杨某的个人信息来自何处？竟然是同业保险公司。裁判文书显示，证实杨某丰是某大型保险公司安徽省 公司电销负责人，也是杨某（另案处理）之前的同事，杨某丰手中有安徽省全省的购车数据，数据里面 有车架号、身份证号、电话、姓名、住址以及保险到期日。2018年杨某同杨某丰合谋出售购车数据牟 利。杨某丰将数据按照各个地市的分类打包好给杨某，杨某再按照每个地市的信息以每条七至九毛钱出 售，所获利润和杨某丰三七分成，杨某拿七成。出售对象都是各保险公司的从业人员。 8月19日，北京商报记者注意到，近期中国裁判文书网公布了一则刑事裁定书，显示杨某某、何某某、 俞某某等人为拓展保险业务，购买公民个人信息数万条，犯下侵犯公民个人信息罪。而这些个人信息， 同样来自于保险公司，一位"内鬼"倒卖。 当前，保险业数字化程度不断提升，侵害公民个人信息权益的问题也随之而来。如何保护好客户的个人 信息，是保险公司面临的新课题。 倒卖车险信息遭罚 车险将要到期推销电话不停、只买了一份保险却收到了几十条推销短信，不用怀疑，你的个人信息被泄 露了。 身为保险公司部门负责人，不考虑如何扩展业务，竟动了歪心思，想通过购买客户信息"走偏门"？近期 中国裁判文书网 ...

Core Viewpoint - The National Computer Virus Emergency Response Center has identified 70 mobile applications that illegally collect and use personal information, highlighting ongoing concerns regarding data privacy and compliance with Chinese laws [1] Company Summary - The application "Ark Health Online Pharmacy" (version 6.42.0, OPPO software store) has been flagged for multiple violations, including failure to inform users about the transfer of their personal information to other parties and not providing a convenient way to withdraw consent for data collection [1] - Ark Health Online Pharmacy is operated by Guangzhou Ark Pharmaceutical Co., Ltd., which is a wholly-owned subsidiary of Guangzhou Ark Cloud Health Information Technology Group Co., Ltd. [1] - Established in 2015, Ark Health focuses on internet-based chronic disease management services and aims to become the largest chronic disease service platform in China [1]

中国经济网北京8月19日讯 国家网络安全通报中心公众号13日发布消息"国家计算机病毒应急处理 中心检测发现70款违法违规收集使用个人信息的移动应用"。依据《网络安全法》《个人信息保护法》 等法律法规，按照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息 保护系列专项行动的公告》要求，经国家计算机病毒应急处理中心检测，70款移动应用存在违法违规 收集使用个人信息情况。 其中，《掌上华医》（版本V3.124.5，应用宝）存在以下问题：（一）隐私政策未逐一列出App （包括委托的第三方或嵌入的第三方代码、插件）收集使用个人信息的目的、方式、范围等；（二）个 人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者姓名、 联系方式、处理目的、处理方式和个人信息的种类，并取得个人的单独同意；（三）未向用户提供撤回 同意收集个人信息的途径、方式；个人信息处理者未提供便捷的撤回同意的方式。 中国经济网记者查询应用商店发现，《掌上华医》运营商为北京华医网科技股份有限公司。北京华 医网科技股份有限公司第一大股东为天津红杉资本投资基金中心（有限合伙），持股比例为25.34% ...

Group 1 - The core issue highlighted is that "人人租" is listed among 70 mobile applications for illegally collecting and using personal information, alongside financial apps like 万达普惠 and 烟台银行 [2] - The specific violations by "人人租" include failure to clearly outline the purposes, methods, and scope of personal information collection in its privacy policy, lack of a clear way for users to withdraw consent, and inadequate security measures such as encryption and de-identification [2] - This action is part of the "2025 Personal Information Protection Special Action," driven by multiple government agencies, and is based on technical inspections of apps under the Personal Information Protection Law [2] Group 2 - Operators are required to complete rectifications within 15 working days, with potential legal consequences for non-compliance or severe violations, including business suspension or app removal [2] - As of August 14, "人人租" has not issued a formal announcement regarding its rectification plan, and its operations remain normal on its official website and app store page [2]

