Latest News:  

English>>Business

Customers get data protection

By ZHAO YINAN (China Daily)

07:35, February 01, 2013

Companies, institutions instructed to delete information after use

Banks and telecom companies have to delete customer information after use as the first code of conduct for personal data protection comes into effect.

The code, not legally binding, came into force on Friday. It sets out rules and guidelines for companies to follow when they process personal data.

It allows companies to collect private data only for a specific and reasonable purpose. A key element of the code states categorically that the purpose cannot be altered or amended during the process.

Data can only be collected on the basis that the subject of the information has been informed, and it must be deleted as soon as possible after use.

The code also requires companies to follow what is called the minimal principle. This means companies can only collect data that is sufficient for the specific purpose. No fishing for information is permitted.

Huang Zihe, an information technology specialist, said it is potentially dangerous for some websites to ask for personal information, such as addresses and cell phone numbers.

"That goes against the minimal principle and poses a data security threat," he said.

Companies must set up an internal protection system, in which management procedure and the person responsible for information protection is clearly stated.

Gao Chiyang, deputy director of China Software Testing Center, an institute affiliated with the Ministry of Industry and Information Technology, said 80 percent of personal information leaks take place from the inside. Employees working for companies holding a large amount of personal information can easily access data.

Liu Tao, from China Software Testing Center, who helped draft the code, conceded that the code is not compulsory.

Individuals cannot file lawsuits on the basis of the code if their data is compromised.

In December 2011, about 40 million passwords at leading social networks were leaked. Another 6 million were exposed almost simultaneously on csdn.net, one of the country's biggest networks for software developers.

A report on the procedures followed by websites when processing passwords, conducted by Peking University last year, found only eight out of the 100 websites polled had used sufficient security measures.

Fifty-nine websites used no security measures during data transmission, and passwords were fully exposed in the network and the server.

Gong Xiaorui, a professor involved in the research, said 85 websites illegally obtained passwords. "This is very risky, especially when many netizens are accustomed to use the same passwords on different accounts," he said.

Taobao.com, an e-commerce website criticized for transmitting user data uncoded, has upgraded its system and all passwords are decoded before being recorded and transmitted, media officer Ma Ying said.

A survey of 2,500 people last year found that 60 percent of respondents said their personal information had been illegally obtained by others. Hu Gang, a salesman in Tianjin who travels to South China at least once a month, said he is concerned that his information encoded in the train ticket may be easily exposed.

Scanning the two-dimensional code on the ticket reveals the ticket owner's key data, including the identity card number. "But on the other hand, I don't really mind if the ticket website takes down my information and searching preference. It saves me a lot of time, especially if I am in a rush with an urgent task. But it should keep information only with my consent," he said.

Police arrested 1,152 suspects for allegedly disclosing and illegally dealing in personal information, the Ministry of Public Security said on Jan 18.

Police have broken up hundreds of groups that engaged in telecom scams, kidnapping, blackmail and other crimes after illegally obtaining personal information, the ministry said.

Crimes involving the illegal sale and purchase of personal data have increased rapidly in recent years.

Criminals collude with insiders working for telecom and financial firms to illegally obtain and trade personal data on the Internet.

Employees working for telecom companies, financial institutions, schools and hospitals face up to three years in prison if they illegally provide personal information to others.

We recommend:

Wind power now No.3 energy resource

3rd Qatar Int'l Auto Show kicks off

China caps first 3G nuclear plant

New Zealand moves to restore trust

Mobile apps chip away at SMS

Airbus has big hopes for big plane

Email|Print|Comments(Editor:王金雪、陈丽丹)

Leave your comment0 comments

  1. Name

  

Selections for you


  1. "Red Army" division conducts winter training

  2. Navy's shore-based missile regiment

  3. 3rd Qatar Int'l Auto Show kicks off

  4. So sleepy on way home

  5. Stay on duty in suffocating air

  6. Spring Festival travel rush continues

  7. Glittering show of snake inspired art

  8. Old photos of graceful Teresa Teng

  9. HK stocks up 0.71%, highest over 21 months

  10. Blackberry maker changes name

Most Popular

Opinions

  1. The Internet needs a safety net
  2. Pollution prompts concern
  3. System needed to help patients
  4. China's reliance on oil-gas imports growing
  5. China needs strategic balance in Asia-Pacific
  6. Frugal wining and dining
  7. More breathing space
  8. Why officialdom literature still sells
  9. "Sunny outlook" expected for Chinese economy
  10. Tackle challenges in farming sector

What’s happening in China

Mask style in Beijing

  1. No ticket home? Find a free ride
  2. Smog hinders holiday travel
  3. Homecoming interrogations trouble young Chinese
  4. Paralyzed patient given free medical care
  5. Lawmaker calls for caning to punish male criminals