Core Viewpoint - The insurance industry faces increasing compliance risks related to personal information protection as digital transformation progresses and regulatory frameworks improve [1][6] Group 1: Compliance Issues - The Shanghai Communications Administration reported that 3 insurance institutions had 8 apps (SDKs) flagged for issues such as lack of clarity in personal information processing rules and difficulties in account cancellation [1] - In total, over 20 apps (SDKs) from 9 insurance institutions have been flagged in 2025, indicating a systemic issue within the industry regarding personal information protection [1][2] - Other regions have also reported similar compliance issues, highlighting a widespread problem across the insurance sector [2][3] Group 2: Systemic Shortcomings - The frequent notifications reveal systemic shortcomings in personal information protection within the insurance industry, characterized by opaque rules, excessive data collection, and inadequate complaint handling [3] - The underlying issues stem from a misalignment in incentive mechanisms, capability systems, and responsibility chains within insurance institutions [3][4] Group 3: Regulatory Developments - Recent regulations, including the Personal Information Protection Law and the Data Security Law, have been implemented to enhance data governance and compliance in the financial sector [6][7] - The Financial Regulatory Authority has emphasized the need for insurance companies to shift from reactive compliance to proactive measures in personal information protection [7][8] Group 4: Recommendations for Improvement - To enhance data governance and personal information protection, the insurance industry should consider restructuring governance frameworks, leveraging technology for data security, and establishing comprehensive responsibility mechanisms for third-party collaborations [8]

中经记者 樊红敏 北京报道 随着数字化转型进程的推进和监管制度的逐步完善，保险业作为数据密集型产业在个人信息保护方面面 临的合规风险愈发凸显。 近日，上海市通信管理局（以下简称"上海通信局"）发布的《关于侵害用户权益行为APP（SDK）的通 报（2025年第十批）》显示，3家保险机构的8款APP（SDK）上榜，涉及的问题包括"未明示个人信息 处理规则""账号注销难""违规收集个人信息""未妥善处理用户投诉"等。 《中国经营报》记者梳理发现，包括此次通报在内，今年以来，上海通信局发布的十批通报中，共有9 家保险机构（含保险中介，下同）合计超过20款APP（SDK）"上榜"。其他地方通信管理局的通报中， 也不乏保险机构"上榜"。 "近年来，保险业进入数字化转型的关键时期，又适逢《中华人民共和国个人信息保护法》《中华人民 共和国数据安全法》等法律规定出台实施，既需要推进数字化转型，又亟须提升数据合规水平。保险业 作为数据密集型行业，数据规模大、场景多元、价值明显，属于个人信息保护合规风险高发的领域，数 据合规问题愈发凸显。"金杜律师事务所合伙人宁宣凤在接受记者采访时表示。 数据伦理尚未树立 上海通信局在通报中同时要 ...