By ZHAO YINAN (
China Daily)
07:35, February 01, 2013
Companies, institutions instructed to delete information after use
Banks and telecom companies have to delete customer information after use as the first code of conduct for personal data protection comes into effect.
The code, not legally binding, came into force on Friday. It sets out rules and guidelines for companies to follow when they process personal data.
It allows companies to collect private data only for a specific and reasonable purpose. A key element of the code states categorically that the purpose cannot be altered or amended during the process.
Data can only be collected on the basis that the subject of the information has been informed, and it must be deleted as soon as possible after use.
The code also requires companies to follow what is called the minimal principle. This means companies can only collect data that is sufficient for the specific purpose. No fishing for information is permitted.
Huang Zihe, an information technology specialist, said it is potentially dangerous for some websites to ask for personal information, such as addresses and cell phone numbers.
"That goes against the minimal principle and poses a data security threat," he said.
Companies must set up an internal protection system, in which management procedure and the person responsible for information protection is clearly stated.
Gao Chiyang, deputy director of China Software Testing Center, an institute affiliated with the Ministry of Industry and Information Technology, said 80 percent of personal information leaks take place from the inside. Employees working for companies holding a large amount of personal information can easily access data.
Liu Tao, from China Software Testing Center, who helped draft the code, conceded that the code is not compulsory.
Individuals cannot file lawsuits on the basis of the code if their data is compromised.
In December 2011, about 40 million passwords at leading social networks were leaked. Another 6 million were exposed almost simultaneously on csdn.net, one of the country's biggest networks for software developers.
A report on the procedures followed by websites when processing passwords, conducted by Peking University last year, found only eight out of the 100 websites polled had used sufficient security measures.
Fifty-nine websites used no security measures during data transmission, and passwords were fully exposed in the network and the server.
Gong Xiaorui, a professor involved in the research, said 85 websites illegally obtained passwords. "This is very risky, especially when many netizens are accustomed to use the same passwords on different accounts," he said.
Taobao.com, an e-commerce website criticized for transmitting user data uncoded, has upgraded its system and all passwords are decoded before being recorded and transmitted, media officer Ma Ying said.
A survey of 2,500 people last year found that 60 percent of respondents said their personal information had been illegally obtained by others. Hu Gang, a salesman in Tianjin who travels to South China at least once a month, said he is concerned that his information encoded in the train ticket may be easily exposed.
Scanning the two-dimensional code on the ticket reveals the ticket owner's key data, including the identity card number. "But on the other hand, I don't really mind if the ticket website takes down my information and searching preference. It saves me a lot of time, especially if I am in a rush with an urgent task. But it should keep information only with my consent," he said.
Police arrested 1,152 suspects for allegedly disclosing and illegally dealing in personal information, the Ministry of Public Security said on Jan 18.
Police have broken up hundreds of groups that engaged in telecom scams, kidnapping, blackmail and other crimes after illegally obtaining personal information, the ministry said.
Crimes involving the illegal sale and purchase of personal data have increased rapidly in recent years.
Criminals collude with insiders working for telecom and financial firms to illegally obtain and trade personal data on the Internet.
Employees working for telecom companies, financial institutions, schools and hospitals face up to three years in prison if they illegally provide personal information to others.
We recommend:
Wind power now No.3 energy resource 3rd Qatar Int'l Auto Show kicks off China caps first 3G nuclear plantNew Zealand moves to restore trust Mobile apps chip away at SMS Airbus has big hopes for big plane Email|
Print|
Comments(Editor:王金雪、陈丽丹)
Increases the bookmark
twitterfacebookSina MicroblogdiggGoogleDeliciousbuzzfriendfeedLinkedindiigoredditstumbleuponQzoneQQ MicroblogRelated Reading
1,152 suspects arrested for trading personal dataGang sold 200 million bits of personal dataPersonal data crimes set to be definedHackers find direct line to info12 detained or punished over fabricating massive leak of online personal dataExperts say enhanced safety needed to protect personal data onlineWebsite sued for selling individuals' financial, personal dataDisclosure of personal data a trend getting out of controlGoogle's illegal collection of personal data in Austria deleted Google privacy violation causes concern in Hong Kong, Macao Hot NewsWorld hopes China to show its leadershipSyria's economy lost billions of dollars throughout crisisThey defend dignity of help recipients How should we act in the face of the haze? Ministry of Health takes sample test of NZ dairy productsDongfeng, Volvo set up joint venture in China Skyfall and 007's flamboyant gadgetsInscription hints at Buddhist treasures
