三是征信机构产品信息的真实性管理侧重银行信用信息、疏于非银行信用信息。首先，征信产品银行信用信息真实性管理不断加强。根据中国人民银行征信中心对2014年全国性银行贷款、贷记卡、准贷记卡等三类业务个人征信数据质量考评的情况，各季度数据完整性、及时性、准确性都在99. 58%以上。中国人民银行征信中心通过其分中心登记的涉及全国性银行个人征信异议申请5465笔，回复率和解决率分别为99. 91%和98. 83 % 。但是，少数信贷类信息的真实性管理还需要加强。其次，征信产品非银行信用信息真实性管理工作还有待加强。在日常工作中，有信息主体反映，信用报告中的婚姻、学历、住址等非银行基本信息与真实情况不符。由此可见，信用信息真实性管理应当成为信息安全管理的重要组成部分。
Source: credit magazine
Author introduction: Wang Jinyun (1966-), male, Fujian Zhouning, economic division, the main research direction for credit management theory and practice.
Abstract: in recent years, as one falls, another rises the leak of personal information constantly stimulate public opinion and the public’s nerves, but also triggered a public opinion and the public attention to the protection of personal information. Information security is the lifeline of credit investigation. This paper analyzes the present situation and the dilemma of the information security in the broad sense, and puts forward some ideas and suggestions on strengthening the security management of credit information.
Generally speaking, credit information refers to the information collection and processing of credit information and credit information products; its security is only on the risk of information disclosure in terms of prevention and control. In a broad sense, credit information not only refers to the credit institutions acquisition processing of information, but also refers to the acquisition of the antecedents of consumption in the hands of the specific businesses related to personal identity information and credit management based on local government and public credit information collection. At the same time, its security is not only the risk of information leakage, safety management, control management, maintenance and management of the authenticity of the bad tendency of negligence and covers non disclosure risk information itself and the public credit information. This paper refers to the credit information is broad, so the information security is also discussed in the broad sense of credit information security.
First, the current situation of credit information security analysis
First, the initial source of credit information disclosure risk issues highlighted. In the specific consumption activities, people’s social and economic life will not leave personal information in many fields. For example, the purchase of commercial housing, cars, insurance or apply for credit, as the purchaser of the consumer will be left behind in the merchant to prove the identity of the effective identity documents and other information. And these are left personal information has become one of the initial sources of credit agencies to collect information. In 2013 800 thousand an insurance policy information was leaked, a courier company millions of customer information has been leaked and other events showed that part of the collection and use of personal information on the personal information protection work mechanism is not subjective importance, feasible measures have not been taken objectively, causing many ghost desperate, wanton disclosure of personal information, form the sale of personal information of gray industrial chain. Whether it is from the general sense or broad sense of security point of view, the disclosure of credit information disclosure risk prevention is undoubtedly the most important of its security management.
Two credit agencies to collect information from the processing of the product is relatively controllable risk disclosure. But tightening credit information disclosure risk management of the security management of the string is also very necessary. The central government departments at all levels in the implementation of the relevant duties are controlled by the identity of the object of management and related information, the formation of fragmented, fragmented information database. From the perspective of the central bank, as an active promoter of the financial credit information database operators and social credit system construction, the central bank enjoys a high social reputation and credibility. Credit inquiry service query mechanism based on personal information protection obligations, if the work appeared slack and lead to the occurrence of leaks, so not only have to face the risk should bear the legal responsibility, but also will seriously damage the reputation and credibility of the central bank. Personal information leakage warning personal information protection work should be paid enough attention to the query service of the inquiry institutions, to prevent the disclosure of personal information.
The three is the authenticity of the credit information management institutions focus on bank credit information, ignoring non bank credit information. First, the credibility of credit products bank credit information management continues to strengthen. According to the people’s Bank of credit information center Chinese on 2014 national bank loans, credit cards, quasi credit cards and other three categories of personal credit business data quality evaluation, the quarterly data integrity, timeliness, accuracy is above 99.58%. The people’s Bank of China credit center through the registration center of the National Bank of individuals involved in the application of personal credit objection 5465 pen, reply rate and resolution were 99.91% and 98.83%, respectively. However, the authenticity of a small number of credit information management needs to be strengthened. Secondly, the authenticity of credit products non bank credit information management needs to be strengthened. In daily work, the main body of information reflected in the credit report of marriage, education, address and other non bank basic information does not match the true situation. Thus, the authenticity of credit information management should become an important component of information security management.
