Core Viewpoint - The insurance industry is facing significant challenges regarding the protection of personal information, as recent incidents reveal that personal data is being illegally sold by insiders within insurance companies [1][2][3]. Group 1: Incident Overview - A recent criminal ruling disclosed that several employees from Tianan Property Insurance Company were involved in the illegal purchase and sale of personal information, leading to penalties for the offenders [2]. - The data sold included sensitive information such as vehicle identification numbers, ID numbers, phone numbers, names, addresses, and insurance expiration dates, highlighting the severity of the data breach [3]. Group 2: Regulatory Environment - The financial regulatory authorities are increasing scrutiny on personal information protection within the insurance sector, with new regulations set to be implemented by December 2024 [4]. - The principle of accountability for data management is emphasized, requiring insurance companies to clearly define responsibilities for data security across various business areas [4]. Group 3: Recommendations for Improvement - Insurance companies are advised to establish robust customer information security management systems in compliance with the Personal Information Protection Law, detailing responsibilities and operational norms for data handling [5]. - Collaboration among insurance companies, regulatory bodies, and law enforcement is essential to effectively protect consumer personal information and address violations [5][6].

保险业"内鬼"狂飙 监管重锤砸向数据黑产 作者：李秀梅 车险将要到期推销电话不停，只买了一份保险却收到了几十条推销短信，不用怀疑，你的个人信息被泄 露了。 8月19日，北京商报记者注意到，近期中国裁判文书网公布了一则刑事裁定书，显示杨某某、何某某、 俞某某等人为拓展保险业务，购买公民个人信息数万条，犯下侵犯公民个人信息罪。而这些个人信息， 同样来自于保险公司，一位"内鬼"倒卖。 当前，保险业数字化程度不断提升，侵害公民个人信息权益的问题也随之而来。如何保护好客户的个人 信息，是保险公司面临的新课题。 倒卖车险信息遭罚 身为保险公司部门负责人，不考虑如何扩展业务，竟动了歪心思，想通过购买客户信息"走偏门"？近期 中国裁判文书网公布的一则刑事判决书，将某保险公司多名员工侵犯保险客户个人信息的犯罪细节公布 于众。 判决书显示，杨某某为天安财险安庆中心支公司原总经理，何某某为天安财险安庆中心支公司电销部门 原负责人，俞某某为天安财险黄山中心支公司电销部门原负责人。2020年3—12月期间，杨某某为推动 电销部门工作，安排何某某通过向杨某(另案处理)转账3.75万元，两次从杨某处购买公民个人信息3万余 条。2019年3 ...

杨某的个人信息来自何处？竟然是同业保险公司。裁判文书显示，证实杨某丰是某大型保险公司安徽省 公司电销负责人，也是杨某（另案处理）之前的同事，杨某丰手中有安徽省全省的购车数据，数据里面 有车架号、身份证号、电话、姓名、住址以及保险到期日。2018年杨某同杨某丰合谋出售购车数据牟 利。杨某丰将数据按照各个地市的分类打包好给杨某，杨某再按照每个地市的信息以每条七至九毛钱出 售，所获利润和杨某丰三七分成，杨某拿七成。出售对象都是各保险公司的从业人员。 8月19日，北京商报记者注意到，近期中国裁判文书网公布了一则刑事裁定书，显示杨某某、何某某、 俞某某等人为拓展保险业务，购买公民个人信息数万条，犯下侵犯公民个人信息罪。而这些个人信息， 同样来自于保险公司，一位"内鬼"倒卖。 当前，保险业数字化程度不断提升，侵害公民个人信息权益的问题也随之而来。如何保护好客户的个人 信息，是保险公司面临的新课题。 倒卖车险信息遭罚 车险将要到期推销电话不停、只买了一份保险却收到了几十条推销短信，不用怀疑，你的个人信息被泄 露了。 身为保险公司部门负责人，不考虑如何扩展业务，竟动了歪心思，想通过购买客户信息"走偏门"？近期 中国裁判文书网 ...

