The incident was caused by the termination of the contract between the talk show actor Chi Zi and Shanghai Xiaoguo Culture Media Co., Ltd.
Chizi wrote in his personal microblog that he found that Xiaoguo Culture had breached the contract, because the company was in arrears with many of the originally payable performance related remuneration, and the company did not give Chizi the details of the bill according to the contract. After he raised an objection, the company tried to stop all its work. Chizi repeatedly proposed to terminate the contract peacefully, but the company did not agree. Therefore, he could only propose arbitration, hoping that the company could pay off his remuneration. However, Shanghai Xiaoguo Culture Media Co., Ltd. also proposed arbitration, asking Chi Zi to compensate the company for more than 30 million yuan. “
Shanghai Xiaoguo Culture Media Co., Ltd. has obtained the flow of Chi Zi in the bank for nearly two years without obtaining his bank card, ID card and judicial investigation order. Chi Zi said that he found his personal account transaction details in the bank in the case materials sent to him by the company. This is really surprising.
In response, CITIC Bank replied: “This is to meet the requirements of key customers.”
Once the news flows out, it gets wide attention.
There is no doubt that, with the identity of the talk show actor and the popularity gained through the talk show conference, the leak of Ikzizi’s private data by the bank can quickly gain high attention, but the data security problems revealed by an accident have been hidden for a long time, behind which are more “silent” victims, those who are in the shadow outside the spotlight The group that stands at the tilted end of the tilt balance and suffers from data leakage has never been noticed.
Under the influence of public opinion, the CBRC subsequently intervened.
Bureau of Consumer Protection of CBRC: In March 2020, CITIC Bank provided the transaction details of personal bank accounts to a third party without the authorization of the customer, violating the principle of confidentiality for depositors.
Do the sales and service personnel you contact comply with data protection laws?
The transaction details of individual bank accounts are important personal privacy, and the law stipulates that banks cannot give the transaction details of individual accounts to a third party. This incident of CITIC Bank has touched on legal issues. Although the bank said that the bank flow was leaked by staff, it still cannot escape responsibility.
As there is a contractual relationship with the depositor, the bank should perform its obligations according to law and properly keep the personal information of the customer, such as the current account and the balance of the deposit.
If a bank staff member uses his/her position to privately provide the customer’s bank flow, although this situation does not belong to the bank’s initiative, but belongs to the staff’s illegal operation, the bank should fulfill the relevant management responsibility and be responsible for the staff’s illegal behavior. However, if the bank leaks the bank flow and fails to fulfill the obligation of personal information security, the bank’s behavior not only constitutes civil infringement, but also may be suspected of criminal offences.
Article 253 of the Criminal Law stipulates that anyone who, in violation of the relevant provisions of the State, sells or provides citizens’ personal information to others, if the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention and shall also, or shall only, be fined; If the circumstances are especially serious, he shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and shall also be fined.
Whether the bank intentionally divulges it or the employee intentionally divulges it by taking advantage of his/her position, it may be suspected of constituting the crime of infringing on citizens’ personal information.
At present, about 90 countries and regions around the world have formulated personal information protection laws, and China’s Data Security Law (Draft) has publicly solicited public opinions in July 2020. All companies and individuals will face the data protection law sooner or later, and regard compliance with the data protection law as a part of their daily life and work.
In the field of data protection and privacy, organizations and individuals have many easily overlooked places.
Some problems are easy to be ignored in practice, especially when we are busy. Other problems are less obvious. For example, many people do not know about multi-function devices. For example, there is a hard disk in the printer in the office. When the machine is abandoned, the data in the hard disk should be handled properly.
Some solutions can be easily embedded in daily processes, such as turning the computer screen and CCTV monitor at the front desk to prevent passers-by from seeing them.
There are also some solutions that need to be trained so that all employees can consciously play their roles. For example, employees need to know how to securely transmit confidential files, and regularly clean their mailboxes to delete personal data they no longer need.
In any case, only by recognizing the importance of operational compliance in data protection, having a sense of data security and mastering certain data protection methods can we better integrate into this big data era.