当保险从业者成为公民个人信息的"采购商"，法律的重锤终将落下。 近日，安徽省蚌埠市中级人民法院近日公布的一则刑事裁定书（（2025）皖03刑终156号） 显示，天安财险、国寿财险等机构的6名高管及业务负责人为拓展保险业务，购买公民个人 信息合计20余万条，犯下侵犯公民个人信息罪。 而信息泄露的源头，直指时任太平洋保险安徽省分公司电销负责人杨某丰，其利用职务之 便，将全省购车数据按地市分类打包，再通过前同事杨某贩卖给同业竞争者，每条标价0.7 至0.9元。 数据黑产的运作链条 "数据贩子"杨某（另案处理）曾是太平洋保险公司员工，2017年失业后与前同事杨某丰合 谋，利用后者掌握的安徽全省购车数据建立非法交易网络。 数据包含车主姓名、身份证号、手机号、车架号及保险到期日等敏感信息，按地市分类打包 出售，每条定价七至九毛钱，利润三七分成。 根据蚌埠市龙子湖区人民法院一审判决及蚌埠中院二审裁定披露，涉案六名被告人分别来自 天安财产保险股份有限公司安庆中心支公司、黄山中心支公司，中国人寿财产保险郎溪县支 公司，以及芜湖市清亿汽车服务公司、安徽潜成商务公司等机构。 2019年至2022年间，他们为提升保险销售业绩，通过中 ...

Core Viewpoint - The insurance industry is facing significant challenges regarding the protection of personal information, as recent incidents reveal that personal data is being illegally sold by insiders within insurance companies [1][2][3]. Group 1: Incident Overview - A recent criminal ruling disclosed that several employees from Tianan Property Insurance Company were involved in the illegal purchase and sale of personal information, leading to penalties for the offenders [2]. - The data sold included sensitive information such as vehicle identification numbers, ID numbers, phone numbers, names, addresses, and insurance expiration dates, highlighting the severity of the data breach [3]. Group 2: Regulatory Environment - The financial regulatory authorities are increasing scrutiny on personal information protection within the insurance sector, with new regulations set to be implemented by December 2024 [4]. - The principle of accountability for data management is emphasized, requiring insurance companies to clearly define responsibilities for data security across various business areas [4]. Group 3: Recommendations for Improvement - Insurance companies are advised to establish robust customer information security management systems in compliance with the Personal Information Protection Law, detailing responsibilities and operational norms for data handling [5]. - Collaboration among insurance companies, regulatory bodies, and law enforcement is essential to effectively protect consumer personal information and address violations [5][6].

Group 1 - The National Cybersecurity Incident Response Center announced the detection of 70 mobile applications that illegally collect and use personal information, including several financial applications such as "Wanda Puhui" and "Yantai Bank Citizen e-loan" [2] - Yantai Bank's WeChat mini-program "Yantai Bank Citizen e-loan" has several issues, including failure to process complaints and reports within the promised timeframe, lack of a mechanism for users to exercise their rights, and no provided means for users to withdraw consent for personal information collection [3] - In July, Yantai Bank was penalized with a warning and a fine of 3.192 million yuan for multiple violations, including breaches of financial statistics regulations and failure to fulfill customer identity verification obligations [3]

