the commercial value of information has gradually become the core competitiveness of enterprises, and more and more enterprises have invested heavily in collecting, sorting and mining information. How to balance the relationship between personal information protection and industrial development has become an urgent problem to be solved.

From January to December 2019, the four departments of the Central Network Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the General Administration of Market Supervision organized the nationwide organization of the special management of the collection and use of personal information by the App in violation of laws and regulations. On December 30, 2019, the four departments jointly issued the "Approval Method of App Illegal Collection and Use of Personal Information", which classified 31 kinds of illegal collection and use of personal information, and defined user data security protection for mobile Internet companies. "Red Line".

Industry insiders pointed out that big data collection must follow three principles: the lawful principle, that is, personal information should not be stolen or obtained in other illegal ways; the lawful principle, that is, personal information should not be collected by deception, misleading, coercion, breach of contract, etc .; the necessary principles, That is, the minimum type and amount of personal information required to meet the authorized purpose of the information subject.

Join forces to strengthen data "security"

Recently, the Ministry of Industry and Information Technology's notice on accelerating the development of 5G emphasized the further strengthening of 5G network data security protection, pointing out that it is necessary to improve the data security management system and standards around typical application scenarios; it is necessary to rationally divide network operators and industry services Providers and other parties' data security and user personal information protection responsibilities.

With the advent of the 5G era, data security protection is facing greater challenges. All parties should strengthen their joint efforts to make the "gray space" for illegally collecting and misusing data smaller and smaller, and make users' data security more and more real.

In recent years, China has continuously accelerated the construction of relevant legal systems. The Cyber ​​Security Law, implemented on June 1, 2017, sets specific requirements for the protection of personal information; on May 1, 2018, the national standard "Information Security Technology Personal Information Security Specification" was officially implemented; in May 2019, the National Cyberspace Administration Issued "Data Security Management Measures (Draft for Comment)".

In addition, with regard to the security of personal information and data, the specific rectification activities at the national and local levels are not small, and the "protection lock" is tightened for data security. At the beginning of 2020, Zhejiang Police kicked off the special rectification work on personal information data security of Internet enterprises across the province. This activity will run throughout the year, which will effectively combat the punishment of crimes related to personal information security and strengthen the data security of Internet companies Protect and standardize the behaviors of Internet companies involving personal information.

Industry insiders pointed out that for Internet companies, it is necessary to strengthen the rule of law thinking, implement legal norms, and maintain the legal bottom line. This is an important guarantee for implementing the big data development strategy and promoting the orderly development of enterprise data types. The platform should clearly inform users of the specific content and purpose of the collected information through user agreements or privacy agreements, and adhere to the "least necessary" principle. For users, everyone must check personal information and develop the habit of using mobile phone software safely. When personal information is found to be leaked, they must be brave to take up legal weapons to protect their legal rights.

Li Jiabao