The "Personal Information Protection Law" was formally implemented and the issue of privacy of express delivery was paid attention again


  . Can a "privacy sheet" prevent information leakage?

  On November 1, the "Personal Information Protection Law" was formally implemented, which is China's first systematic and comprehensive law specifically aimed at the protection of personal information.

With the opening of Double Eleven this year, the issue of express privacy and security has once again been paid attention to.

A few days ago, Ningbo police announced a case in which the person involved applied for the identity of a courier in order to enter the company to secretly take pictures of the express delivery, and then resell them online.

Some netizens suggested that the privacy sheet can solve the problem of express personal information leakage. Is it really that simple?

  event

  Courier information leakage caused individuals to be defrauded by 160,000 yuan

  On November 1, many e-commerce platforms opened the Double Eleven Shopping Festival at 0:00. Some netizens placed an order in the early morning and received the express delivery in the morning.

While happily receiving the express delivery, a topic of "the leakage of express delivery information as an accomplice of targeted fraud" was fermented on the Internet, which caused netizens to worry about the leakage of personal information due to express delivery orders.

And this is not without precedent.

  On September 23, the topic of “160,000 scammed by UP master’s narrative within 30 minutes” became a hot search.

According to the victim’s account, she received a call from a courier who claimed to be a Shentong courier that day. The other party stated that “double compensation will be given for lost parcels.” She accurately reported her alias and courier number on the courier bill. , Which made her relax her vigilance.

Because the shipment was lost, a claim was required. After verifying that the information was correct, she trusted the other party and began to apply for a 180 yuan express delivery claim under the guidance of the “customer service” under the guidance of Alipay’s “backup fund”. , Has a loan relationship with Alipay.

In order to terminate the loan relationship, the express "customer service" asked her to download an app called "Yealink Meeting" to join the meeting and contact a staff member who claimed to be the official customer service of Alipay.

The "official customer service" said that her Alipay Sesame credit score was insufficient, and she needed to transfer 180,000 yuan to the designated account for credit guarantee, so under the guidance of the customer service, she transferred a total of 160,000 from multiple bank cards under her name to the designated account. Yuan.

"Customer service" asked her to continue to borrow 20,000 yuan from her friend to make up the 180,000 yuan credit limit. At this time, the friend found out that she had been cheated and accompanied her to the Public Security Bureau to report the case.

  Two days later, she received this "lost item" courier, and the courier was in normal condition.

At present, the police have issued a notice of filing a case for investigation.

  status quo

  "Privacy Sheet" The actual utilization rate in the industry is not high

  A reporter from Beijing Youth Daily learned that the police in Ningbo, Zhejiang, recently detected a criminal gang that illegally obtained and reselled express delivery information, arrested 9 suspects and seized more than 20,000 express delivery photos.

  At the beginning of September this year, an import foreign trade company in Beilun District, Ningbo City, Zhejiang Province reported to the police that the company had received complaints from consumers one after another, saying that a large number of personal information had been leaked and that customers had been defrauded.

  According to the police's understanding, in order to obtain the personal information contained in the courier for illegal profit, this criminal group entered the courier company through temporary employment.

Then, they used the machine for sorting out the express parcels to secretly take pictures of the express delivery and then resell them online.

  After grasping a large number of clues, the Ningbo police launched an arrest operation and successively arrested 9 criminal suspects and seized more than 20,000 express delivery photos.

  In fact, in order to protect user privacy, the express delivery industry has already launched a privacy sheet several years ago.

Among them, the user's name and some mobile phone numbers will be replaced by *.

Some courier companies omit the sender’s information on the face-to-face note.

These measures reduce the privacy leakage caused by the leakage of express delivery.

Although key information such as phone calls are hidden, this kind of face-to-face order does not affect the delivery of couriers, and they will directly contact users through the relevant functions of the App in their hands.

  The privacy sheet seems to benefit both parties. In actual operation, the privacy sheet is very rare.

  A reporter from the Beijing Youth Daily saw in some of the stations that many of the couriers waiting to be picked up did not use the privacy slips.

“There are few types of hidden numbers. Even if there are some, the courier will write the phone number on the express box for easy inspection when picking up the package.” A staff member at a post on Chaoyang Road said.

In his opinion, the privacy sheet is just one more procedure, and it seems a bit tasteless to want to keep personal information confidential.

