"It is suggested to set up a national 'data bank' as soon as possible, give priority to the collection and storage of unique and non renewable data such as personal biometrics and medical health data, provide data application on demand, conduct strict audit, and ensure that data use and query are open to individuals." At the two sessions of this year, Tan Jianfeng, member of the CPPCC National Committee and honorary president of Shanghai Information Security Industry Association, wrote in the proposal on upgrading the data security management mode and strengthening the control of key data. Tan Jianfeng, member of the CPPCC National Committee With the obvious acceleration of digital technology innovation and iteration, data has become a basic strategic resource and key production factor, but it also brings some new challenges in data governance and data security. Tan Jianfeng said that at present, China's data security legislative system has been gradually improved, but there are still deficiencies in the construction of basic data security system for specific fields, such as biometric data control and medical and health data management. He said that personal biometric data (face, fingerprint, DNA, etc.) is unique and non renewable. It is widely used for identity recognition and authentication. Once stolen, it cannot be recovered and changed, which brings great and irreversible risks to personal privacy protection. "After a large number of national personal medical files and health files are gathered, they can be used to analyze the labor situation, economy and development trend of relevant industries in the country. Once obtained by hostile forces, they may bring unpredictable harm to national security and industrial economic development." Tan Jianfeng wrote in the proposal. He introduced that three types of biometric data management modes have been formed internationally: first, the state has made clear and unified control. Representative countries such as Russia, Germany, Britain, India, etc. The second is to jointly control with the help of mutual identity recognition. In order to promote the mutual recognition of digital identity among countries, biometric data will be added to the digital identity information, and the database will be built by countries alone or jointly built by many countries. Third, implement fuzzy control. That is, although there is no clear relevant data management legislation at the national level, it actually restricts the collection and storage of enterprises, which is typical in the European Union and the United States. "China's new biometric data are mainly mastered by enterprises at this stage." Tan Jianfeng said that if these data are not collected and stored centrally, the value of data elements will be limited; The use of data is difficult to control, and indiscriminate exploitation and abuse coexist with data monopoly; Data security is difficult to guarantee; It is difficult to enforce the law on data security, and it is common to see the phenomenon of multi head management and inadequate management. In this regard, Tan Jianfeng suggested refining relevant laws and regulations, clarifying data ownership from point to area, and improving the operability of data security law enforcement. It is clear that the gathered biometric data are public goods and managed with reference to "important data". Reaching a certain amount should also be regarded as core data. At the same time, a national "data bank" will be established as soon as possible, which will be under the unified control of a special institution established by the state, so as to ensure the security of key data and national security to the greatest extent. The national "data bank" gives priority to the collection and storage of unique and non renewable data such as personal biometrics and medical and health data, provides data application on demand, and strictly audits to ensure that data use and query are open to individuals. In addition, he also suggested that we should promote the development of security technology, consolidate the foundation of the security industry, and enhance the ability of data governance and the level of data supervision. Accelerate the construction of digital identity infrastructure and solve the core technical problems related to identity authentication and governance in digital space around identity identification and trust. (Xinhua News Agency)