In today's information age, privacy on the Internet is becoming more and more important. Is it better to trade privacy for convenience or spend money to protect privacy?

1. Internet Survival Guide: What methods are used to strengthen the protection of personal information?

• Do not fill in personal private information when registering content online: the number of users and the amount of user information in the Internet age are already related to the profit of the enterprise, and the enterprise hopes to obtain as much user information as possible. However, many companies have deficiencies in their data protection work. For most ordinary users, they cannot interfere with the data security protection measures taken by companies. They can only start with protecting personal information security and expose themselves as little as possible. user information.
• Try to stay away from interactive activities involving social platforms: Many social platforms require or need to fill in personal information, and this kind of behavior of participating in platform activities actually obtains a large amount of user information. If you go to an event that has no substantive significance, it is recommended not to participate if you can not participate.
• Regularly install or update virus protection software: Whether it is a computer or a smart phone, it has become a high-incidence area for information leakage. Users often face the situation that personal account information is hacked by criminals after accidentally clicking a link or downloading a file. Antivirus software for virus protection and virus scanning has become a necessary means for equipment use.
• Do not connect to unknown WiFi accounts in public places: There are some free WiFi in public places for users to connect to, and some are specially set up for people’s convenience. Perhaps, once connected to the phishing WiFi set up by criminals, the electronic equipment used by the user will be easily anti-scanned, and if the user enters account password and other information during use, it will be obtained by the other party. This point reminds the majority of users not to connect to free WiFi in public places to prevent the leakage of personal information.
• Be wary of mobile phone scam text messages and phone calls: Now it is not uncommon to use text messages to defraud mobile phone users of information. This reminds users that they need to pay special attention to the possibility that criminals may conduct property fraud through mobile phones. When faced with information such as mobile phone account abnormalities, bank account abnormalities, and banking system upgrades in mobile phone text messages, it may be fraudulent information sent by scammers using fake base stations. If you encounter such a text message, ignore it, or contact the official staff, ask the specific situation, and verify the authenticity.
• Properly handle documents involving personal information: the more common documents involving personal information are courier orders, which usually contain personal information such as mobile phone numbers and addresses, and some consumption receipts also contain part of the name, bank card number, and consumption records. Improper handling of these documents will also cause problems such as leakage of personal information. Therefore, it is necessary to properly dispose of the documents that have been discarded in a timely manner.

 What are the personal information protection measures?

In order to effectively protect the security of personal information in the fast-moving network, you need to understand the following points.

• First of all, at the national level, in today's era of rapid Internet development, it is necessary to strengthen the protection of network information. We should call on the relevant state departments to improve laws and regulations as soon as possible, and require network supervision departments to effectively assume their regulatory responsibilities, and law enforcement departments should strictly enforce the law and punish cybercrimes.
• Personally speaking, netizens should learn to protect themselves. The most basic thing is to use it in a safe network environment, use a personal computer and install a firewall. Don't use public networks and Internet cafes with weak security lightly.
• Secondly, personal information must be treated with prudence, and important private information should not be easily stored on the Internet. The openness of the network may lead to the flow of information to anyone, and the harm is self-evident.
• In addition, do not leave any information that can be reversed searched on any social networking site blog, the smaller the amount of information, the less likely it is to be fleshed out.
• Browsing traces can also be used to deduce personal privacy, so the cookie information and historical records collected by the browser should be cleared frequently. Agreements that require storage of personal information on various websites or software should be taken seriously, and fragmentary information can also betray a person.
• Finally, while using the network, learn and understand the dissemination principles of network information, and improve the comprehensive ability to protect your own network information.

In our real life, at present, many people may be very disgusted with some personal information leakage issues. They mainly think that there is no way to solve these personal information leakages. In fact, this is not the case. The other party's tort liability can be pursued through civil litigation.

