With the development of new technologies such as artificial intelligence, cloud computing, big data, and blockchain, data has become the most valuable factor of production in the digital economy era, a powerful driving force for national economic development, and is profoundly changing the production and lifestyle. The Fourth Plenary Session of the 19th Central Committee of the Communist Party of China added “data” as a factor of production for the first time. Recently, General Secretary Xi Jinping also emphasized in the 34th collective study of the Political Bureau of the Central Committee, “Give full use of the advantages of massive data and rich application scenarios to promote The deep integration of digital technology and the real economy will enable the transformation and upgrading of traditional industries, give birth to new industries, new formats and new models, and continue to strengthen, optimize and expand my country’s digital economy.” Data has increasingly become an important foundation for national and social development, and is of great significance to promoting high-quality economic and social development in my country and improving the modernization level of national governance capabilities.
Standardize information protection and tighten data security barriers
Data is naturally mobile and reproducible, which leads to data leakage and data abuse during use, which damages the interests of enterprises and individuals, and even endangers national security in severe cases. For example, during the epidemic, the personal information, health status and other related information of patients were repeatedly leaked, which damaged the legitimate rights and interests of individuals. Data security and personal information protection are the basic problems to be solved in the development of the digital economy, as well as the basic requirements for the sustainable development of the digital economy and the successful implementation of the digital transformation of enterprises.
Data security and personal information protection involve multiple levels of individuals, enterprises and countries. Individuals are the most extensive participants in data security and personal information protection. It is necessary to strengthen the protection of personal information, protect the legitimate rights and interests of individuals, and maintain personal dignity; enterprises are the key subjects of data security and personal information protection. Development is of great significance. At the enterprise level, it is necessary to ensure the legal and compliant use of data to promote the orderly development of the industry; data security is currently the focus of cyberspace security and a major issue related to national security and economic and social development. Economic stability and national security, safeguarding national data sovereignty.
In the era of digital economy, with the popularization of new technologies and new applications, personal information leakage, excessive collection, big data killing and other violations of personal legal rights have occurred frequently. While the digital economy has brought great convenience to personal life, it has also Specifications and constraints are required. Personal information protection is related to individual rights such as personality rights, privacy rights, and the right to know. By regulating the processing activities of personal information, clarifying the responsibilities and obligations of information processors, protecting the security of personal information more comprehensively, and maintaining security in the digital society. Personal dignity and freedom, and protect the legal rights of individuals from being infringed.
Business entities in various industries accumulate a large amount of data and personal information in their business management activities. With the rapid development of the digital economy and the construction of digital ecology, the number of internal data usage scenarios is increasing day by day, and the data boundary is gradually blurred. As the main body of data management, enterprises must first start from From the perspective of full life cycle management of data collection, transmission, and use, it ensures the integrity, confidentiality, and availability of data. The phenomenon of data monopoly of platform-based enterprises is becoming more and more obvious. Problems such as over-scope collection, big data processing, algorithm discrimination, and excessive profit-seeking occur from time to time, affecting the rights and interests of customers and the country. In addition, cooperation between enterprises in the digital economy era will also bring about data security and personal information protection issues between institutions, which need to be considered and regulated. At the same time, the state has formulated and promulgated various laws and regulations to clarify the responsibilities and obligations of corporate entities, ensure the fair and just use of data among different entities, prevent unfair competition and data monopoly, and promote the orderly flow of data. These series of laws, regulations and norms provide a system and normative basis for the rational, legal, and compliant use and circulation of data, and are of great significance to the digital development of enterprises.
The state attaches great importance to the protection of personal information, and actively develops relevant legislation and standards. Currently, there are nearly 40 laws, more than 30 regulations, and more than 200 rules and regulations involving personal information protection in China. On August 20, 2021, the state promulgated the “Personal Information Protection Law”, which is the first special law on personal information protection in my country. Since then, personal information protection has entered a new stage. The “Personal Information Protection Law” stipulates that “this Law shall be formulated in accordance with the Constitution”, which fully reflects that the state respects and protects human rights, and at the same time, more strictly restricts the processing of sensitive personal information, regulates automated decision-making of personal information, and increases protection against acts of infringing personal information. The severity of the punishment fully reflects the state’s emphasis and determination on the protection of personal information.
