If you’ve been in and around China long enough, you’ll know that personal data is something that is routinely bought and sold. The most common, and egregious, example of this involves telecom companies and mobile phone numbers. Why does everyone here receive thousands of spam phone calls and texts every year? Because phone numbers are sold to folks for large-scale marketing campaigns.
Why doesn’t the government put a stop to all this? Two reasons. First, I don’t think we have a consensus yet on what should be private data in this country. Second, while bits and pieces of data privacy rules have found their way into legislation (e.g., financial and consumer data), we do not yet have a comprehensive data privacy legal regime, even though it’s been discussed for at least eight years.
In the meantime, we have to be content with what’s being done on the margins. One sensitive area concerns data held by the state, including criminal records. This sort of information, collected and held by the Public Security Bureau, is supposed to be private, but as you may know, there is an entire industry out there devoted to obtaining such information on behalf of third parties.
Over the past ten years or so, I have worked on legal projects for three different foreign companies that are in the data business. Most of these kinds of service companies are in the HR sector and provide large companies with information about prospective employees, basically vetting them via background checks prior to their being hired.
Sounds straightforward, but some of the companies that offer information about a Chinese citizen’s criminal record are obtaining that information in a dodgy fashion. I won’t smear all of them by saying that they are breaking the law and/or paying off cops, but some of them most assuredly are, almost always via a local partner. Speaking of which, the folks who engage in this activity the most, of course, are Chinese domestic security/private investigation firms. Slip a friendly cop a few bucks to run a name through the database, and the information is filtered out to the prospective employer. Easy peasy.
Well, perhaps things are changing on that front:
A traffic police officer in Henan Province was sentenced to six months in detention with a one-year reprieve by a local court for illegally trading 12,441 pieces of personal information, marking the first person convicted in such a case in the province, the Zhengzhou-based Dahe Daily reported Monday.
The Shangcheng County People’s Court in the province sentenced the 28-year-old police officer, surnamed Tong, after he earned 61,429.01 yuan ($9,847) from selling the personal information he copied from the public security bureau’s internal database. (Global Times)
I’m not surprised that this cop was stealing data and selling it. Happens every day. However, it is almost shocking that he was actually arrested, tried and convicted for the offense. Extraordinarily rare, as the article points out.
But the big news is that this arrest was part of an overall government program to stamp out such data theft by government employees. The usual caveats apply regarding how widespread the enforcement will be, how long it will last, etc., but the campaign does show that someone in the government seems to think this is a significant problem that should be solved.
I call that progress.