Group 1 - The National Cybersecurity Incident Response Center announced the detection of 70 mobile applications that illegally collect and use personal information, including several financial applications such as "Wanda Puhui" and "Yantai Bank Citizen e-loan" [2] - Yantai Bank's WeChat mini-program "Yantai Bank Citizen e-loan" has several issues, including failure to process complaints and reports within the promised timeframe, lack of a mechanism for users to exercise their rights, and no provided means for users to withdraw consent for personal information collection [3] - In July, Yantai Bank was penalized with a warning and a fine of 3.192 million yuan for multiple violations, including breaches of financial statistics regulations and failure to fulfill customer identity verification obligations [3]

Core Viewpoint - The importance of protecting financial consumers' information security rights is emphasized, highlighting the potential risks of personal information leakage, including financial loss and damage to personal reputation and social safety [1] Group 1: Case Study and Risks - A recent incident involving a consumer, Ms. Liu, illustrates the chain risks associated with information leakage, where her personal information was compromised due to improper handling of documents, leading to financial loss and illegal investment [2] Group 2: Protective Measures - The company has outlined four key protective measures to enhance financial security for consumers: - **Personal Information "Anonymization"**: Consumers are advised to securely dispose of documents containing personal information to prevent leakage [3] - **Handling Important Transactions Personally**: It is recommended that consumers handle significant transactions in person and verify the reliability of any representatives if delegation is necessary [4] - **Verification of Unknown Visitors**: Consumers should verify the identity of individuals claiming to be from financial institutions before providing sensitive information [5] - **Rapid Response to Risk Events**: Immediate action is encouraged if personal information is misused, including reporting to authorities and contacting financial institutions for assistance [6] Group 3: Collective Responsibility - The company emphasizes that financial security is a shared responsibility, urging consumers to enhance their risk awareness and protective skills, while the company continues to engage in financial education and improve service processes [7]

Core Viewpoint - The article discusses the new "Automotive Data Export Security Guidelines (2025 Edition)" proposed by the Ministry of Industry and Information Technology and other departments, aiming to establish a secure and efficient mechanism for the cross-border flow of automotive data while ensuring compliance with national laws and regulations [4][5]. Summary by Sections Introduction of the Issue - The guidelines are a response to the rapid development of the intelligent connected vehicle industry in China and the significant increase in automotive exports, which reached 5.859 million units in 2024, a year-on-year increase of 19.3% [5]. Analysis of the Main Content of the Guidelines - The new guidelines differ significantly from the previous "Automotive Data Security Management Provisions (Trial)" issued in 2021, providing clearer and more comprehensive guidance on data export paths, technical protection requirements, and compliance flexibility [7][8]. Key Changes in the Guidelines - The guidelines expand the definition of automotive data processors to include telecommunications operators, autonomous driving service providers, and platform operators, reflecting the evolving landscape of the automotive industry [8][9]. Data Export Behavior Regulations - The guidelines specify that data export behaviors include transmitting data collected within China to overseas entities and allowing foreign entities to access data stored domestically [9]. Data Export Path Regulations - Three main paths for data export are established: safety assessment declaration, standard contract signing, and personal information protection certification, with specific thresholds for each [9][10]. Important Data Definition - The guidelines introduce a three-dimensional framework for identifying important data, categorizing it based on business scenarios, data types, and judgment rules, addressing the long-standing challenge of identifying important data in the automotive sector [11][12]. Implementation Process for Data Export - The guidelines detail the implementation process for data export, including data identification, path determination, and safety assessment, requiring automotive data processors to comply with various legal obligations [14][15]. Safety Protection Requirements - The guidelines outline safety protection requirements for data export, including management, technical protection, logging, and emergency response measures to ensure data security during transmission [15]. Challenges and Opportunities for Automotive Enterprises - The guidelines present significant compliance challenges for automotive companies, including the complexity of identifying important data and the increased operational costs associated with compliance [17][18]. - Conversely, the guidelines also create structural development opportunities, allowing companies to leverage compliance as a competitive advantage and participate in international standard-setting [18][19].

