The hottest draft of the network security law intr

  • Detail

The draft of the network security law introduces the right of deletion and the system of notification of data leakage

an important bill in the field of network security in China - the network security law (Draft) is about to end the public consultation process. The draft introduces the deletion right and data disclosure notification system

the network security law is expected to deeply ensure the security of personal information

in a few days, the network security law (Draft) (hereinafter referred to as the draft) is about to end the public consultation process. As an important act in the field of network security in China, many people regard its release as a milestone. Article 68 in Chapter 7 covers the safety of network equipment and facilities, network operation safety, network data safety, network information safety and other aspects, with unprecedented strength and scope

it is particularly noteworthy that the relevant content of citizens' personal information protection has been emphasized in the draft, and personal information security is expected to obtain more powerful legal protection

due to the disclosure of personal information, new product options and solutions have been provided to customers in the medical industry for a year, with a loss of more than 80billion yuan.

the public's attention to personal information security stems from painful lessons

in March 2014, many multimedia exposed Ctrip's credit card leak door. The vulnerability reporting platform Wuyun announced that Ctrip opened the service interface used to process user payment, such as methyl methacrylate graft, and enabled the debugging function, so that all data packets transmitted to the bank to verify the cardholder interface are directly saved in the local server. But at the same time, because the server that saves the payment log has not made a more strict baseline security configuration, there are loopholes, resulting in all the debugging information in the payment process can be read by hackers at will

the information that may be stolen includes the cardholder's name, ID number, bank card number, bank card CVV code, etc. the harm can be imagined, which makes many users worried

a similar situation also occurred in December last year. Information leakage occurred in 12306 station of China Railway Customer Service Center, and a large number of user data were transmitted on the Internet, including user account, plaintext password, ID number, e-mail, etc. As early as a few years ago, the media revealed that many hotel room opening records were leaked. The famous 3Q war has aroused Chinese people's attention to personal information security

some data also confirm this concern. On July 22, at the China civil rights and Interests Protection Forum held in Beijing, the 12321 network bad and spam information reporting and Acceptance Center of the China Internet Association released the investigation report on the protection of Chinese civil rights and interests (2015) (hereinafter referred to as the report). The report shows that in terms of rights and interests cognition, people generally believe that privacy is the most important right in the network, followed by the right to choose and the right to know. In the past year, the total loss caused by personal information leakage, spam, fraud and other phenomena has been about 80.5 billion yuan

in addition, the report also pointed out that the scope of personal information leaked by the public is also very wide. 78.2% of the people's personal identity information has been leaked, including the people's name, education background, home address, ID number and work unit; 63.4% of the people's personal activity information has been leaked, including call records, purchase records, station browsing traces, IP addresses, software usage traces and geographical locations

82.3% of the people said they personally felt the impact of personal information disclosure on their daily lives

there are so many things like harassment, spam messages and spam that happen almost every day. Li Yuxiao, Dean of the International School of Beijing University of Posts and telecommunications, said that people often have to endure the trouble of obtaining evidence and safeguarding their rights

in Li Yuxiao's view, there are many reasons for the serious problem of personal information disclosure. For example, some institutions and enterprises have a wide range of personal information collection, and once it is leaked, the situation will be more serious. In addition, network service providers also have problems in the technology of personal information protection. If the system fails to achieve strong protection ability, there will be leakage problems. Moreover, users also lack self-protection awareness, pay insufficient attention to the universality of Internet communication information, and lack protection awareness when applying for some services, leaving some personal information has become a future problem

for the illegal and criminal acts of disclosing personal information, Li Yuxiao believes that the punishment is not enough, and the relevant legislation and management are not perfect. Although there have also been cases of being punished for violating the criminal law by selling personal information, on the whole, the intensity of the crackdown is still relatively weak. Li Yuxiao said that this caused some people to take risks to obtain rich returns. China's Internet development is so fast that legislation must keep up

the rapid development of the Internet is in urgent need of special laws

in recent years, the legislation in the field of network security in various countries has also shown a trend of centralized outbreak. Liu duo, vice president of the China Academy of information and communications, said that the form can be roughly divided into unified legislation and decentralized legislation

although some countries do not have unified network security laws, they have national network security strategies, such as South Korea and the United Kingdom. Liu duo said that the U.S. Congress has also been trying to enact a network security law for many years, and has introduced a number of relevant bills. The basic law on network security issued by Japan in November 2014 is a typical representative of unifying gbt239 (1) 990 legislation on changing experimental methods of metal wire. The network and information security directive (Draft) issued by the European Union is also a unified legislation in the field of network security