Nine situations where personal information is easily leaked

1. Various online documents leak personal information: the logistics list on the express package contains the name, phone number, address and other information of the online shopper, except that the netizen inadvertently throws away the express list after receiving the goods, resulting in information leakage, and the courier may also betray the recipient information; after the real-name system is implemented on the train ticket, the name of the ticket buyer, ID card and other information are printed on the ticket. Many netizens will discard the train ticket after taking the train. Instruments to steal personal information in the ticket; on the paper statement of credit card shopping, the name, bank card number, consumption records and other information are recorded, and random discarding will also cause the leakage of private information.
2. Inadvertently "betraying" friends or being "betrayed" by friends in online chat interactions: Although netizens use nicknames on Weibo, it is not ruled out that they call each other by their first names in comment interactions, which inadvertently leaks personal real information. For example, some information such as name, title, unit, etc. appear in Qzone or write a log or post a photo, or in a friend's comment or forwarding.
3. The social platform QQ mailbox inadvertently "sells" oneself: Nowadays, there are so many online social platforms, however, in various forums and social networks, you need to fill in your personal information to chat and interact. For example, many netizens will use QQ mailbox as the preferred registered mailbox, and it often appears in the reply posts of major forums and communities. Usually the QQ mailbox directly displays the QQ number, and criminals can then obtain personal information from QQ data, space and other channels.
4. All kinds of online shopping, virtual communities, and social network accounts are perilous: While e-commerce platforms bring convenience to people’s shopping, there are also risks. Online shopping needs to register some account information such as forums, communities, Weibo or QQ, which will more or less leak personal information. Therefore, instead of filling in your real information on the Internet, you can write some fixed information and use it online to expose your true identity to a minimum.
5. Street "questionnaires", promotions, lottery activities: On the street, people sometimes encounter merchants inviting them to participate in "questionnaires", shopping lottery activities or applying for free mailing materials, membership card activities, they generally require passers-by to fill in the details Contact information and home address, etc., but it's easy to send your own information to someone's door!
6. Online resumes inadvertently reveal their true identities: Most people find jobs today by submitting resumes online, and the personal information in the resumes is readily available, and these contents may be resold by illegal elements at a very low price. Therefore, under normal circumstances, do not fill in your specific information in too much detail in your resume, such as home address, ID number, etc.
7. Registration and copying information are vulnerable to theft: registration for various exams, participation in online school classes, etc., often require registration of personal information. Even some typing shops and photocopying shops take advantage of their convenience and keep customer information on file, and then resell it.
8. Misuse of photocopies of ID cards: ID cards are required to open a bank account, access the Internet with a mobile phone, even apply for a membership card, and redeem points in supermarkets. When providing a copy, it must be clearly stated that "it is only for the use of a certain unit, and it is invalid for other uses." In addition, attention should be paid to the copying process, and redundant copies must be destroyed.
9. Online "personalized services" are also easy to leak privacy: many personalized services require personal information. Taking LBS (location-based services) as an example, many merchants cooperate with social networking sites to determine the user's location through wireless networks, so as to push products or Serve. What's even more frightening is that users are "monitored" in real time, which opens the door to fraud, kidnapping and extortion.

 2. How should the relationship between personal information protection and the development of the digital economy be balanced?

The long-term development of the digital economy requires a balance between information protection and rational use

Good information protection is the prerequisite for data sharing. A series of information leaks and other chaotic phenomena in recent years are constantly testing consumers' confidence in digital platforms and the digital economy. The implementation of the "Personal Information Protection Law" demonstrates the country's emphasis and determination on information protection from the legal level. Its strict protection of personal information will help people regain confidence in digital platforms and will not be overly worried about data being stolen. Reasonable use at the expense of the convenience of using digital platforms can also objectively ensure the normal circulation of data and promote the healthy development of the digital economy.

The implementation of the "Personal Information Protection Law" can restrict the behavior of data users. From a static point of view, it protects personal information. From a dynamic and practical point of view, it is not only a protective law, but also a tool for platform supervision. It regulates the disorderly development of the platform, promotes the development of the platform in compliance, and thus protects the digital economy. overall healthy development.

Reasonable use and exploration of the value of data is the key to further exerting the advantages of the digital economy. The advantage of the digital economy is to mine market demand from big data, thereby guiding the production planning of products and services, promoting the balance of market supply and demand, while meeting differentiated needs, dynamically solving the time lag problem of supply and demand imbalance, improving market efficiency, and realizing The premise of these is the discovery of data value. It can be said that data is the foundation of the superstructure of the digital economy. The depth of data mining and utilization and the degree of connection with other industries determine the extent to which the advantages of the digital economy can be exerted.