Core Viewpoint - The article discusses the new "Automotive Data Export Security Guidelines (2025 Edition)" proposed by the Ministry of Industry and Information Technology and other departments, aiming to establish a secure and efficient mechanism for the cross-border flow of automotive data while ensuring compliance with national laws and regulations [4][5]. Summary by Sections Introduction of the Issue - The guidelines are a response to the rapid development of the intelligent connected vehicle industry in China and the significant increase in automotive exports, which reached 5.859 million units in 2024, a year-on-year increase of 19.3% [5]. Analysis of the Main Content of the Guidelines - The new guidelines differ significantly from the previous "Automotive Data Security Management Provisions (Trial)" issued in 2021, providing clearer and more comprehensive guidance on data export paths, technical protection requirements, and compliance flexibility [7][8]. Key Changes in the Guidelines - The guidelines expand the definition of automotive data processors to include telecommunications operators, autonomous driving service providers, and platform operators, reflecting the evolving landscape of the automotive industry [8][9]. Data Export Behavior Regulations - The guidelines specify that data export behaviors include transmitting data collected within China to overseas entities and allowing foreign entities to access data stored domestically [9]. Data Export Path Regulations - Three main paths for data export are established: safety assessment declaration, standard contract signing, and personal information protection certification, with specific thresholds for each [9][10]. Important Data Definition - The guidelines introduce a three-dimensional framework for identifying important data, categorizing it based on business scenarios, data types, and judgment rules, addressing the long-standing challenge of identifying important data in the automotive sector [11][12]. Implementation Process for Data Export - The guidelines detail the implementation process for data export, including data identification, path determination, and safety assessment, requiring automotive data processors to comply with various legal obligations [14][15]. Safety Protection Requirements - The guidelines outline safety protection requirements for data export, including management, technical protection, logging, and emergency response measures to ensure data security during transmission [15]. Challenges and Opportunities for Automotive Enterprises - The guidelines present significant compliance challenges for automotive companies, including the complexity of identifying important data and the increased operational costs associated with compliance [17][18]. - Conversely, the guidelines also create structural development opportunities, allowing companies to leverage compliance as a competitive advantage and participate in international standard-setting [18][19].

转自：北京日报客户端 《百家云Android点播回放core sdk》（版本3.22.2，官网）、《爆笑P图表情包DIY》（版本4.1.0，小米 应用商店）、《北斗伴》（版本v1.47，360手机助手）、《才能网》（版本6.2.8.3，360手机助手）、 《蝉妈妈》（版本4.18.2，华为应用市场）、《宠日常》（版本V26.3.0，抖音应用中心）、《对庄翡 翠》（版本8.5.5，历趣市场）、《多多动画屋》（版本3.8.8.0_alipp，PP助手）、《好分数》（版本 V4.31.55，应用宝）、《驾路通》（版本v5.6.7，抖音应用中心）、《江海锦龙综合版》（版本 V9.00.91，百度手机助手）、《句读》（版本V5.0.7.1102，PP助手）、《开言英语》（版本8.2.9，应用 宝）、《论文翻译助手》（版本3.5.12，vivo应用商店）、《猫箱》（版本1.51.0，抖音应用中心）、 《妙趣P图》（版本3.2.1，小米应用商店）、《墨墨背单词》（版本V5.5.11（0839）RLC，PP助手）、 《木屋外卖》（微信小程序）、《拍读英语》（版本5.7.9，当下软件园）、《人人租》（版本3.16.3， 快手下 ...

Group 1 - The express delivery business in China has surpassed 1 trillion packages this year, raising concerns about the protection of personal information contained in these deliveries [1] - The Beijing Postal Administration has initiated a special inspection on privacy application in express delivery, urging companies to enhance the protection of users' personal information [1] - The Internet Information Office of Beijing will collaborate with the Postal Administration to conduct a special rectification on personal privacy protection in delivery scenarios [1] Group 2 - The concept of "privacy waybill" is introduced, which utilizes de-identification techniques to encrypt personal information such as names and contact details on delivery waybills [1] - Express companies, including SF Express, are implementing technical and management measures to improve user privacy protection, including the use of privacy waybills and virtual numbers [1] - SF Express has encrypted sensitive customer data in backend storage to ensure that even if data is illegally accessed, it cannot be viewed without the decryption key [1] Group 3 - The Internet Information Office is set to deepen the governance of illegal collection and use of personal information in offline consumption scenarios, conducting thorough inspections and rectifications [2] - Regular monitoring measures will be strengthened to ensure the protection of citizens' personal information rights [2]

