Can a "privacy list" prevent information disclosure?
2021-11-02
On November 1, the personal information protection law was officially implemented, which is the first systematic and comprehensive law specifically for personal information protection in China. With the opening of double 11 this year, the privacy and security of express delivery has been paid attention again. Recently, Ningbo police announced a case in which the person involved applied for the identity of a courier to enter the company to secretly take photos of express orders, summarize and sort them out and resell them online. Some netizens proposed that the privacy list can solve the problem of express personal information disclosure. Is it really so simple? event The leakage of express information led to personal fraud of 160000 yuan On November 1, many e-commerce platforms opened the double 11 Shopping Festival at 0:00. Some netizens placed orders in the morning and received express delivery in the morning. While happy to receive express, a topic of "leakage of express information into an accomplice to accurate targeted fraud" fermented on the Internet, causing netizens' concerns about personal information leakage due to express face orders. This is not without precedent. On September 23, the topic of "up master was cheated 160000 within 30 minutes" became a hot search. According to the victim, she received a call from a self proclaimed Shentong courier on the same day. The other party said that "double compensation shall be given for lost express". She accurately reported her pseudonym and express order number on the express list on the phone, which made her relax her vigilance. Because of the loss of express need to make claims, verify the information is correct, she believed the other side, began to "customer service" under the guidance of Alipay "standby fund" application for 180 yuan express settlement, the other said due to operational errors, standby gold application has become 500 yuan, and Alipay had a loan relationship. In order to remove the loan relationship, the courier "customer service" asked her to download a App called "billion union meeting" to join the conference to contact a staff member who claimed to be Alipay official customer service. The official customer service said that the credit score of her Alipay sesame was insufficient. She needed to transfer 180 thousand yuan to the designated account to make a credit guarantee. So, under the guidance of the customer service, she transferred to the designated account from a number of bank cards under the guidance of the customer service, totaling 160 thousand yuan. "Customer service" asked her to continue to borrow 20000 yuan from her friend to complete the credit limit of 180000 yuan. At this time, her friend found that she had been cheated and accompanied her to the public security bureau to report the case. Two days later, she received the "lost" express, which was in normal condition. At present, the police have issued a notice on the case for investigation. present situation The actual utilization rate in the "privacy sheet" industry is not high Beijing Youth Daily reporter learned that the Ningbo police in Zhejiang recently cracked a criminal gang that illegally obtained and sold the express information, seized 9 suspect and seized more than 2 photos of the courier side. In early September this year, an import and foreign trade company in Beilun District, Ningbo City, Zhejiang Province reported to the police that the company had received complaints from consumers, saying that a large number of personal information had been leaked and that some customers had been defrauded. According to the police, in order to obtain the personal information contained in the express and make illegal profits, the criminal gang even entered the express company through temporary employment. Then, they use the machine to sort out express packages, secretly take photos of express face-to-face lists, summarize and sort them out, and resell them online. After mastering a large number of clues, the Ningbo police launched a capture operation, which has captured 9 suspect and seized more than 2 photos of the courier side. In fact, in order to protect users' privacy, the express industry has launched a privacy list as early as a few years ago. Among them, the user's name and some mobile phone numbers will be replaced by *. Some express companies omit the sender's information on the face list. These measures reduce the privacy disclosure caused by the leakage of express delivery list. Although key information such as telephone is hidden, this face-to-face list does not affect the delivery of couriers. They will directly contact users through the relevant functions of the app in their hands. Privacy list seems to benefit both parties. In practice, privacy list is very rare. Beiqing Daily reporter saw in some post stations that many express delivery waiting for pick-up did not use private face lists. "There are few hidden numbers. Even if there are some, the courier will write the phone on the express box to facilitate inspection when picking up the pieces," said the staff of a post station on Chaoyang Road. In his opinion, the privacy list is one more procedure. It seems a little chicken rib to want to keep personal information confidential. Many users also said that although the privacy list is good, they can't control what kind of express the seller sends. The merchant also said that the express company did not provide this service to the seller, "if there is, there is no way for us". The greater problem of less use of private face orders comes from express companies, especially companies dominated by network franchising. On the one hand, the privacy order requires the company to have a certain investment in the early