There is a mutually reinforcing relationship between information protection and reasonableness. Information protection is the prerequisite for reasonable use, and reasonable use is the ultimate goal of information protection. Only by doing a good job in information protection can data owners be willing to authorize other subjects to use the data, so as to achieve the goal of rational use of data and further promote the development of the digital economy.

Promoting the development of the digital economy by striking a balance

The realization of the balance between information protection and reasonable use comes from the following points.

• First, there is the boundary of the data. What kind of data should be protected under what circumstances and how it is used should be clearly defined. The "Personal Information Protection Law" clearly defines some once-fuzzy data boundary issues, such as the definition of "personal sensitive information" and "face information".
• Secondly, it is the subject of information protection and reasonable use, as well as the definition of the subject of supervision. The first law of Coase in the field of economics points out that the clear definition of property rights is conducive to the realization of market efficiency in the field of public goods. Data itself has certain public goods attributes, and its information protection, utilization, and supervision require clearer rights and responsibilities. The "Personal Information Protection Law" clearly requires personal information processors that provide important Internet platform services, a large number of users, and complex business types to regularly publish social responsibility reports on personal information protection and accept social supervision.
• At the same time, the basis for achieving balance is actually the balance of rights and interests, which is the balance of rights and interests of consumers, producers and the whole society. The digital economy is a big cake. While making the cake bigger, it must be divided well. This involves the protection and balance of rights and interests among the various subjects of society. The "Personal Information Protection Law" has noticed the data owners who are at a disadvantage in the digital economy, and clearly requires that the processing of personal information infringes the rights and interests of personal information and causes damage. If the personal information processor cannot prove that he is not at fault, he should bear the tort liability such as damages. Through a series of reasonable ways to realize the protection of individual tendencies, so as to achieve the balance of interests between the individual and the platform.

 Bring fundamental changes to the digital economy industry

For a long time, automated decision-making has been associated with big data familiarization, and consumer groups often attribute the differential treatment of platforms to digital analysis decisions, but in fact automated decision-making can be reasonably used. The "Personal Information Protection Law" requires that personal information processors who use personal information to make automated decisions should ensure the transparency of the decision-making and the fairness and justice of the results, and must not implement unreasonable differential treatment for individuals in terms of transaction prices and other transaction conditions. This is actually a "rectification" of legitimate and reasonable automated decision-making.

After achieving a balance between information protection and rational use, how to maintain this balance requires a clearer and scientific definition of powers and responsibilities. The "gatekeeper" system is a good approach. Article 58 of the "Personal Information Protection Law" puts forward requirements for fulfilling obligations for personal information processors who provide important Internet platform services, have a large number of users, and have complex business types. The platform is required to establish platform rules, and to stop providing services to product or service providers on the platform that seriously violate laws and administrative regulations to process personal information, which gives the platform certain "powers". From the perspective of information economics, endowing the platform with certain regulatory rights and allowing it to play the role of "gatekeeper" can better improve the data management system.

Finally, the platform should proactively meet the Personal Information Protection Law. This is a law that expands the pie of the digital economy and benefits multiple economic entities. The platform should limit itself in a timely manner according to the rules, change its business thinking and direction, and avoid system costs caused by the promulgation of new regulations.

To balance the development of the digital economy and the protection of personal information, we must first start with the law, and at the same time publicize it from the society. Only a combination of the two can balance the protection of the digital economy and personal information. 

First of all, let’s talk about this matter from a macro perspective. If there is no law to rely on, once the digital economy and personal information leakage and crimes occur, it will bring trouble to solve the problem, and there is no legal basis. It will cause many criminals to take advantage of legal loopholes. In the end, many victims lost money in vain, so in order to ensure a balanced work. First of all, it is necessary to improve the law, and at the same time introduce relatively complete laws and regulations, and provide necessary legal support for future emergencies.

As the saying goes, there is no rule without rules. If a country does not have laws to rely on, I think the basic social operation cannot be maintained. It is necessary to protect the society through laws. The protection of everyone's rights is based on fair and just laws. A new job that can be carried out. Balancing the development of the digital economy and the protection of personal information will not only affect China's economic development in the next 5 to 10 years, but also affect the lives of every Chinese. Therefore, only by determining the legal status can we prepare for the next step of work.