Under the new development situation, data security is the focus of cyberspace security, and cyberspace security is an important part of national security, which has become a major issue related to national security and economic and social development. The Cybersecurity Law, the Data Security Law, the Personal Information Protection Law and other laws put forward requirements on data security, data classification and grading protection, and critical information infrastructure, which fully reflects the state’s emphasis on data security and personal information protection. Doing a good job in data security is of great significance to safeguarding the legitimate rights and interests of the people, promoting the healthy development of the digital economy, and safeguarding national security.
Comprehensively manage and consolidate the foundation of data governance
ICBC has always adhered to both development and security, actively implemented the requirements of national laws and regulations, and comprehensively implemented data security management and personal information protection within the group-wide data governance framework to fully stimulate the intrinsic value of data elements, prevent financial risks, and optimize business processes. , enhance customer experience, and promote the development of digital transformation. ICBC strengthens overall management mainly from four aspects: organizational security, business management, technical system, and privacy calculation.
In terms of organizational security, ICBC has clarified the top-level design and built a four-in-one organizational structure of decision-making, management, execution, and supervision. The decision-making body, management body, executive body, and regulatory body coordinate and work together to jointly ensure the security of the bank’s data. At the same time, ICBC follows the principles of “compliance with laws and regulations, hierarchical management” and “whoever is in charge is responsible” and “whoever uses it is responsible”, and conducts comprehensive and prudent management of data and the security of the data attribution system.
In terms of business management, ICBC conducts overall work in the fields of system construction, management mechanism, personal information protection, and big data security. First, in accordance with national laws, regulations and regulatory requirements, ICBC continues to improve the data security system within the bank, and has issued relevant management systems, regulations, methods, etc. The second is to establish and improve the business management mechanism, and continuously improve the security management and control capabilities of personal customer information, credit information and other fields. The third is to continuously strengthen the security protection of personal information and big data, improve personal information protection policies and product service agreements, build a cloud security management system for big data services, and provide security for the business management of the entire bank.
In terms of technical system, ICBC has planned and established a multi-level and three-dimensional data security technical system architecture from an enterprise-level perspective in combination with the national standard DSMM Model. The basic security and monitoring and response methods in the bank provide technical support for the data security management and operation of the whole bank. At present, an encryption service platform, an Electronic file security control system, a client security management system, a cloud document platform, a security operation platform, etc. have been built to provide unified encryption services, electronic file security control, terminal security control and other security technical support capabilities. Take both measures to comprehensively strengthen data security protection and escort the bank-wide data security management and control.
In order to use data more securely, ICBC actively explores the use of new technologies such as multi-party secure computing, federated learning, and homomorphic encryption, and makes overall plans to build an enterprise-level privacy computing platform. Currently, ICBC has carried out pilot work in several scenarios within the bank and actively promoted it. The business scenario of privacy-preserving computing technology is implemented. For example, based on real estate data, the federated learning model is used to monitor corporate loans. In cooperation with a financial holding company, based on the relevant characteristics of the bank’s original corporate loan data, the real estate characteristics of the financial holding company are introduced. On the premise of going out of the warehouse, we built an early warning and monitoring model for loans, which significantly improved the business capability of risk monitoring. On the premise of “data availability and invisible”, ICBC’s loan management capabilities were improved, and it supported the analysis of corporate credit risks and corporate loans. healthy operation.
Strengthen collaborative efforts to escort the development of the digital economy
Data is a key production factor, and its core value is reflected in the use process. Dynamic data security and personal information protection should be implemented in the data flow. On the premise of fully guaranteeing security, all parties should work together to make good use of data elements to help the healthy development of the digital economy.
The first is to actively explore cross-institutional cooperation in specific fields. It is suggested that large financial institutions can first carry out pilot marketization of data elements in the financial field, explore corresponding pricing, operation and risk control mechanisms, and make full use of new technologies such as privacy computing to promote data flow across institutions. , to solve the problems of data silos and data monopoly.
The second is to promote the safe and compliant use of public data, accelerate the establishment of a standardized data trading market, take the negative list system as one of the principles of data trading, and prohibit the trading of data involving national security, economic security, social stability, and public health, or It is traded by a specific subject to better promote the safe and compliant use of public data.
The third is to study the mechanism for the safe flow of data across borders. At present, the awareness of data sovereignty in various countries is getting stronger and stronger. Under the background of the dual circular economy based on open conditions, the cross-border flow of data is unavoidable. It is recommended to be within the framework of existing laws and regulations. , explore bilateral cooperation mechanisms with other countries and regions, ensure the safe, orderly and controllable flow of data, and better serve the “dual circulation” development pattern.