from the perspective of legislative content, in addition to continuing to make legal amendments to conventional options such as improving the level of network security technology, improving security standards, and strengthening security education, countries also made special legislation on network monitoring and counter-terrorism, key information infrastructure protection, data retention and other related issues, showing a legislative thinking of both attack and defense as a whole. Liu duo said

she told that China has always attached importance to the legislation of network safety. For example, the provisions on cyber crime have been added to the amendment to the criminal law. At present, the two legal documents with higher levels in the Internet field, the decision of the Standing Committee of the National People's Congress on maintaining cyber security issued in 2000 and the decision of the Standing Committee of the National People's Congress on strengthening cyber information protection issued in 2012, are also aimed at cyber security. In addition, the Ministry of industry and information technology and the Ministry of public security have also issued some departmental regulations for communication network protection and Internet security

however, on the whole, these legislative levels are low and cannot adapt to the severe situation of the performance testing network safety of horizontal tensile testing machines in the world and the development trend of increasing attention to network safety in China. Liu duo said

Yin Libo, chief engineer of the Institute of Electronic Science and technology information of the Ministry of industry and information technology, believes that scattered provisions and poor operability are also a drawback of existing laws and regulations. Many of them are scattered in various articles and are not systematic enough. In addition, she also pointed out that the provisions on management departments, network operation departments and other subjects are not clear enough, and once problems occur, it is easy to shirk each other

the interviewed experts pointed out that nowadays, infrastructure in many traditional fields has achieved informatization. If the network risk is out of control, the consequences will be unimaginable

therefore, we still need a unified legislation that coordinates all parties, plays a leading role, and has a higher level to systematically and comprehensively regulate network security. Liu duo said

the introduction of deletion rights and data disclosure notification system in the draft is a highlight

on July 6, the National People's Congress of China announced the full text of the draft, and this highly anticipated bill was finally brought to the public

there are many highlights. Liu duo said that, for example, the draft proposed to safeguard the sovereignty of cyberspace as one of the legislative purposes; Introduce the concept of critical information infrastructure, and formulate a set of institutional systems for the protection of critical information infrastructure; Monitoring, early warning and emergency disposal are also taken as important contents of maintaining network security, and special chapters are stipulated

the draft stipulates the relevant contents of personal information protection, which Liu duo believes is also one of the highlights of the draft

according to her introduction, this aspect includes requiring network operators to establish and improve user information protection system; Require the network operators to collect and use personal information in accordance with the principles of legality, legitimacy and necessity, the principle of clear purpose, the principle of informed consent, etc; At the same time, it also stipulates the principles of security and confidentiality for the collected information and the disclosure report system

in addition, Liu duo said that the draft also introduced the right of deletion and correction system, stipulating that no individual or organization shall steal or obtain citizens' personal information in other illegal ways, and shall not sell or illegally provide citizens' personal information to others; At the same time, it also requires the departments responsible for the supervision and management of network security according to law to strictly keep confidential the personal information, privacy and business secrets of citizens known in the performance of their duties, and not to disclose, sell or illegally provide them to others

for the right of deletion, the draft stipulates that citizens who find that the network operator collects and uses his personal information in violation of laws, administrative regulations or the agreement of both parties have the right to require the network operator to delete his personal information; If it is found that the personal information collected and stored by the network operator is incorrect, it has the right to require the network operator to correct it

in terms of penalties, the draft also clearly stipulates that if citizens' personal information is not protected according to law, network operators can be fined up to 500000 yuan, and even face the punishment of suspension of business for rectification, closure of stations, revocation of relevant business licenses or revocation of business licenses

there has been no such legislation to ensure the security of personal information. Li Yuxiao believes that this network security law clarifies the laws of network operators, key information infrastructure operators, network products, service providers and other relevant subjects, and has clear punishment regulations, which is a great progress

the draft stipulates that when information leakage, damage or loss occurs or may occur, remedial measures should be taken immediately, users who may be affected should be informed, and the relevant competent departments should be reported in accordance with the provisions. According to zhouhanhua, a researcher at the Institute of law of the Chinese Academy of Social Sciences, this is also a powerful punishment. Notification will incur high costs, and leakage will also have a great impact on the reputation of the enterprise, which forces the enterprise to improve its information protection ability to ensure that there will be no leakage of users' personal information

in Zhou Hanhua's view, the emphasis on personal information protection in the draft will improve the current widespread problem of personal information disclosure. However, he said that in the future, a special personal information protection law should be formulated to make the law play a better role

several interviewed experts also expect that the introduction of the network security law is only the first step, and a complete set of network security legal system should be gradually established in the future. Internet affects everyone's life. Only sound laws can make everyone feel safe in the virtual world. Yin Libo said that now, it is just a beginning

Copyright © 2011 JIN SHI