Secondly, we need to strengthen ideological propaganda in the society, because the speed of technological change is very fast now, and people's ideas are sometimes relatively backward, but we can only continue to strengthen ideological propaganda and encourage people to try new things. It will be of great benefit to come down and carry out work.

With the further development of Internet technology and the transformation of the Internet world, I think the digital economy and personal information will become inseparable, but the digital economy has a very good protective effect on personal information, and it can be effectively guaranteed from this source. Citizen information security will not lead to loss of money due to information leakage, and will not bring opportunities for criminals.

 3. How do Internet companies handle data privacy?

In the era of big data, companies attach great importance to the collection of user data. User data comes from many sources, including mobile devices, computers, and more. There are also many ways for companies to collect user data, including websites, video devices, and mobile phone applications. In the future, users will no longer ask "how much information do you know about me" around the company's collection of personal data, but "what can you do for me with the existing data information". If companies make good use of these data, they will gain the trust and loyalty of users. So, how do businesses use users' personal data?

Provide employees with effective tools : Although a company contains various departments, it is a corporate brand for users, and each employee and department represents the entire enterprise. With effective information tools, companies can automatically transfer the collected personal data of users to the computers of employees who need the data. This brings convenience to both employees and users, avoiding embarrassment, and conducting dialogues objectively and efficiently. The company's adoption of portable platforms has also made it possible for designers to communicate with store associates without the need for call centers with headsets.

Let the user know the user data you already know, and then deepen the communication : When the customer comes to a store that he frequents frequently, the clerk remembers the customer's name, and also asks a few questions about the customer's last purchased product, the customer will feel She is very good at managing the relationship with customers. At this time, she doesn't have to list all the information about the customer, and the customer will feel very comfortable. Even customers don't mull over details to see if they're true, and the art of conveying just the right amount of information through private conversation is masterly mastered.

Big companies will win the trust of users if they do this. When communicating with users, there may be a large amount of user data in front of them, but only by quoting some necessary information can it be done just right. For example, Amazon's Barbara started with the user's name and the problem she was trying to solve, quickly disintegrating the user's instinct to arm themselves. "Can something be delivered to my house?" the user asked directly citing relevant facts. "Of course." Barbara readily agreed. Regarding the choice of express delivery method, the user did not ask whether Barbara has her specific home address at all, but the facts are in front of her eyes.

Don't control users from above : Understanding the buying habits of pregnant users is a very troublesome thing. But good Internet companies have that insight and can use it to conduct nuanced investigations. Excellent companies will not bother these users and their parents, but extract valuable user data in random and various surveys to provide customized services for pregnant customers.

Making user data transparent and using the collected results more appropriately is the direction of the joint efforts of major companies. The most fundamental thing is to give control to users, provide users with more and better choices, and let users know how their data information is used. At present, the competition among brand companies is mainly carried out around building the loyalty of the relationship between users and companies, which is the most reliable way to win the market in the era of big data. Companies using smart data can not only provide better services to users, but also reduce the fixed costs of market research in the traditional sense. Good big data support doesn't require expanding the workforce or even hiring a new employee.

Bingdata helps gather massive amounts of data collected by multiple platforms, and provides enterprises with integrated marketing services such as intelligent data analysis, operation optimization, delivery decision-making, precision marketing, and competitive product analysis through the analysis and prediction capabilities of big data technology.