Core Viewpoint - The National Computer Virus Emergency Response Center has detected 70 mobile applications that illegally collect and use personal information, violating laws such as the Cybersecurity Law and the Personal Information Protection Law [1][4]. Group 1: Violations in User Consent and Information Handling - 13 applications failed to clearly inform users about their privacy policies and the handling of personal information before processing it [1]. - 38 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [1]. - 17 applications did not inform users about the recipients of their personal information and did not obtain separate consent [1]. - 7 applications began collecting personal information without obtaining user consent [2]. - 5 applications did not provide effective options for users to correct, delete personal information, or cancel their accounts [2]. - 7 applications failed to process complaints and reports within the promised timeframe [2]. - 28 applications did not provide a way for users to withdraw consent for personal information collection [2]. - 2 applications used automated decision-making for information push and marketing without providing options to refuse [2]. - 1 application processed sensitive personal information without obtaining separate consent [3]. - 12 applications did not establish specific rules for handling personal information of minors [3]. Group 2: Security and Compliance Issues - 31 applications did not implement adequate security measures such as encryption or de-identification [3]. - 2 applications had advertisements that could not be closed easily [3]. - 5 applications lacked a privacy policy altogether [3]. - 25 applications from a previous report were found to still have issues and have been removed from distribution platforms [4].

Core Viewpoint - The National Cybersecurity Notification Center has reported that over 60 mobile applications, including those from seven financial institutions, are found to be illegally collecting and using personal information [1][2][3] Group 1: Violations Identified - A total of 13 types of violations were identified among the 60+ mobile applications [2] - The most common violations include: - Lack of detailed privacy policies outlining the purpose, method, and scope of personal information collection, affecting 25 applications including those from Longjiang Bank and ShenGang Securities [1][2] - Failure to provide users with a way to withdraw consent for personal information collection, impacting 30 applications including those from Industrial Bank and Hainan Airlines [2] - Inadequate security measures such as encryption and de-identification, affecting 29 applications including those from Chengtong Securities and Zhilian Recruitment [2] Group 2: Financial Institutions Involved - The financial institutions implicated include four brokerages: Chengtong Securities, Industrial Bank, ShenGang Securities, and Wukuang Securities, as well as three banks: Longjiang Bank, Wuhai Bank, and Haixia Bank [1][2] - Specific versions of the mobile applications that were flagged include: - Chengtong Securities (version 6.0.3.0), ShenGang Securities (version 3.1.7), Industrial Bank (version 8.9.0), Wukuang Securities (version 3.40.2), Wuhai Bank (version 5.0.1), Haixia Bank (version 4.0.0), and Longjiang Bank (version 2.00.03) [2][3] Group 3: Broader Implications - The violations are not limited to financial applications; they also encompass a wide range of sectors including dining, gaming, recruitment, and lifestyle services [2] - The National Cybersecurity Notification Center has released six lists of violating mobile applications since 2025, indicating a persistent issue within the industry [3] - The central authorities are conducting a series of special actions to protect personal information, with a focus on addressing typical violations and ensuring compliance [3]

Group 1 - The insurance industry is characterized as a "personal information-intensive industry," involving multiple data elements and long protection chains, with various risk points [3] - Some insurance intermediaries have user registration agreements that contain infringing clauses allowing the use of personal contact information for "partner product recommendations" [1][3] - The Personal Information Protection Law mandates that the collection and processing of personal information must adhere to the "minimum necessity" principle, limiting data collection to what is necessary for achieving processing purposes [3][4] Group 2 - Despite the establishment of a legal framework for data compliance in China, including the Cybersecurity Law, Data Security Law, and Personal Information Protection Law, violations in personal information collection persist [4] - The ambiguity of the "minimum necessity" principle, along with the opaque nature of data flow and misuse of technology, contributes to the ongoing issues of excessive data collection [4] - Effective governance of personal information misuse requires more than just user vigilance or corporate ethics; it necessitates detailed scenario rules, effective notification, increased violation costs, and rigid constraints [4]