Four is caused by human negligence prevention and control of bad information management needs to be strengthened. There are many reasons for the emergence of bad information. For example, the main body of information because of the occurrence of overdue knowledge and the existence of overdue facts do not know, resulting in the formation of bad information. Usually do not pay attention to the personal credit report Zhang because of the need for housing loans and personal credit report. The report shows that Zhang has not been used after the activation of 4 credit cards were different degrees of overdue, are not paid the annual fee of credit card. Zhang said the 4 credit cards should be his banking friends please, and for the completion of banking business, has not been informed of the annual fee, and the fee for banks did not produce overdue reminder, due to the bad information fee for 2 years. Such cases are not in the minority. Whether it is the subject of information regularly focus on personal credit report, or information submitted to the agency submitted in bad information before the timely inform, as long as to the duty of care itself can avoid bad credit information. This shows that the neglect of the relevant aspects of the prevention and control of adverse information needs to be strengthened.
Two, the new situation of credit information security dilemma
First, the relevant laws and regulations are not perfect, weakened credit information security management. The collection of relevant information by the credit rating agencies and through the processing of the formation of credit products – credit report inquiries and use of the credit industry management regulations made a clear provision. To protect the specific consumer’s personal information, consumer protection law although the provisions of personal information of consumers enjoy the right to be protected, but the lack of information on how to protect these Provisions operability. Public credit information database of local government credit management based on, does not apply to Credit Management Ordinance, because the collection department information database is not in accordance with the provisions of the People’s Republic of China company law and Regulations credit management conditions set up, does not belong to the credit agency credit Management Ordinance refers to. The local government to establish a public credit information database is based on the basic rules of local governments, the legal level is low, coupled with the country credit regulations authorized the establishment of the database management and the management in different ways, the scope of information collection and information on the subject, information collecting and providers, use, supervision department rights and obligations are not clear, can not effectively protect the legitimate rights and interests of enterprises and individuals.
Two is the local government departments to manage the name of the infringement of the real, to the information security management challenges. In June 12, 2016 the State Council issued the on the establishment of perfect and trustworthy incentives and promises disciplinary system with combined guidance to accelerate the construction of social honesty requirements, strengthen credit information disclosure and sharing, according to the law application of Credit Incentive and restraint means, construction of the government and society are involved in cross regional, cross sectoral, cross domain joint and trustworthy incentives and promises Joint Disciplinary mechanism. Joint Disciplinary dishonesty in the current is not only a consensus, but also an action. But the good faith invasion of personal information privacy is easy to be ignored. In the process of the implementation of the Joint Disciplinary System of dishonesty, there is a case of good faith infringement of personal information protection in the name of management without the consent of personal information. This is mainly manifested in: on the one hand, the relevant government departments to inspect the management of the credit of the target in the name, not the subject of the information requirements to query personal credit report management object; on the other hand the query mechanism difficult to refuse the relevant government departments according to local government documents proper requirements, otherwise it is not involved in the Joint Disciplinary dishonesty activities too.
Three is the lack of implementation of the provisions of the criminal law, leading to the fight against illegal and criminal activities of the deterrent effect is not obvious. The amendment to the criminal law of the People’s Republic of China (nine) provides for the violation of the criminal law and the sentencing standards for the infringement of the personal information of citizens. The point of view, although China has the disclosure of personal information behavior punishment, but on how to define the personal information of citizens, which belongs to the category of serious crime, could not reach standard plot serious circumstances by other means to punish a series of legal gaps are still waiting to be added. Thus, in the fight against violations of personal information of citizens in criminal activities, the application of criminal law can not be smooth enough to display their fists.
Three, credit information security management is not in place to bring the negative impact
The specific consumption remains in the hands of the business activities of personal information for safety management is not in place and often leaks, people prone to such questions: why information leak banned? The reason is that government’s crackdown is not enough, not enough to deter offenders. The credit bureaus credit products for information security management is not in place due to illegal inquiries, people are also prone to such questions: why illegal inquiries banned? The reason is the credit industry management department and not without penalty, or check, check or a mere formality. The credit bureaus credit products for information security management is not in place due to information distortion, people are prone to such a question: why not correct information distortion? The reason is the acquisition and processing of credit institutions management ability. In a word, the credit information security management is not in place the negative impact, the public is worried about the personal information security, information security management capabilities of the relevant government departments lack of confidence.
