Personal information leaks are common, and APP has become the hardest hit area!

I have also been harassed by scam calls recently.

With the development of the Internet, the problem of excessive or illegal use of the Internet to obtain and abuse personal information has become more and more serious in recent years.

Personal information leaks are common, and APPs have become the hardest hit area

In the list of "Top Ten Consumer Rights Protection Public Opinion Hotspots in 2018" jointly released by the China Consumers Association and the People's Daily Online Public Opinion Data Center, "Lack of personal information protection" ranked second, which shows that the public attaches great importance to and dislikes the leakage of personal information.

Currently, personal information leakage is mainly divided into the following three situations: excessive collection of personal information, unauthorized disclosure or sharing of personal information to third parties, and illegal trading of personal information. The severity of the three situations increases in sequence. .

With the popularity of APPs in recent years, mobile APPs have become the hardest hit area for personal information leakage. The situation of excessive collection of personal information through APPs and then selling it is very serious.

According to the "my country's Internet Network Security Situation in the First Half of 2019" released by the National Internet Emergency Center, 5 million APPs collect an average of 20 items of personal information and device information, and the top 1,000 APPs apply for an average of 25 Among them, the number of apps that have applied for permission to make phone calls unrelated to business accounts for more than 30, and a large number of apps have abnormal behaviors such as detecting other apps or reading and writing user device files.

The "App Personal Information Leakage Survey Report" released by the China Consumers Association in August last year showed that 85.2% of the respondents had encountered personal information leakage, and among the main ways of personal information leakage, 62.2% were Collected without my consent, 61 are intentionally leaked and sold, and 57.4 are system vulnerabilities.

After the information of these people was leaked, the proportions of receiving harassing sales calls or text messages, fraudulent calls, and spam were 86.5, 75.0, and 63.4 respectively. The author is also deeply affected by it. Recently, I have received a harassing sales call almost every day, which is very annoying!

It can be said that there is a general trend of excessive collection of personal information by mobile apps, especially mobile communication and location information. And for many apps, you have to let them obtain this information, otherwise you won't be able to install them. This causes many people to never read or occasionally look at the application permissions, user agreement or privacy policy when installing an APP, and even if they look at the agreement, most people only take a brief look at it.

It can be said that the serious leakage of personal information in mobile apps is related to people’s weak security awareness, but more importantly, the laws are not perfect, supervision is not in place, and punishments are not strict or even there are no punitive measures at all. It does not pay attention to the security of users' personal data.

Leakage incidents occur frequently, and companies ignore data security

As a result, many public companies, especially large Internet companies, that hold massive amounts of citizens’ personal information have become the hardest hit areas for leaks of citizens’ personal information.

In enterprises, the information security department often becomes a marginal department because it has only input but no output. The boss is unwilling to increase investment. He thinks that as long as nothing happens, it will be fine, but in reality it often backfires.

In recent years, more and more companies have experienced personal information leaks. According to data released by Risk Based Security, more than 3,800 data breaches have been discovered in 2019, an increase of 54% compared with the same period last year.

In addition to the increasing number of data breaches, the amount of data leaked is also increasing, and the amount of crime involved is increasing.

In December 2014, a document containing 1.3 million pieces of personal information including names, genders, mobile phone numbers, landline numbers, ID numbers, home addresses, postal codes, schools, majors applied for, etc. of postgraduate entrance examination students was released. It was sold for 15,000 yuan.

In the major domestic data leakage cases in 2018, 1 billion pieces of user personal information data from YTO in 2014 were sold for 1 Bitcoin; 300 million pieces of user personal information data from SF Express were sold, The price is 2 Bitcoins; 240 million pieces of customer room booking data of multiple hotel chains under Huazhu, involving 130 million people, are sold. The data is priced at 8 Bitcoins, which is approximately RMB 350,000.

It can be seen that social networking, express delivery, hotel and other companies that hold a large amount of personal privacy data have limited investment in data security. When job salaries are low, they cannot recruit high-level programmers and marginalize information. If the security department works like a monk for a day, the protection of the database will be reduced to paper, and it will become a place where criminals can come and go at will. Therefore, it only takes a few hundred yuan to buy tens of thousands of private information such as the name, phone number, address, and number of food orders of takeaway users in the "last three days."

Once a data breach occurs in an enterprise, the losses will be huge. According to the latest survey report released by IBM Security and Ponemon Institute, the average cost of each data breach in 2018 was US$3.86 million, and large-scale data breaches bring huge losses. More than 1 million pieces of data leaked are expected to cause 42 million A loss of over 50 million dollars would result in a loss of $388 million.

In 2018, Facebook was fined $5 billion by the United States because of the leakage and improper use of 87 million user data, becoming the largest fine issued by the U.S. government to a technology company.

As various countries gradually enact relevant laws on personal information protection, companies that do not pay attention to personal data protection and cause major data leaks in the future will face huge fines like Facebook. For domestic companies like YTO and SF Express, the day when the "Sword of Damocles" hangs over their heads is coming.

The "Personal Information Protection Law" is included in the legislative plan

The issue of personal information data leakage has been the focus of domestic legal circles, business circles, and even ordinary people in recent years. Therefore, individuals The formulation of the Information Protection Law has always affected the nerves of all parties.

Since the European Union launched the General Data Protection Regulation three years ago, domestic calls for personal information protection legislation have continued, and the introduction of the Chinese version of the General Data Protection Regulation is already expected!

Zang Tiewei, spokesperson of the Legal Affairs Committee, said at the first press conference on the 21st: The Personal Information Protection Law has been included in the legislative plan of the Standing Committee of the National People's Congress, and will be submitted to the Standing Committee in due course in accordance with the legislative work plan. will be reviewed.

On the 22nd, the draft of the personality rights section of the Civil Code was submitted to the Standing Committee of the National People's Congress for the third review. The third review draft included personal email addresses and whereabouts information that have the function of identifying specific natural persons into the scope of personal information. Personal information is protected by law.

It can be said that since the introduction and implementation of the EU’s General Data Protection Regulation three years ago, countries around the world have accelerated the formulation of relevant laws. So far, including Japan, Brazil and other countries, there are more than 50 countries around the world. or region has enacted personal information protection laws.

The United States, the world's largest economy, also acted quickly. The "Act to Clarify the Lawful Use of Overseas Data", known as the "Cloud Act", was introduced in March 2018, known as the most stringent privacy protection bill in the history of the United States. The California Consumer Privacy Act was passed three months after the Cloud Act and will officially take effect in 2020.

The enactment of China's "Personal Information Protection Law" can quickly bring our country's laws into line with international standards, which will not only benefit the business development and cooperation of domestic and foreign companies, but also help protect the privacy of our citizens.