China News Service, January 11, according to the central bank's website, on January 11, the central bank issued the "Credit Investigation Business Management Measures (Draft for Comment)" (hereinafter referred to as the "Measures") to solicit public opinions.

According to the draft for soliciting opinions, the collection of credit information by credit reporting agencies should follow the principle of “minimality and necessity” and not excessive collection.

The use of credit information provided by credit reporting agencies by information users shall be used for lawful and legitimate purposes and shall not be abused.

The retention period of the bad personal information collected by the credit reporting agency shall be 5 years from the date of termination of the bad behavior or incident.

When bad credit information expires, the credit reporting agency shall delete it. If it is used as sample data, it shall be de-identified and moved to a non-production database for storage to ensure that personal credit information is not directly or indirectly identified.

  The drafting instructions of the “Measures” introduce the principles of formulation in three aspects, including:

  ——Insist on the working philosophy of credit investigation for the people.

Fully protect the information subjects’ right to know, consent, dissent, and complaint in credit reporting business activities, meet the people’s demand for high-quality credit reporting products and services, and prevent the abuse of personal and corporate credit information Abuse to ensure the security of credit information and prevent information leakage.

  ——Considering information security and compliant use of information.

On the premise of protecting the rights and interests of information subjects, promote the standardized development of the credit reporting industry, clarify the obligations of information providers, credit reporting agencies, and information users, and encourage credit reporting agencies to provide diversified credit reporting under the premise of safety standards. Increase the effective supply of credit investigation products and services.

  -Integrate with current laws and regulations.

Fully absorb the content of personal information protection in current laws and regulations such as the Civil Code, Cybersecurity Law, and Consumer Rights Protection Law, fully consider the convergence with the Personal Information Protection Law (Draft), and absorb relevant legislation Principles and spirit to refine the protection of personal information.

  The main content of the "Measures" includes four aspects, as follows:

  One is to make clear regulations on credit information and credit investigation services.

Make credit investigation and supervision have laws to follow.

All kinds of information that will provide services for financial and economic activities and used to judge the credit status of individuals and enterprises are defined as credit information, and its information service activities are credit investigation activities.

In current practice, the use of this information to make portraits and evaluations of individuals or enterprises is defined as credit investigation services, which falls within the scope of the "Measures".

  The second is to stipulate the collection, sorting, preservation and processing of credit information from the perspective of protecting the legitimate rights and interests of individuals and enterprises.

Credit reporting agencies are required to collect information in accordance with the principle of “minimality and necessity” and must not collect information in an illegal manner; when collecting personal information, they should inform the purpose of collection, the source of information, and the scope of information, and the collection of non-public corporate credit information should obtain corporate consent ; The sorting, preservation and processing of credit information shall follow the principle of objectivity and shall not tamper with the original data.

  The third is to regulate the use of credit information to ensure that it is used for legal purposes.

Information users are required to use personal credit information for lawful and legitimate purposes and must not be misused; the retention period of bad personal information collected by credit reporting agencies is 5 years from the date of termination of the bad behavior or incident; credit reporting agencies provide credit information inquiries , Credit evaluation, credit rating, anti-fraud services and other types of credit investigation services, the corresponding business rules shall be followed.

  The fourth is to regulate the security of credit information and cross-border flows.

From the aspects of internal control, software and hardware equipment, personnel management, etc., credit reporting agencies are required to do a good job in information security and establish emergency and reporting systems.

To provide enterprise credit information inquiry services overseas, it shall ensure that the credit information is used for reasonable purposes such as cross-border trade and financing, and provide it in a single inquiry manner.