Enterprises must establish standard procedures to deal with the risk of leakage

release time:2022/7/2

The database information of university student learning software "superstar learning link" was suspected to be publicly sold recently. Among them, the leaked data includes more than 170 million pieces of information such as school, organization name, name, mobile phone number, student number, gender and email. It is understood that the company is associated with thousands of legal proceedings, most of which are disputes over infringement of the network communication right of works' information, copyright ownership, infringement disputes, involving companies including HowNet, Peking University Press, China Social Sciences Press, copyright agencies, media companies, etc.
In this regard, the official Weibo of Xuetong said in a statement that the company received the feedback of "suspected user data leakage of Xuetong app" and immediately organized technical troubleshooting. So far, no clear evidence of user information leakage has been found. In view of the seriousness of the matter, the company has reported the case to the public security organ, which has been involved in the investigation.
This event triggered the discussion of enterprise data compliance management in the industry. Zhaoxin, a lawyer of Huiye law firm, told reporters that according to the provisions of the data security law, if the organization carrying out data processing activities fails to take corresponding technical measures and other necessary measures to ensure data security, resulting in serious consequences such as massive data leakage, it may be fined not less than 500000 yuan but not more than 2 million yuan, and may be ordered to suspend relevant businesses, suspend business for rectification, revoke relevant business licenses or revoke business licenses, The person in charge and other persons directly responsible shall be fined not less than 50000 yuan but not more than 200000 yuan. If the data involves personal information and the circumstances are serious, the department performing the responsibility of personal information protection at or above the provincial level can also impose a fine of less than 50 million yuan or less than 5% of the turnover of the previous year in accordance with the personal information protection law.
Enterprises must improve the ability of information protection, otherwise they will pay a high cost. Zhao Xin said that the "network security law" clarifies the punishment measures for violations of citizens' personal information. If network operators, network product or service providers and key information infrastructure operators fail to protect citizens' personal information according to law, they will not only be fined, but also face the punishment of suspension of business for rectification, closure of websites, revocation of relevant business licenses or revocation of business licenses, which objectively increases the cost of information security incidents in relevant operating units. When information leakage, damage or loss occurs or may occur, the relevant operating units shall immediately take remedial measures, inform the users that may be affected, and report to the relevant competent departments in accordance with the regulations.
In the opinion of Ma CE, founding partner of Zhejiang Kenting law firm, once a data leak occurs, just calling the police and responding to public opinion cannot quickly solve the problem, and enterprises should have clear self-help standard steps. It includes informing the data protection officer at the first time, checking the server log to determine who has permission and actually accesses the data when the data is leaked, and whether it is really necessary to temporarily close the relevant access permissions, etc. At the same time, in addition to taking remedial measures within the enterprise, the enterprise should also consider that if the data is published on the public Internet website after the data leakage, it should immediately delete or prevent the dissemination by sending a notice to the platform and other means as soon as possible.

Copyright Taishan Chuanggu Group All Rights Reserved

Tel: +86-538-5073088

Email: taishanchuanggu@163.com


Address: Tai’an city, Shandong province,China, 271000.

+86-538-5073088
taishanchuanggu@163.com