The historical data of site codes has caused privacy concerns. How to deal with special epidemic prevention data?

　　Author: Ge Hui

　　In the past week, officials in many places have announced the cancellation of the requirement to scan the "site code".

This means that since May 21, the "site code" scanning and verification work that has been promoted in various places has gradually faded out of the daily life of ordinary citizens after half a year. privacy concerns.

　　A senior technical expert of the big data center told China Business News that the data of the site code is currently stored in the government affairs cloud, and there is basically no possibility of being intercepted by each site.

"The retrieval of these data needs to be authorized. Whoever inquires and what is recorded will be used for auditing in the future. Whoever collects it is responsible, whoever uses it, and whoever holds it is responsible. This is a requirement for data security."

　　Professor Liu Jie from the School of Management of Fudan University said that the construction of a smart city should shift from a management-control mindset to a service mindset, truly paying attention to what the real needs of the people are, timely deleting data saved in a specific period, and subtracting data are also important components of building a smart city part.

Multi-site cancellation code

　　As early as a week ago, after the release of the "New Ten Rules", many places have gradually canceled the inspection of health codes and venue codes.

　　On the evening of December 4, Hangzhou issued the "Notice of Hangzhou City on Optimizing and Adjusting Relevant Measures for Epidemic Prevention and Control", except for special places such as nursing homes, welfare homes, primary and secondary schools, and kindergartens. For establishments, no nucleic acid test negative certificates will be inspected, and the "place code" will no longer be scanned; personnel who purchase "four types" of drugs through pharmacies will no longer be required to undergo nucleic acid testing and assign codes to promote inspections.

From the 4th to the 5th, cities across Zhejiang successively announced relevant measures to no longer scan venue codes.

　　Since then, the Jiangxi Provincial Epidemic Prevention and Control Headquarters announced that from 18:00 on December 5, except for special places such as medical institutions, nursing homes, welfare homes, primary and secondary schools, and kindergartens, people who take public transportation in the city, enter and leave residential areas, and enter parks and scenic spots Shopping malls, supermarkets, hotels and other public places will no longer check nucleic acid test certificates, health codes, or "place codes".

　　On December 7, Tianjin Metro and public transportation also announced the cancellation of the inspection of the health code and the cancellation of the scanning of the "place code".

　　This means that the "site code" scanning and verification work, which started in Hangzhou on May 21, has gradually faded out of the daily life of ordinary citizens after half a year.

　　In 2022, on May 21, Hangzhou issued a notice to comprehensively promote the "site code" scanning and verification work, and determined the list of the first batch of key sites according to the needs of epidemic prevention and control.

The places (units) included in the list realize the full coverage of the "place code".

Places (units) that have not yet been included in the list are encouraged to receive and use up as much as possible.

At the same time, it was proposed that "strictly implement the code scanning and inspection, and the code inspection must be strict. Personnel who have not obtained nucleic acid sampling or testing certificates within the specified time are not allowed to enter key places and take public transportation (except for residents returning to residential areas). Since then, various places have begun to promote it." Digital epidemic prevention measures such as "site code" and "digital sentinel".

　　How to deal with epidemic prevention data

　　Measures such as health codes, venue codes, and itinerary codes have played a certain positive role in tracing the source of the epidemic, but residents are generally concerned about where the information of these venue codes exists?

Who has access?

After the epidemic prevention enters a new stage, how should these data be processed?

　　According to the official account of "Communication Travel Card", from 0:00 on December 13, the "Communication Travel Card" service will be officially offline.

"Communication itinerary card" inquiry channels such as text messages, web pages, WeChat applets, Alipay applets, and APPs will be offline simultaneously.

On the 12th, the three major operators of China Telecom, China Unicom, and China Mobile successively stated that they will delete the data related to the user's itinerary simultaneously after the "communication itinerary card" service is offline at 0:00 on December 13 in accordance with relevant laws and regulations, and protect the data in accordance with the law. Personal information security.

　　A senior technical expert of the big data center told China Business News that the data of the site code is currently stored in the government cloud, and there is basically no possibility of being "cut off" by the place where each site belongs.

The retrieval of these data needs to be authorized, and who inquires what is also recorded, and will be used for auditing in the future.

　　He said that generally there are two types of personnel who can obtain their (their) track information by checking the location code data of a certain person or certain people. One type is business personnel, who have special application pages to do business. The logic should be to locate person A to the place first (provided that the code of person A shows abnormality), and then query the people who have been to this place; the second type is the database administrator, but the management in this area is relatively strict and authorization is required , private viewing is strictly prohibited.

　　The above-mentioned senior technical experts further stated that the interim measures for the management of a certain city’s government affairs cloud show that the security management of the government affairs cloud follows the principle of “whoever builds it is responsible, whoever operates it is responsible, whoever manages it is responsible, and whoever uses it is responsible”.

No unit or individual may use the government cloud to infringe upon the legitimate rights and interests of the state, the collective, or citizens, and shall not use the government cloud to engage in illegal or criminal activities.

"Whoever collects is responsible, whoever uses it, and whoever holds it is responsible for data security."

　　Professor Liu Jie from the School of Management of Fudan University told China Business News that Singapore's practice can be referred to for the processing of special data collected during the special period of epidemic prevention and control.

He said, "These data should be kept during the prevention and control period, such as two weeks, so that the common people can trust that these private data will not be commercialized, but there are currently no regulations in our country."

　　Liu Jie introduced the "TraceTogether" application (App) released by the Singapore government in his article in "National Governance" Weekly.

According to the article, when two mobile phones are nearby (generally within a range of about 8 meters), the TraceTogether application encrypts the information of other nearby smartphones to generate a temporary identity document (Identity Document–ID) and the duration of the mutual contact. , recorded in their respective mobile phones and stored for 25 days, of course mobile phone users cannot see these data.

If the owner of a mobile phone tests positive for the new crown virus, the epidemic prevention and control department can check the ID information in the TraceTogether app to track down the close contacts and the next close contacts of the infected person, so that they can receive the notification as soon as possible. According to the notification information of the epidemic prevention and control department, prepare for the response as soon as possible, and take corresponding isolation measures.

　　Liu Jie said in the article that before adopting TraceTogether, the Singapore epidemic prevention and control department and the police force needed to conduct personal interviews with infected people, and check various information including travel videos, ATM transactions, airlines, taxi companies, and mobile phones. This process is laborious and there are many omissions. At the same time, the public information may also cause problems such as personal privacy leakage.

　　"People are now enthusiastically discussing the whereabouts of data such as trip codes and site codes. In fact, so many organizations are implementing ESG, and G governance includes data governance. There are already many models for data governance, and our country also has Standards related to data governance. It has been almost three years since the COVID-19 epidemic. From being caught off guard at the beginning, to the closure of various places this year, and to the current liberalization, our smart city needs to be implemented to pay attention to the real needs of ordinary people. "Liu Jie told the first financial reporter that as the epidemic prevention and control is facing new situations and new tasks, "the construction of smart cities should change their thinking, change the thinking of management and control into the thinking of service, and truly serve the real needs of ordinary people."