Where did the personal information "handed over" to fight the epidemic go?
Our reporters Zhai Yongguan, Bai Jiali, Song Jia, Hou Jie
On April 19, Qingdao Public Security issued a notice saying that a list of people entering and leaving the local central hospital appeared in the WeChat group of Jiaozhou citizens. Personal information such as the name, address, contact information, and ID number of more than 6,000 people have been made public.
Similar situations occur in many places, causing people to worry about the security of personal information during the epidemic prevention. The reporter found in the interview that the personal information that needs to be collected in large quantities for prevention and control still remains in the hands of relevant apps and supermarkets, pharmacies and other merchants, and there is a hidden risk of leakage.
Frequent information leaks are illegal operations
Mr. Ding, who lives in Tianjin, has recently received calls marked as “fraud”, “harassment” and “real estate agents”.
He said a little anxiously: "Has personal information been registered many times during the epidemic, has it been leaked?"
Mr. Ding ’s concerns are not unnecessary. Prior to this, there have been multiple incidents of information leaks from returning home and diagnosed personnel. This is mostly caused by illegal operations when collecting and using personal information in some places.
Tianjin has discovered in its special governance that apps such as "New Crown Pass" did not synchronously explain to users the purpose of collection when collecting personal sensitive information such as identity documents, health information, detailed whereabouts, etc .; they did not provide deletion to users in accordance with relevant laws and regulations. , The function of correcting personal information.
In addition, since the outbreak of the epidemic, there have been many cases across the country that have been handled by public security organs because of the illegal dissemination of personal information.
In early February, a staff member in Ordos, Inner Mongolia, sent the list of epidemic-related investigation personnel to the internal working group, which was unauthorizedly forwarded to the WeChat group of the public by member Wang. Subsequently, the list was forwarded by netizens in large numbers, causing citizens' personal information to be leaked. Afterwards, the public security organ imposed administrative detention on Wang somewhere for 10 days.
In Guangzhou, the Haizhu police received an alarm from the residents of the jurisdiction, saying that some people in the WeChat group of the owners of the community had issued personal information of multiple citizens. The police investigation found that Zheng had sent a list of many tourists who had taken a cruise to his friend Ye. Ye Mou also forwarded the personal information of the tourists to the WeChat group of the owners of the community where he was. The police then imposed a fine of 500 yuan on the offenders Zheng Mou and Ye Mou, respectively.
Property actually requires registration of income status
The reporter's investigation found that the "big data anti-epidemic" conducted through the collection of personal information of citizens has contributed to the effective control of the epidemic. However, there are some places where there are irregularities in the collection and use of personal information.
——Too many subjects collect information. According to He Yanzhe, an expert in the App Governance Working Group on the Collection and Use of Personal Information in Violation of App Laws and Regulations, there may be thousands of information collection network applications used during epidemic prevention. "These subjects of information collection do not have a unified standard and a mechanism for sharing and mutual recognition, and there are repeated and excessive collections."
In addition, some online epidemic prevention procedures have a low level of compliance with personal information protection. For example, a small program operated by the street that the reporter has used, it does not show the privacy policy to the user, does not list the purpose, method and scope of the collection and use of personal information one by one. Inform the purpose of use.
-Excessive collection. Many people report that some departments and businesses over-request when collecting personal information. Someone vomited that during the epidemic prevention period, the contents of the residential property onsite required registration, even including income status, height, blood type and other information. "I really don't understand. How much money does a month have to do with epidemic prevention and control?"
——Information storage and protection are unclear. Mr. Zhang in Beijing has recently been asked to register personal name, ID number and mobile phone number at the entrance every time he visits a supermarket or snack bar near his home. A thick big book, the personal information of each person entering and leaving is written on it, and the next person can clearly see the specific information of the previous person.
"How does the merchant protect this personal information registration book full of name, ID number and mobile phone number?" Mr. Zhang was worried. The staff replied that they only registered and did not know how to proceed.
Personal information collection should be "minimum enough"
At present, various anti-epidemic apps and entities such as supermarkets, pharmacies, community properties, buses and subways collect a lot of personal information. Many people do not know how this information will be used when they surrender their personal information.
The interviewed experts believe that in the future, we should pay close attention to the special management of relevant apps, and urge operators to self-check and rectify against policy standards. Where there are problems, measures such as notification and rectification, public exposure, notification of delisting, administrative punishment, and referral to justice shall be taken as appropriate.
At the same time, it is necessary to clarify the scope of personal information collection. He Yanzhe said that the collection of personal information should adhere to the "least enough" principle to avoid excessive collection.
"Now that personal information has been collected in large quantities, it is important to strictly manage them to ensure data security," said Wu Xiaolin, a professor at the Zhou Enlai School of Government Management at Nankai University.
He suggested that relevant departments should increase the process tracking of the collected personal information, strictly supervise related applications and other paper materials, and minimize the risk of leakage and abuse.