Courier face individual information at a glance, privacy face sheet promotion has little effect
How the law locks the express information security
On November 2, the Central Branch of the Public Security Bureau of Jinan City, Shandong Province organized police to conduct security inspections at outlets operating express delivery services in its jurisdiction.
In response to the personal information protection law that came into effect on November 1, the inspection of the standardized operating procedures of the shipping and delivery industry was further strengthened, and the "last mile" of information security was maintained.
Photo by our correspondent Hao Xincheng
□ Our reporter Zhao Chenxi
Every year on "Double 11", Chen Lingfeng, a retired worker who lives in Beixinqiao, Dongzhimen, Beijing, is very busy. Young people are busy "chopping hands" while he is busy doing "aftercare" work for them.
"Young man, give me the courier box." When the reporter saw Chen Lingfeng, he had just received a courier box from a young man, which was filled with torn packaging bags, but the express delivery note on the box was Intact.
"People don't pay much attention to the privacy of the express delivery bill." Chen Lingfeng said as he used a knife to skillfully scrape the express delivery sheet from the express box, and then shred it and put it in other trash. This is his "aftermath" work.
In the afternoon of the same day, he only found 3 express boxes that had been torn off or smeared and then discarded. The rest of the express boxes were completely pasted on the express box, clearly showing the details of the consignee. information.
How much personal information can be "picked" by an express delivery note?
In addition to the name, mobile phone number, and address shown above, you can also check WeChat, Alipay and other accounts through your mobile phone number, and then learn about your hobbies, family members and other information.
Since the implementation of the real-name express delivery system in November 2015, discussions on how to protect personal privacy in the express delivery industry have not ceased.
It is undeniable that in recent years, many cases of citizen information leakage have occurred in the field of express logistics.
Liu Junhai, a professor at the School of Law of Renmin University of China, said in an interview with a reporter from the Rule of Law Daily that the personal information protection law that came into effect on November 1 is my country’s first systematic and comprehensive law specifically aimed at personal information security. It involves all individuals. Information protection content The express delivery industry must abide by it. It is necessary to use the personal information protection law as an opportunity to improve the personal information protection system of the express delivery industry, especially the full implementation of the privacy face-to-face function.
Courier face-to-face information streaking seriously
"Hello, one of your couriers is lost, and now you need to pay you double compensation." After the other party accurately reported her name and courier number, Ms. Yang believed in the customer service staff who claimed to be a certain courier company. The "customer service staff" said that she would pay a compensation fee of 180 yuan, but she needs to operate on her mobile phone.
In the end, under the step-by-step "guidance", Ms. Yang actually transferred 160,000 yuan to the other party... Some time ago, a UP owner with nearly a million fans posted on the Internet crying about her being scammed by telecommunications due to the leakage of express delivery information. process.
In recent years, cases of fraud and burglary due to the disclosure of personal information on courier orders have appeared in the newspapers from time to time.
Not long ago, the People's Procuratorate of Jiashan County, Zhejiang Province, found in a criminal and incidental civil public interest lawsuit for infringement of citizens' personal information that part of citizens' personal information bought and sold by criminal suspects was obtained through the express delivery industry.
The reporter recently visited several express delivery stations in Beijing and found that the situation of “naked” on the express delivery bills was also serious.
In front of the rookie post in a residential area in Haidian District, Beijing, there were a large number of express delivery that could not be processed in the future. The reporter picked up 4 express parcels at will, and the details of the sender and the recipient were clearly printed on the express receipt. information.
With the rapid increase in the number of express delivery and the inability to deliver to homes affected by the epidemic, express delivery stations are carrying more and more jobs.
However, several express delivery stations visited by the reporter were piled up in front of a large number of unprocessed express delivery, and there was no special person to supervise them. When the reporter searched and checked the express information, there was no staff to stop it.
"These have brought greater security risks to information leakage." Zhu Wei, deputy director of the Communication Law Research Center of China University of Political Science and Law, said that the traditional one-to-one delivery of express delivery, the personnel who know the information are relatively fixed, but the transit is through the express station. There are more people in hand, and if the management is neglected, the scattered express information may be known to more people. After accurately obtaining the recipient’s personal information, logistics order number, product purchase and other key information, it will also be able to pretend to be “electricity”. The possibility of fraud by "business customer service" or "courier" using "send a return link to defraud bank account information", "courier loss, merchant compensation" and other means.
Private side single function implementation
By partially concealing the personal information on the express delivery note, it is possible to avoid the leakage of personal information on the express delivery note to a large extent.
In fact, since JD.com started the trial promotion of "smile face orders" in June 2016, using technical means to replace some user names and mobile phone numbers with smiling faces, major express delivery platforms have successively launched "private face orders" services. Use "*" on the face sheet to replace the middle phone numbers and the user's name and address to protect the user's personal privacy information.
However, the staff of an express post station bluntly stated that, whether it is for the express platform, or the express station and the courier, the privacy face-to-face order is a bit "unwelcome."
On the one hand, hiding information requires the support of a dedicated system, and it is also necessary to equip the courier with a handheld terminal, which increases the cost for the express platform and express station.