• Strictly abide by laws and regulations, and continuously improve the security of platforms and products: abide by the "Network Security Law of the People's Republic of China", "Data Security Law of the People's Republic of China", "Three Levels of Network Security Level Protection System" and other security-related laws, regulations and systems, and According to relevant regulations, continue to improve product application security, network security, and system security construction. At the same time, the company internally formulates security systems such as information security management, network security emergency system, office network environment security, and software security development, and requires strict internal implementation to ensure that products are in the life cycle of design, development, testing, deployment, and operation. , are in line with the requirements of safe production.
• Regularly carry out equal protection evaluations, organize security drills and security training: invite third-party security agencies to regularly conduct three-level evaluations of the company's platform and products Conduct security compliance checks on terminals, applications, etc., and conduct penetration tests and system scan tests on the product's operating environment. After the evaluation, according to the evaluation report, all-round security reinforcement will be carried out on the platform and products. At the same time, the company's internal security department will also increase security services such as code scanning and testing through unified assessment, and conduct internal assessment supplements. In addition to regular evaluations, security drills will also be organized under the guidance of the third level of the network security level protection system. The activities are strictly implemented according to the requirements of the plan, covering the drill form, drill purpose, drill scene, drill process, guarantee object, guarantee scope, guarantee demand, guarantee purpose, etc. During the drill, the company recorded the drill information in detail, and evaluated the platform's monitoring and alarming, fault location, command, and disposal capabilities. According to the evaluation results, the company continuously optimizes the safety emergency system and implementation requirements, and improves the team's safety emergency response capabilities. At the same time, the company will cooperate with customers' relevant security inspection activities (such as: network protection activities) every year to conduct security protection inspections on the company's platform and products, and make corresponding corrections to the problems found.
• Perfect data security and privacy protection mechanism: At present, everyone has clear demands on data security and privacy protection, and the industry has also paid attention to it and taken corresponding measures. One is to determine that the scope of personal data collected is in line with the requirements of the privacy policy; the other is to clarify the use, purpose, processing, transfer, and sharing of personal data; the third is to require that the APP SDK and permission application have corresponding functions, and do not apply for the APP Unused permissions and SDK; the fourth is to establish a personal data rights application channel and the company's internal response process mechanism; the last is to formulate a data deletion process plan.

• Identify the privacy information of assets: through continuous identification of laws and regulations, business conditions, data conditions, business environment, ecological cooperation and security risks, for example: asset management records through the CMDB platform, including product hardware resources and software resources.
• Clarify management norms: clearly define organizational data privacy responsibilities, give privacy commitments through senior management, implement relevant systems and processes through the data and privacy interface mechanism, and maintain smooth communication channels within the organization; integrate data security and privacy protection laws and regulations, and build a four-point management system. A multi-level system and document system is used to retain evidence of execution records for management compliance; through risk assessment, risks are identified in a timely manner, and organizational risk tolerance and risk preferences are defined, while being reasonably connected with the enterprise's risk management framework. Implement the operation and management responsibilities of data security, implement data security strategy operation, monitoring and early warning, emergency response and account secret control. Provide the upper-level policy basis for the implementation of various measures of the internal control module through the data privacy supervision and review process, and continuously monitor the main links such as abnormal data reception, data subject rights response, and environmental factor changes.
• Network security protection: identity management, access control, and general security control that integrate traditional network security and information security; in terms of data security, security control measures are built separately from the production environment and office environment of the enterprise, and the production environment is based on the data security life of DSMM. Control points are built periodically, and corresponding security control measures are implemented in the office environment according to the actual situation; in terms of privacy protection, the most important thing is to embed privacy based on default and design into the product development process of the enterprise. For example, APP strictly restricts the development of application permissions and SDK needs to have corresponding functions, and is designed in accordance with the latest privacy policy requirements to achieve the purpose of privacy protection.
• External communication: Regulatory agencies should maintain two-way smooth communication, conduct appropriate approvals for cross-border transmissions, fulfill notification obligations for data leakage, regularly disclose privacy reports to regulators, and enhance corporate responsibility. On the customer side, according to the latest privacy policy requirements, improve privacy notices, notifications, complaints and communication channels, do a good job in customer consent management and subject rights response management, and improve customer experience. On the supplier side, they should implement due diligence, define the responsibilities of both parties, perform regular audits, maintain the effectiveness of the data event emergency response linkage mechanism, manage SDK and API-related assets, and maintain good communication. In terms of employees, responsibilities should be clarified, and management of entry and exit, training and publicity, reward and punishment management, communication management, and agreement management should be done well.
• Internal control: evaluate, inspect, verify, and audit the operation effect of the management system, obtain external agency recognition and professional qualification certification, and continuously improve through continuous preventive measures and corrective actions. The internal control module should be effectively integrated and connected with the network security or information security management system, for example, external agency approval and professional qualification certification such as three-level evaluation of the network security level protection system.

 4. How to strengthen education and awareness of personal privacy?

Create a shared understanding of privacy: In my opinion, privacy varies across cultures and generations. For example, people from different cultures have their own ideas about what can be made public and what should be kept private. This is confirmed by just looking at what is considered sensitive personal information in different jurisdictions around the world. Now, consider the different backgrounds and ages of the members of the organization. Each team member has an opinion about what personal information is safe to share and with whom.