Core Viewpoint - The National Computer Virus Emergency Response Center has identified 70 mobile applications that illegally collect and use personal information, highlighting ongoing concerns regarding data privacy and compliance with Chinese laws [1] Company Summary - The application "Ark Health Online Pharmacy" (version 6.42.0, OPPO software store) has been flagged for multiple violations, including failure to inform users about the transfer of their personal information to other parties and not providing a convenient way to withdraw consent for data collection [1] - Ark Health Online Pharmacy is operated by Guangzhou Ark Pharmaceutical Co., Ltd., which is a wholly-owned subsidiary of Guangzhou Ark Cloud Health Information Technology Group Co., Ltd. [1] - Established in 2015, Ark Health focuses on internet-based chronic disease management services and aims to become the largest chronic disease service platform in China [1]

中国经济网北京8月19日讯 国家网络安全通报中心公众号13日发布消息"国家计算机病毒应急处理 中心检测发现70款违法违规收集使用个人信息的移动应用"。依据《网络安全法》《个人信息保护法》 等法律法规，按照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息 保护系列专项行动的公告》要求，经国家计算机病毒应急处理中心检测，70款移动应用存在违法违规 收集使用个人信息情况。 其中，《掌上华医》（版本V3.124.5，应用宝）存在以下问题：（一）隐私政策未逐一列出App （包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；（二）个 人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者姓名、 联系方式、处理目的、处理方式和个人信息的种类，并取得个人的单独同意；（三）未向用户提供撤回 同意收集个人信息的途径、方式；个人信息处理者未提供便捷的撤回同意的方式。 中国经济网记者查询应用商店发现，《掌上华医》运营商为北京华医网科技股份有限公司。北京华 医网科技股份有限公司第一大股东为天津红杉资本投资基金中心（有限合伙），持股比例为25.34% ...

Group 1 - The core issue highlighted is that "人人租" is listed among 70 mobile applications for illegally collecting and using personal information, alongside financial apps like 万达普惠 and 烟台银行 [2] - The specific violations by "人人租" include failure to clearly outline the purposes, methods, and scope of personal information collection in its privacy policy, lack of a clear way for users to withdraw consent, and inadequate security measures such as encryption and de-identification [2] - This action is part of the "2025 Personal Information Protection Special Action," driven by multiple government agencies, and is based on technical inspections of apps under the Personal Information Protection Law [2] Group 2 - Operators are required to complete rectifications within 15 working days, with potential legal consequences for non-compliance or severe violations, including business suspension or app removal [2] - As of August 14, "人人租" has not issued a formal announcement regarding its rectification plan, and its operations remain normal on its official website and app store page [2]

Group 1 - The National Cybersecurity Incident Response Center announced the detection of 70 mobile applications that illegally collect and use personal information, including several financial applications such as "Wanda Puhui" and "Yantai Bank Citizen e-loan" [2] - Yantai Bank's WeChat mini-program "Yantai Bank Citizen e-loan" has several issues, including failure to process complaints and reports within the promised timeframe, lack of a mechanism for users to exercise their rights, and no provided means for users to withdraw consent for personal information collection [3] - In July, Yantai Bank was penalized with a warning and a fine of 3.192 million yuan for multiple violations, including breaches of financial statistics regulations and failure to fulfill customer identity verification obligations [3]

Core Viewpoint - The importance of protecting financial consumers' information security rights is emphasized, highlighting the potential risks of personal information leakage, including financial loss and damage to personal reputation and social safety [1] Group 1: Case Study and Risks - A recent incident involving a consumer, Ms. Liu, illustrates the chain risks associated with information leakage, where her personal information was compromised due to improper handling of documents, leading to financial loss and illegal investment [2] Group 2: Protective Measures - The company has outlined four key protective measures to enhance financial security for consumers: - **Personal Information "Anonymization"**: Consumers are advised to securely dispose of documents containing personal information to prevent leakage [3] - **Handling Important Transactions Personally**: It is recommended that consumers handle significant transactions in person and verify the reliability of any representatives if delegation is necessary [4] - **Verification of Unknown Visitors**: Consumers should verify the identity of individuals claiming to be from financial institutions before providing sensitive information [5] - **Rapid Response to Risk Events**: Immediate action is encouraged if personal information is misused, including reporting to authorities and contacting financial institutions for assistance [6] Group 3: Collective Responsibility - The company emphasizes that financial security is a shared responsibility, urging consumers to enhance their risk awareness and protective skills, while the company continues to engage in financial education and improve service processes [7]