For the courier, it is more troublesome than direct delivery because it is not possible to obtain the detailed address directly from the face-to-face.
For example, the courier Chen Dong said that for private receipts, the couriers need to scan the barcode on the receipt with a handheld terminal to display specific information and contact the customer. The number that appears is also a virtual number. If the customer's phone cannot be reached or the machine fails, etc. In this case, express delivery is difficult to deliver.
Therefore, the courier will not actively "recommend" this service to the sender.
At present, if you want to hide personal information, users need to select the corresponding privacy face-to-face function when sending a shipment.
In order to actually confirm the privacy face-to-face function, the reporter downloaded the apps of 3 express delivery platforms. Two of them set the privacy face-to-face function in the value-added service. Although there is no charge, the user needs to check it when sending the shipment.
Another express app did not show related services when sending the shipment. After the reporter asked the customer service, the other party said that if they want to hide personal information, they need to fill in the shipping remarks by themselves.
"Since the courier company has this function of protecting user information, why should the sender choose it on his own and not actively use it?" As an online shopping expert, Chen Lulu specially purchased the courier pen to cover the courier face list. For personal information, she believes that the courier company’s practice of not concealing information without actively checking when sending shipments is tantamount to adding a “threshold” to the security of personal information. Is it possible that consumers’ personal information protection should be placed on the sending Does the merchant check the privacy face-to-face function?
Are there any mandatory provisions in the law for privacy sheets?
In this regard, Liu Junhai pointed out that according to the Consumer Rights Protection Law and the "Interim Regulations on Express Delivery" and other legal provisions, express operators must ensure the safety of express consumers’ personal information, but the current relevant laws do not clearly stipulate that express delivery platforms must be used compulsorily. Privacy sheet.
Chapter V of the Personal Information Protection Law specifically stipulates the obligations of personal information processors. Article 51 stipulates that personal information processors must take corresponding measures to ensure that personal information processing activities comply with laws and administrative regulations, and prevent unauthorized access. Access and personal information leakage, tampering, and loss.
This includes adopting corresponding security technical measures such as encryption and de-identification.
In Zhu Wei’s view, before the implementation of the Personal Information Protection Law, encryption and de-identification of privacy sheets can also be regarded as industry advocacy. However, with the formal implementation of the Personal Information Protection Law, security technologies such as encryption and de-identification have been implemented. The measures have become a statutory obligation that the express delivery platform must perform, so the privacy face-to-face function should be enforced.
Refine the implementation standards of privacy sheet
Taking into account issues such as cost, delivery efficiency, etc., Liu Junhai believes that the courier platform may be less motivated to fully implement the privacy face-to-face function, and it should be improved from the legal system.
After the 2009 Postal Law clarified the legal status of express delivery companies, my country's express delivery industry developed rapidly.
In order to promote the healthy development of the express delivery industry and protect the legitimate rights and interests of express users, the "Interim Regulations on Express Delivery" came into effect on May 1, 2018.
Liu Junhai believes that as the first administrative regulation specifically for the express delivery industry, after the implementation of the Personal Information Protection Law, consideration should also be given to revising and improving the "Interim Regulations on Express Delivery" regarding the protection of personal information.
He suggested that the relevant content of the comprehensive implementation of the privacy note system should be included. The privacy note should be a service that the express platform "should" provide, and the user information on the express note should be hidden by default.
The top-level design should be used to urge all express delivery platforms to fully implement the privacy face-to-face function as soon as possible.
Zhu Wei agreed with this. He suggested that in addition to mandatory requirements for express delivery platforms to use privacy face orders, relevant departments should also consider formulating a unified privacy face order implementation standard, and conduct unified regulations in terms of technology, distribution, and face order information specifications. Penalties should be increased for platforms that do not execute.
At present, in addition to express delivery orders, many express information leaks are also caused by "inside ghosts" of express companies. For example, the case of "400,000 pieces of personal information leaked by ghosts in YTO" that attracted attention last year was the collusion between criminals and YTO express staff. Paid renting of YTO’s employee system account to steal citizens’ personal information.
"This shows that some express delivery platforms still have big loopholes in internal management and other aspects, and the express delivery platforms need to more strictly supervise their own systems and employees." Zhao Zhanzhu, deputy director of Beijing Yunjia Law Firm, pointed out that the Personal Information Protection Law Clarify that the principle of liability for personal information infringement is the presumption of fault, which means that when personal information rights are infringed due to personal information processing activities, if the personal information processor cannot prove that there is no fault in data processing and data protection, it should Bear tort liability such as damages.
Article 44 of the current "Interim Regulations on Express Delivery" stipulates that a company engaged in express delivery business selling, leaking or illegally providing user information known in the process of providing express delivery services is fined up to 100,000 yuan if the circumstances are serious, and can be ordered to suspend business for rectification until it is revoked. Express business license.
In Zhao Zhanzhu's view, the maximum penalty amount is too low compared to the profits of the express delivery company. It is recommended that the penalty amount be further increased when the "Interim Regulations on Express Delivery" are revised.
To control information leakage in the express delivery industry, the focus should be on the express delivery platform, and the platform should be forced to continuously improve its awareness of information protection and improve its own internal security management and control through increased punishment.