The China Banking and Insurance Regulatory Commission issued a notice on the special rectification work of bank insurance institutions to infringe on personal information rights (hereinafter referred to as notice) to conduct bank insurance institutions, etc., and requires a comprehensive sorting and investigation of banks.The problems and vulnerabilities of the industry insurance industry in the protection of personal information, in -depth rectification of chaos in infringing consumer information rights, and urging bank insurance institutions to establish and improve consumer personal information protection working mechanisms.
According to the surging news report, the notification requirements, bank insurance institutions have comprehensively touched the business behavior and management of consumer personal information processing activities since 2021, and in -depth search for the personal information protection of the agency.Existing problems list the list of problems.In the process of self -examination, you must insist on making ups and dynamic reforms.For the problems that cannot be completed in the short term, we must establish a rectification ledger, clarify rectification measures, and gradually advance them one by one.
At the same time, the Banking and Insurance Regulatory Bureau must take the front inspection and supervision work, and compact the institution to self -check the responsibilities, and to prevent the notification of the notification, the situation where it will be transferred, and the self -inspection of the field and the form will not be in place.Essence
The notice of the discovery of rectification pointed out that the bank insurance institutions must be built one by one to ensure that the rectification is in place and the accountability is in place.For the violations of the rules and regulations of the banking industry, it is necessary to deal with it in accordance with regulations; for improper operating behavior, it is necessary to stop or correct immediately, and the problem of serious infringement of consumers' information security rights such as leakage of personal information should be held accountable.The issue involving illegal crimes is to be transferred to the judicial organs for punishment.
The CBRC requires that regulatory departments at all levels should carry out supervision spot checks and supervision in accordance with daily supervision, on -site inspections, reporting investigation, and complaint inspections.For issues that violate relevant laws and regulations, we must investigate and deal with it in accordance with laws and regulations; the problems of self -inspection and rectification of institutions can be combined with the degree of violations of the behavior and caused the consequences to be light, reduced or imposed by the law;Concealing the non -reported institutions must be seriously held accountable and punished with heavy penalties.
This special rectification work is mainly self -inspection by bank insurance institutions, and the regulatory authorities will conduct random inspections and supervision in a timely manner.
The CBRC requires that bank insurance institutions must deeply analyze the problems found in this special rectification and find the root cause of the problem.The reason for the problem is that the lower -level agencies must compact the branch responsibility and complete the rectification without discounting; if the root cause is the headquarters, it is necessary to adjust and optimize the relevant working mechanism in a timely manner, strengthen the system constraints and responsibilities, and promote the root causes.
The supervisory departments at all levels should combine the problems discovered by this special rectification, and urge bank insurance institutions to establish and improve the personal information protection system mechanism, improve business rules and operating processes, standardize personal information processing and management behaviors, comprehensively improve the improvement of personal information, comprehensively improveConsumer personal information protection work level.