Core Viewpoint - The article discusses the new "Automotive Data Export Security Guidelines (2025 Edition)" proposed by the Ministry of Industry and Information Technology and other departments, aiming to establish a secure and efficient mechanism for the cross-border flow of automotive data while ensuring compliance with national laws and regulations [4][5]. Summary by Sections Introduction of the Issue - The guidelines are a response to the rapid development of the intelligent connected vehicle industry in China and the significant increase in automotive exports, which reached 5.859 million units in 2024, a year-on-year increase of 19.3% [5]. Analysis of the Main Content of the Guidelines - The new guidelines differ significantly from the previous "Automotive Data Security Management Provisions (Trial)" issued in 2021, providing clearer and more comprehensive guidance on data export paths, technical protection requirements, and compliance flexibility [7][8]. Key Changes in the Guidelines - The guidelines expand the definition of automotive data processors to include telecommunications operators, autonomous driving service providers, and platform operators, reflecting the evolving landscape of the automotive industry [8][9]. Data Export Behavior Regulations - The guidelines specify that data export behaviors include transmitting data collected within China to overseas entities and allowing foreign entities to access data stored domestically [9]. Data Export Path Regulations - Three main paths for data export are established: safety assessment declaration, standard contract signing, and personal information protection certification, with specific thresholds for each [9][10]. Important Data Definition - The guidelines introduce a three-dimensional framework for identifying important data, categorizing it based on business scenarios, data types, and judgment rules, addressing the long-standing challenge of identifying important data in the automotive sector [11][12]. Implementation Process for Data Export - The guidelines detail the implementation process for data export, including data identification, path determination, and safety assessment, requiring automotive data processors to comply with various legal obligations [14][15]. Safety Protection Requirements - The guidelines outline safety protection requirements for data export, including management, technical protection, logging, and emergency response measures to ensure data security during transmission [15]. Challenges and Opportunities for Automotive Enterprises - The guidelines present significant compliance challenges for automotive companies, including the complexity of identifying important data and the increased operational costs associated with compliance [17][18]. - Conversely, the guidelines also create structural development opportunities, allowing companies to leverage compliance as a competitive advantage and participate in international standard-setting [18][19].

Core Viewpoint - The National Computer Virus Emergency Response Center has detected 70 mobile applications that illegally collect and use personal information, violating laws such as the Cybersecurity Law and the Personal Information Protection Law [1][4]. Group 1: Violations in User Consent and Information Handling - 13 applications failed to clearly inform users about their privacy policies and the handling of personal information before processing it [1]. - 38 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [1]. - 17 applications did not inform users about the recipients of their personal information and did not obtain separate consent [1]. - 7 applications began collecting personal information without obtaining user consent [2]. - 5 applications did not provide effective options for users to correct, delete personal information, or cancel their accounts [2]. - 7 applications failed to process complaints and reports within the promised timeframe [2]. - 28 applications did not provide a way for users to withdraw consent for personal information collection [2]. - 2 applications used automated decision-making for information push and marketing without providing options to refuse [2]. - 1 application processed sensitive personal information without obtaining separate consent [3]. - 12 applications did not establish specific rules for handling personal information of minors [3]. Group 2: Security and Compliance Issues - 31 applications did not implement adequate security measures such as encryption or de-identification [3]. - 2 applications had advertisements that could not be closed easily [3]. - 5 applications lacked a privacy policy altogether [3]. - 25 applications from a previous report were found to still have issues and have been removed from distribution platforms [4].