Core Viewpoint - The rapid growth of apps within the Huawei HarmonyOS ecosystem has prompted the National Cybersecurity Review and Certification Center to enhance app user privacy protection and support the sustainable development of the Harmony ecosystem [1][2] Group 1: App Certification and Compliance - The National Cybersecurity Review and Certification Center is conducting research on the certification of mobile applications within the Harmony ecosystem, focusing on core technologies such as the microkernel architecture and security access mechanisms [1] - The center is analyzing risks related to personal information collection and usage in a distributed environment, particularly concerning privacy leakage during cross-device data transfer and permission synchronization across different terminals [1] - The center aims to continuously optimize compliance detection strategies and certification standards for HarmonyOS apps [1] Group 2: Monitoring and Data Support - The mobile application monitoring platform is being upgraded to adapt to the Harmony system's technical architecture, enabling comprehensive dynamic monitoring of both Android and Harmony ecosystems [1] - The platform utilizes behavior analysis and real-time data processing technologies to monitor app behavior during operation, identifying security vulnerabilities related to personal information safety [1] - This data-driven approach provides strong support for precise governance of apps [1] Group 3: Future Initiatives - The National Cybersecurity Review and Certification Center has issued "App Security Certification" and "Financial Technology Product Certification" to several Harmony apps in the education and finance sectors [2] - Future efforts will focus on deepening research into mobile application certification within the Harmony ecosystem, aligning with the 2025 personal information protection initiative led by multiple government agencies [2]

Core Viewpoint - The Ministry of Industry and Information Technology (MIIT) has reported on the infringement of user rights by 23 apps and SDKs, highlighting ongoing efforts to protect personal information in compliance with relevant laws and regulations [1] Group 1: Regulatory Actions - The MIIT's actions are part of a broader initiative announced by four government departments, including the Central Cyberspace Administration, to conduct a series of special actions for personal information protection in 2025 [1] - The report indicates that the identified apps and SDKs are required to rectify their violations, with potential legal consequences for non-compliance [1] Group 2: Legal Framework - The governance actions are based on several laws, including the Personal Information Protection Law, Cybersecurity Law, Telecommunications Regulations, and the Regulations on the Protection of Personal Information of Telecommunications and Internet Users [1] - The MIIT has engaged third-party testing organizations to conduct inspections, which led to the discovery of the violations [1]

Core Viewpoint - The article highlights the increasing issue of insurance telemarketing calls and messages affecting individuals' daily lives, raising concerns about potential personal information leaks and privacy violations by insurance intermediaries [2][3]. Group 1: Consumer Experience - Many users report receiving frequent insurance sales calls, especially when their policies are nearing renewal, leading to frustration and confusion about how their personal information was obtained [3][4]. - Users express concerns about receiving targeted marketing calls despite not having purchased insurance from the companies contacting them, indicating a possible breach of privacy [3][4]. Group 2: Privacy Policies and Information Collection - Some insurance intermediaries, like "Toubao Paipai," include clauses in their user agreements that allow for extensive personal information collection, including browsing history, which raises legal and ethical questions [4][8]. - The privacy policies of these intermediaries often blur the lines between legally required information collection and data gathered for commercial purposes, potentially infringing on consumer rights [7][9]. Group 3: Regulatory Environment - Regulatory bodies have been actively addressing the issue of excessive personal information collection by financial institutions, emphasizing the need for clear, reasonable purposes for data processing [10][11]. - Recent regulations mandate that financial institutions must limit personal information collection to what is necessary for business purposes, highlighting the importance of consumer consent and transparency [11][12].

Core Viewpoint - The article highlights the increasing issue of unsolicited insurance sales calls and marketing messages affecting individuals' daily lives, raising concerns about potential personal information leaks and privacy violations by insurance intermediaries [1][2][4]. Group 1: Impact on Consumers - Many users report receiving frequent insurance sales calls, especially when their insurance policies are nearing renewal, leading to frustration and confusion about how their personal information is being accessed [2][4]. - Users express concerns over the accuracy of the personal information used by sales agents, noting instances where agents possess detailed personal data despite the users never having purchased insurance from them [2][4]. Group 2: Privacy Policies and Information Collection - Investigations reveal that some insurance intermediaries, such as "Toubao Paipai," include clauses in their user agreements that allow extensive collection of personal information, including browsing history, under the guise of marketing preferences [5][9]. - The privacy policies of these intermediaries often obscure the extent of information collection, leading users to unknowingly consent to the sharing of their data with third parties for marketing purposes [5][8]. Group 3: Legal and Regulatory Concerns - Legal experts argue that the practices of these insurance intermediaries may violate consumer privacy rights, as users often do not fully understand the implications of the lengthy and complex user agreements they consent to [8][12]. - Regulatory bodies have been actively addressing the issue of personal information misuse in the financial sector, identifying problems such as forced consent and excessive data collection practices among insurance companies [11][12].