Under a new cybersecurity law, Web operators are urged to provide safe products and services Kou Fei recently got a call at work from her mother, who was anxious to know that she was safe.
"My mom told me a stranger had called, saying I was in danger and asking for money to save me. The caller knew my name," said Kou, 27, an employee at a Beijing educational institution.
Thanks to her mother's checking, the family escaped an economic loss. But Kou said she often receives fraudulent phone calls or spam via text messages, which have disturbed her life. She said she has become more cautious and has begun to block them.
"I don't know how my private information was released. Maybe I lost it as I filled in express forms or logged in to websites," she said.
According to a report released in late July by the Internet Society of China, almost 80 percent of Chinese netizens have had their information stolen, including names and home addresses. Such personal information leaks resulted in losses of 80.5 billion yuan ($12.6 billion) last year, the report said.
In July, a Beijing court sentenced a man who made use of his position at work to acquire and sell private information. The man, whom the court referred to only by his surname, Kang, confessed that his job gave him access to abundant personal information online and said other computer talents or Web operators could easily do the same.
To regulate online service providers' duties and protect netizens' rights, the first draft of a national cybersecurity law was introduced on July 6. Among other things, it aims to protect real identities that are increasingly used in Internet registrations and transactions.
"After all, almost every offline activity has been put online in the Internet era, and real-name registration has become a part of our lives," said Li Yuxiao, a professor of Internet governance at Beijing University of Posts and Telecommunication.
Keeping people's private information safe online is urgent, Li said.
Backdoor methods
Kou noted that many websites and smartphone apps now require users to put in personal information, including name, ID number, birthday and address.
"As I typed in my information online, such as shopping or registering a bank account, I could not prevent website operators from knowing, and even using, my private information," Kou said.
During Kang's trial at Beijing Xicheng District People's Court in July, the former computer programmer admitted that online service providers and some computer technologists can gain access to users' information using backdoor methods.
Kang, 27, who worked for a Beijing technology company, said he helped the State Post Bureau make a database in March last year, and he made use of the work to get more than 150,000 pieces of personal information. He sold 10,000 of them.
"I contacted some buyers via QQ, an instant messaging tool, at that time. The ease of getting information and the illegal profits have driven me to where I am now," Kang said during the trial.
He was sentenced to one year in jail and fined 10,000 yuan, considering his good attitude in confessing fault, the court said.
Plugging leaks
People who sell personal information are subject to punishment, but how to allocate blame in light of the role of Web service providers is still unclear, the court said, adding that sometimes information leaks without online operators' knowledge.
Professor Li said it's impossible to totally avoid information leaks, but privacy protection can and must be strengthened.
He said the draft law on Internet security includes a section on privacy protection, and its clarification of Web companies' rights and duties represents major progress.
The draft requires each Web operator to compile users' information in such as way that it is protected. Operators are also asked not to distort, release or damage the data, and not to sell it.
Yin Libo, chief engineer at the Electronic Technology Intelligence Research Institute under the Ministry of Industry and Information Technology, said the clearer the accountability for Web operators, the more effectively information leaks can be prevented.
The privacy protection that has been written into the draft will also contribute to the State security, Yin said, urging Web operators to provide safe products and services.
"Western countries have consistently paid attention to privacy protection and put it into law. All Web operators are barred from blocking or stealing users' information," Yin said.
How can you protect your rights if personal information is leaked?
1. Victims can require Web operators or online service providers to delete the information leaked or to take other measures to stop the leaks.
2. Victims can report information leaks to government agencies, including the Ministry of Public Security, the Cyberspace Administration of China and the China Consumers' Association. Victims can call the 12377 hotline to report details of leaked information.
3. Victims can ask for an apology and for compensation from those who illegally use their personal details, in accordance with the Chinese Consumer Protection Law and the Chinese Tort Law.