Author 丨Bi Huazhang
Editor 丨 Wu Yanling
Figure Source 丨 Figure worm
The privacy non-compliance problems of various mobile apps have been notified by the relevant departments many times before, and now, securities companies that have always emphasized compliance development are also involved.
On April 25, according to xinhua news agency economic reference newspaper and other reports, the National Mobile Internet Application Security Management Center reported that 17 mobile apps were recently found to have privacy non-compliance behavior through Internet monitoring, violating the relevant provisions of the Cybersecurity Law and the Personal Information Protection Law, and suspected of collecting personal privacy information beyond the scope.
Among them, Western Securities, China Post Securities and other brokerage APP are listed.
17 apps are suspected of privacy non-compliance
In the financial industry, the compliance development of securities companies is particularly valued by the regulatory authorities, and it is unexpected that 17 mobile APPS of securities companies are not compliant at one time.
The 21st Century Business Herald reporter noted that the notice of the National Mobile Internet Application Safety Management Center listed information such as the name of the application, the version, the type of violation, and the name of the store. The 17 securities app covers Western Securities, eHaitong Cai, GF Yitao, China Post Securities, New Era Securities, Caitong Securities, China Galaxy Securities, etc.
According to economic reference newspapers and other reports, the specific violations of the above APP also have many aspects. Among them, the full privacy permissions that were not explicitly applied to the user were suspected of privacy non-compliance, involving 16 Apps; the functions of correcting and deleting personal information and canceling user accounts were not provided; or the user account cancellation was set unreasonable conditions, and the suspected privacy non-compliance involved 9 Apps; Western Securities (version 4.0.3, Huawei Application Market) violated the above two provisions respectively.
In addition, the failure to establish or publish personal information security complaints and reporting channels, or exceeding the promised time limit for handling replies, suspected privacy non-compliance, involved in one app is China Post Securities (version 7.1.2.0, Xiaomi App Store).
Other violations include the collection of personal information before the user's consent is obtained, suspected of privacy non-compliance, involving 1 app.
In response to the above situation, the 21st Century Business Herald reporter called the Western Securities Department, and the staff responded, "We have implemented the list of problems for the first time, attached great importance to it, and actively rectified it." ”
However, did the above violation originate from Western Securities or the app store? The person said that for the time being, the latest materials have not been obtained, and it depends on the final rectification situation; there are already relevant departments following up, and as for how long the rectification will take, it is not clear.
China Post Securities customer service said that the above-mentioned reported situation is not clear, and further understanding of the situation is needed.
Risk control compliance has invested more than 100 million yuan in 1 year
Different from the traditional PC operating environment, the number of investors using brokerage mobile apps has grown rapidly in recent years. At a time when the use of financial technology is becoming more and more diversified, the compliance risk control that comes with it also needs to be improved urgently.
Western Securities has disclosed that in 2020, the company will be equipped with qualified compliance management personnel in various business departments and branches, and optimize the compliance management structure and management mode of business units and branches by integrating existing business line resources.
It said, "It has established a compliance vertical management system with the compliance management department of the headquarters as the core and the compliance risk control manager of the business department and branches as the main body, continued to deepen the full coverage of compliance management, and has incorporated the compliance management of subsidiaries into the unified system of corporate compliance management." ”
According to the financial report, in 2020, the cumulative investment in the risk control and compliance management of Western Securities was 115 million yuan, and the internal control system established has comprehensively covered various departments, various business links, as well as authorization management, job responsibilities, information feedback, supervision and inspection, reward and punishment assessment and responsibility pursuit. At the same time, during the reporting period, the company's (consolidated caliber) information technology investment was 249 million yuan.
In addition, China Post Securities also has strength in mobile APP.
By the end of 2020, China Post Securities had a total of 857 employees. Among them, there are 32 information technology personnel, accounting for 3.7%. The company's brokerage headquarters, together with the information technology department, carried out 21 iterative upgrades of mobile apps during the year.
China Post Securities said that the focus of the iterative upgrade includes the update and upgrading of business processing, the addition of intelligent information recommendations, the introduction of high-quality third-party information, and the addition of more than 30 intelligent components. At the same time, the original functions were optimized, the customer experience was improved, and the "Best Investment Advisory Service APP" was obtained from the list of securities companies' APP.
Organizational Structure of China Post Securities Source: China Post Securities official website
Lawyer: Consumers can ask the broker to correct or defend their rights
For the above situation, how should the securities institution rectify? How to improve and strengthen customer privacy protection and compliance? How should consumers prevent this?
Zhao Liangshan, a senior partner at Shaanxi Hengda Law Firm and a well-known public interest lawyer, told the 21st Century Business Herald that according to Article 2 of the Personal Information Protection Law, "the personal information of natural persons is protected by law, and no organization or individual may infringe on the personal information rights and interests of natural persons." ", the information of individual citizens is protected by law, and if other units and individuals infringe, they will bear civil tort liability.
He believes that securities institutions should establish and publish personal information security complaints, reporting channels and timely handling and reply mechanisms, and should establish effective functions for correcting and deleting personal information and canceling user accounts. At the same time, strengthen the awareness of internal employees on the protection of personal information, and formulate a sound internal control mechanism.
In order to improve and strengthen the privacy protection and compliance of customers, Zhao Liangshan suggested that before securities institutions collect personal information, they should obtain the consent and public notification of individuals, especially for the collection of personal sensitive information and personal privacy information, they should obtain explicit authorization from individuals.
At the same time, after obtaining personal information, personal information should be encrypted and no third party should be disclosed. For the transmission of personal information, securities institutions should formulate a sound management system, and only allow personal information to be maintained with securities services and information service providers through specific means, such as exchanges, banks, etc. "The application and approval process for the transmission of personal information should be clarified, and the recipient of personal information, the content of the transmission, and the transmission period should be clarified."
For consumers, he suggested that consumers should improve their awareness of personal information protection, fill in personal information, and try not to fill in non-essential information.
"For personal information security complaints and reporting channels set up by securities firm institutions, as well as unreasonable user account cancellation conditions, consumers should promptly report to securities companies, or reflect to the CSRC, and require securities firms to correct them in a timely manner." He said that when consumers' personal information is infringed by brokerage institutions, they should take up legal weapons as soon as possible to protect their rights.
This issue is edited by Wang Tingting Intern Huang Jingshan