Don't let roadside shops become a shortcoming in data security

Awaken the data security awareness of more small and micro enterprises and merchants, and prevent every piece of data outside the protection circle from becoming the fuse for individuals, enterprises and even countries to suffer economic losses and face security threats.

According to a recent report by "Southern Metropolis Daily", a few days ago, a foot bath shop in Huai'an, Jiangsu Province, was given an administrative punishment of "ordering rectification and warning" by the local police station because the computer did not set a password and did not establish a data security management system, which caused heated discussions in many parties. Since May, Jiangsu police have disclosed hundreds of law enforcement cases similar to "failure to fulfill data security obligations," punishing properties with more sensitive data, real estate companies, hotels, hospitals, and so on. This time, the law enforcement went to street shops, and a number of supermarkets, barber shops, fruit shops, pet shops, cake shops, and Internet cafes were included in the scope of inspection.

For roadside fruit shops, barbershops, pet shops and other small shops, the previous supervision and law enforcement paid more attention to business qualifications, fire safety, environmental sanitation and other issues, and extended the chain of responsibility and obligation of data safety protection to roadside shops, which made many people feel unusual.

Roadside shops shall bear the obligation to protect the security of citizens' personal information and other data, and have a basis in law. In September and November 2021, the Data Security Law and the Personal Information Protection Law came into force, respectively, which require "the conduct of data processing activities... must not harm the lawful rights and interests of individuals or organizations", "No organization or individual may infringe on the rights and interests of natural persons' personal information", etc. This means that business entities such as roadside shops are obliged to protect customer information collected in business activities. However, due to the short implementation time of the relevant laws, many people do not have a clear concept.

At a time when data security is becoming more and more a consensus, it is time for roadside shops that collect personal information, consumption preferences, and other data on a daily basis to fulfill relevant obligations. According to the hundreds of cases disclosed by the public security organs, a considerable proportion of stores were notified for rectification or administratively punished for failing to set boot passwords and screensaver passwords, and failing to take necessary measures to ensure data security. For example, in July this year, a courier company in Qidong, Jiangsu Province, failed to set a login password for scanning express delivery slips, causing others to implant Trojan horses, causing a large number of citizens' personal information to be leaked, and was fined 7,5 yuan by the public security organs.

Specifically, many roadside shops "don't know this obligation at all" and don't know how to protect data security. Some operators reported that "they do not understand other technical means except for setting a boot password". And some small shops and stalls opened by middle-aged and elderly people are even less capable of doing this technical work.

With the improvement of the law, the level of data security protection of some large enterprises and Internet platforms is greatly improved, and roadside shops are becoming the weak link in the data security protection defense line and the short board in the "wooden barrel". In addition to Jiangsu, in recent years, public security organs in Guangdong, Jiangxi, Fujian and other places have also forced roadside shops to perform data security obligations by means of warnings, education, and rectification.

Next, how to enable more market entities to assume data security obligations, enhance their ability to protect data security, and help them "know how to do" and "how to do well" is very important. Among them, reducing the threshold and cost of data security protection for small stores is the key to the problem. Relevant parties must not only have law enforcement actions, but also have corresponding legal popularization and assistance, refine the granularity of services, and improve the fineness of governance.

With the advancement of data security protection, various illegal acts and black ash industries such as telecom fraud and online trolls with illegally obtained information and data as the core are being effectively curbed. In this context, the relevant governance horizon should be further expanded, and the law enforcement force should also sink to the "nerve endings", awaken the data security awareness of more small and micro enterprises and merchants, and jointly consolidate the data security defense line, which is also an inherent requirement for various market entities to operate in compliance in the digital era.

Securing your data can't happen all at once. We hope that more forces will participate in expanding the protective circle of data security - and not let every piece of data outside the protective circle become the fuse for individuals, enterprises and even countries to suffer economic losses and face security threats.

Workers' Daily Wu Di