However, within an organization, there needs to be a shared understanding of the concept of privacy and how to protect personal information. By asking employees to think about privacy on their own terms, the personal information of your customers, employees and other stakeholders will not be collected, processed or protected in a consistent manner, putting the organization at risk. After all, stakeholders and regulators hold organizations accountable for the correct handling of information.

Privacy awareness training can provide a public privacy definition and framework for handling personal information. Training establishes an organization's value on personal information protection, what commitment it makes to customers, and how appropriate behavior supports the organization's goals and objectives.

Reduce human error: Humans make mistakes. However, sometimes when people try to do the "right thing", they commit behaviors called "intentional mistakes" that differ from organizational expectations. When determining the root cause of an intentional error, it is not uncommon to hear that the person involved was not aware of policies or procedures in place to properly protect personal information.

Raising employees' awareness of appropriate policies and procedures through privacy awareness training can encourage them to handle personal data properly. What's more, even if employees don't remember specific policies and procedures, team members will be curious to find the right one, or they may ask a colleague for help.

Consider privacy concerns upfront: When creating a new application or process, it is important to gather all requirements early in the development process. The later in the development cycle new requirements are introduced, the more expensive it is to resolve them.

Ideally, when an application or process is discussed, someone from the privacy team should be involved in the discussion. Utilizing a framework such as Privacy by Design will ensure this happens. If there is no such framework, someone on the development team needs to remember to invite a privacy representative, or the team needs to independently undertake the development of privacy requirements.

Privacy awareness training can also provide teams developing new applications or processes with a basis for recognizing when personal information may be used outside accepted organizational norms. This in itself may lead teams to adjust their use of personal information or seek help from privacy experts.

Improve communication with customers: Whether your customers are consumers or businesses, I believe you collect a lot of personal information from them. Depending on the amount and type of personal information collected, your customers may ask you why you need so much data.

Familiarizing an organization with the concept of data minimization, privacy awareness training can provide employees with guidance on when personal information is collected. By reducing the information you're collecting to what's really needed to complete the transaction or process, your communications with customers can be perceived as less intrusive.

Additionally, privacy awareness training encourages your team members to communicate with customers with greater respect for their privacy. Well-trained team members become more sensitive about what to ask and how to ask. They also become more aware of why the requested information is needed.

Expand the eyes and ears of the privacy office: Privacy professionals are often a scarce resource in most organizations. When you consider the number of initiatives an organization is taking, compliance review requirements, and the need to address stakeholder inquiries, the workload of the Privacy Office can quickly outpace the capacity of the Privacy Office staff. Privacy awareness training can help ease some of the workload.

Privacy-conscious organizations can rely on employees to resolve some privacy concerns independently. Additionally, employees are trained to have enough privacy awareness and self-awareness to raise their hand to involve the Privacy Office when things don't look right.

Consider a brainstorming session to discuss a new plan. Most likely no privacy experts were involved. As privacy awareness spreads, the privacy awareness team will be able to identify potential privacy risks as each idea is considered. This brainstorming group can then have meaningful, concise conversations with your privacy team about risk mitigation ideas they wish to advance.

Changing the Conversation: The ultimate goal of privacy awareness training is to change the conversation. Turning them from something where privacy is an afterthought to something where privacy is a key consideration. Privacy awareness training will shift the discussion from "wouldn't it be nice if we..." to how customers might react to new uses of personal information.

C-suite conversations can also change if privacy awareness training is undertaken. I recently worked with a leadership team that met regularly to discuss privacy issues. The organization then decided to invest in privacy training for headquarters employees, including members of management. While the training campaign was underway, leadership accelerated the schedule, meeting weekly to discuss privacy issues.

After the training, the Privacy Officer attempted to reduce the frequency of meetings to the pre-training schedule. Opposed by colleagues to keep the meeting at the new, increased frequency.

Why? These are the conversations that drive business today: How can we make more informed decisions about which customers want which products without invading their privacy and compromising our relationships with them? That's what Privacy Awareness offers.

---

Alright, this is the end of what Xiao Yalan shared today, and I will continue to share this kind of little knowledge in the future! ! !