  Many users also said that although the privacy sheet is good, they have no control over what kind of express delivery the seller sends.

The business also said that the express company did not provide the seller with this service, "if it has it, there is no way without us."

The greater the problem of less use of privacy sheets comes from the express delivery companies, especially the companies that dominate the franchising of outlets.

On the one hand, the privacy order requires a certain amount of investment from the company in the early stage. On the other hand, the courier believes that this order reduces their delivery efficiency, which in turn affects their income.

  "The convenient function of the privacy note is based on the delivery to the home, that is to say, the courier calls the user and then delivers it to the door. Once a third party appears in the middle, such as a post, a communication room, the privacy note is also We can’t talk about privacy anymore. Because the customer’s mobile phone number and other personal information must be used as verification.” A practitioner in the express delivery industry said that at present, the “last mile of express delivery” is solved by a third party. Privacy The role of privacy protection alone is still limited.

  problem

  Part of the information leakage stems from internal staff guarding and stealing

  So can the vigorous promotion of privacy sheets solve the problem of personal information leakage in online shopping?

The analysis believes that "it has a role, but the role is limited."

As far as the protection of personal information is concerned, the "privacy sheet" does not give users peace of mind.

  Insiders revealed that many information leaks were caused by theft by employees of express companies.

Even if a confidentiality agreement is signed, it cannot prevent individuals from taking risks for their own benefit.

  A reporter from the Beiqing Daily learned that last year, the police in Handan, Hebei, uncovered an illegal theft of personal information.

The cause was that a Handan express company detected that its employee number had been abnormally logged in and called the police.

The police found that after a work number named Yongnian logged in from another place, they searched more than 8,000 pieces of information, and the police quickly found the courier.

The employee said that two young people came to his store and wanted to rent his job number, check the delivery process, and use them for Taobao to buy these items. If the rent is completed, he will be given 500 yuan a day.

  In the end, the police reported that the criminals knew how to use the job number to retrieve data because they had worked in a courier company, so they came up with this method to steal citizens’ personal information from the courier company’s system.

The person then packs and sells the stolen citizen information to his upline, and then sells it directly to overseas fraud gangs from the upline.

  In this case, the data directly retrieved from the background caused the privacy face sheet to lose its "protection" capability.

The leakage of express personal information is not only the responsibility of the express company. The problem of data leakage may also appear in the merchant or the platform.

  Text/Photo courtesy of our reporter Zhang Xin/Visual China

  Coordinator/Yu Meiying

  RAM

  The platform will face penalties if it fails to fulfill its information protection obligations

  According to industry insiders, in order to keep the "privacy sheet" from leaking, it is necessary for the express delivery industry to protect users' personal privacy, prevent data leakage in the database, and exert efforts in personnel management, security systems, and technology.

  From November 1st, the "Personal Information Protection Law" was formally implemented.

The law clarifies that no organization or individual may illegally collect, use, process, or transmit the personal information of others, and shall not illegally trade, provide or disclose the personal information of others.

  At the same time, the law stipulates that: personal information processors should take measures to ensure that personal information processing activities comply with laws and administrative Regulations, and prevent unauthorized access and personal information leakage, tampering, and loss.

Measures include but are not limited to: formulating internal management systems and operating procedures; implementing classified management of personal information; adopting corresponding security technical measures such as encryption and de-identification; reasonably determining the operating authority of personal information processing, and regularly performing security for employees Education and training; formulate and organize the implementation of emergency plans for personal information security incidents, etc.

  In addition, the law also clarifies penalties: if the processing of personal information fails to fulfill the personal information protection obligations under this law, the department performing personal information protection duties shall order corrections, give warnings, and confiscate illegal gains.

If the circumstances are serious, the department performing personal information protection duties at or above the provincial level shall order corrections, confiscate the illegal gains, and impose a fine of less than 50 million yuan or less than 5% of the previous year’s turnover, and may be ordered to suspend related businesses or suspend business Rectify and notify relevant competent authorities to revoke relevant business licenses or revoke business licenses; impose a fine of 100,000 yuan up to 1 million yuan on directly responsible persons in charge and other directly responsible persons, and may decide to prohibit them from serving as relevant enterprises for a certain period of time Directors, supervisors, senior managers and personal information protection officers of the company.