stage. On the other hand, the couriers believe that this order reduces their delivery efficiency and thus affects their income. "The convenient function of the privacy leaflet is based on delivery to the home, that is, the courier calls the user and then delivers it to the door. Once there is a third party, such as a post station and a reception room, the privacy leaflet will not be private. Because the customer's mobile phone number and other personal information must be used for verification," said an express industry employee, At present, the solution to the "last mile of express" is done by a third party, and the role of privacy sheet in protecting privacy is still limited. problem Part of the information disclosure comes from internal employees' theft So can vigorously promote the privacy list to solve the problem of online shopping personal information disclosure? The analysis shows that "it has effect, but its effect is limited". For the protection of personal information, the "privacy list" will not let users rest assured. Insiders revealed that many information leaks were caused by the theft of internal employees of express companies. Even if a confidentiality agreement is signed, it can not prevent individuals from taking risks for their interests. Beiqing Daily reporter learned that last year, Hebei Handan police cracked a case of illegal theft of personal information. The reason was that an express company in Handan monitored that its employee number was abnormal and called the police after logging in. The police found that after a job number called Yongnian logged in in a different place, he queried more than 8000 pieces of information, and the police quickly found the courier. The employee said that two young people came to his store to rent his job number, check the process of moving parts, and use them for Taobao to brush bills. If they rent them, they will give him 500 yuan a day. Finally, the police informed that the criminals knew how to use the job number to obtain data because they had worked in the express company, so they came up with this way to steal citizens' personal information from the express company system. The person then packages the stolen citizen information and sells it to his online, and then the online directly sells it to overseas fraud gangs. In this case, the data directly retrieved from the background also lost the ability to "protect" the privacy list. The leakage of express personal information is not only the responsibility of the express company, but also the problem of data leakage may occur in businesses or platforms. If the platform fails to fulfill its obligation of information protection, it will face punishment Insiders said that in order to keep the "privacy list" watertight, the express industry needs to protect users' personal privacy, prevent the leakage of data in the database, and make efforts in personnel management, security system and technology. The personal information protection law has been officially implemented since November 1. The law stipulates that no organization or individual shall illegally collect, use, process or transmit other people's personal information, and shall not illegally buy, sell, provide or disclose other people's personal information. At the same time, the law stipulates that personal information processors shall take measures to ensure that personal information processing activities comply with the provisions of laws and administrative laws and regulations, and prevent unauthorized access, disclosure, tampering and loss of personal information according to the processing purpose, processing mode, types of personal information, impact on personal rights and interests, possible security risks, etc. Measures include but are not limited to: formulating internal management system and operating procedures; Implement classified management of personal information; Take corresponding security technical measures such as encryption and de identification; Reasonably determine the operation authority of personal information processing, and regularly carry out safety education and training for employees; Formulate and organize the implementation of emergency plans for personal information security incidents, etc. In addition, the law also defines the penalties: if the processing of personal information fails to fulfill the obligations of personal information protection stipulated in this law, the department performing the duties of personal information protection shall order it to make corrections, give a warning and confiscate the illegal income. If the circumstances are serious, the department performing the duty of personal information protection at or above the provincial level shall order it to make corrections, confiscate the illegal income, and impose a fine of not more than 50 million yuan or not more than 5% of the turnover of the previous year, and may order it to suspend relevant business or suspend business for rectification, notify the relevant competent department to revoke relevant business license or business license; The persons directly in charge and other persons directly responsible shall be fined not less than 100000 yuan but not more than 1 million yuan, and may decide to prohibit them from serving as directors, supervisors, senior managers and persons in charge of personal information protection of relevant enterprises within a certain period of time. (outlook new era)
Edit:Yuanqi Tang Responsible editor:Xiao Yu
Source:
Special statement: if the pictures and texts reproduced or quoted on this site infringe your legitimate rights and interests, please contact this site, and this site will correct and delete them in time. For copyright issues and website cooperation, please contact through outlook new era email:lwxsd@liaowanghn.com