Four, to further strengthen the credit information security management ideas and suggestions
First, establish a sound system of laws and regulations, strengthen credit information security management system based. On the one hand, on the basis of the law on the protection of consumer rights and interests and Regulations on the administration of credit information industry, the relevant provisions of the personal information security management are further improved from the operational details. For example, access to personal information in the specific consumer businesses in the retention, storage and use of safety management and confidentiality obligations and responsibilities, not punishment responsibility and obligation to make specific and operational requirements, to facilitate supervision departments to carry out supervision and inspection work of supervision department; not regulatory responsibility in the personal information security management supervision asked the responsibility to make provisions, facilitate administrative supervision and discipline inspection and supervision or procuratorial organs to carry out the accountability for regulatory authorities. On the other hand, the development of local public credit information database management regulations at the national level, unified and standardized throughout the public credit information database, use, protection and other aspects of the responsibility, obligation, clear regulatory authorities and responsibilities.
Two is to strengthen the credit system data quality, credit information security management to provide technical support. In the transmission of credit information, the use of high intensity encryption protection measures to promote the use of key tools, unified security and confidentiality technology, standardized anti-virus software, etc.. In the authenticity of the credit information security management, information reporting institutions should improve relevant policies and procedures, clear delay, omission, misstatement and other relevant data quality operation responsibility system, improve and implement information objection handling procedures, to ensure the quality of data submitted by the system specification and implementation. In the prevention and control of adverse information tendency, on the one hand the information subject to develop good care consciousness and habit of credit records, credit reports in a timely manner to master their credit status; on the other hand, the data submitted to the agency must conscientiously fulfill the Credit Management Ordinance on bad information before the reporting obligation to inform, to remind the information subject to prevent the formation of undesirable credit record.
Three is the local government departments to thoroughly understand the policy, according to the law consciously query the use of credit information, providing support for the credit departments of information security management. In June 14, 2014 the State Council issued the social credit system construction plan (2014-2020) in to accelerate the construction of government credit proposed to strengthen the integrity of the civil service management and education, requires the establishment of civil servants credit archives, according to the law of civil servants personal matters will report, the results of the annual appraisal records, and related violations of breach of contract etc. credit information into the file, the integrity of the civil service record as an important basis for the cadre examination, appointment and punishment. Regulations on the administration of credit information industry stipulates that the personal information of a credit investigation institution shall be subject to the written consent of the principal and the use of the information. Except where the law may be made without permission. Credit reporting agencies shall not provide personal information in violation of the provisions of the preceding paragraph. The premise of the civil service integrity management is according to law. According to the local government departments to submit law without consent provisions requires access to personal credit information, the management of the Civil Service Department advised the government to obtain information on the subject to the written authorization of the query. Civil servants at the beginning of the year to sign a one-year authorize the management department to check the personal credit information and information use in the integrity of the civil service management query authorization, the following year to be authorized, convenient management departments to review credit status management object in need timely access to personal credit information. This will not only solve the problem of the management department in the absence of alerted to be the object of the application of the query is not sufficient, but also to solve the problem of inquiry institutions to review the application materials and compliance issues.
Four is to adhere to the principle of appropriate separation of services and supervision, and strive to safeguard the interests of personal information. Based on the collection, query and use of credit information, as well as the protection of the rights of the main body of the information, it is necessary for the credit reporting agencies to make conscious efforts, but also to protect the rights of the information subject. From the application of credit management regulations of the financial credit information database perspective, according to the main body of information query mechanism of improper act or omission of the rights complaint activities, the people’s Bank branch China should adhere to the service and supervision of the appropriate separation principle, the Legal Affairs Office for the designated complaints Department, supervision department of inquiry service guarantee, personal credit report information subject rights complaint activities carried out smoothly, avoid administrative litigation. Never apply local public credit information database of credit management regulations point of view, we should insist on the principle of separation of service and supervision, the establishment of the database and the database operation Department supervision departments are independent of each other, fundamentally do perform their duties according to the operation, in accordance with regulations, regulatory responsibility, rights, effective information security.
Five is to strengthen the criminal law to combat violations of personal information of citizens of the legal basis for criminal acts. According to the People’s Republic of China criminal law amendment (nine) the relevant provisions of the infringement of citizens’ personal information crime, how to define the personal information of citizens, which belongs to the category of serious crime, could not reach standard plot serious circumstances by other means to punish a series of legal gaps, the highest law related the judicial interpretation, through the infringement of citizens’ personal information of illegal crime punishment of the last mile channel.
The author of the article has set up the need to be able to leave a message
WeChat sweep attention to the public number
- CARDIOL KITTDENTAL