Winning 3.15 | Constructing user information security barriers and casting brand compliance grips

2022-03-15 17:30:00


Chaos is frequent, how to balance safety & value?

In 2020, the leakage of bank card water of famous artists has triggered a high concern of the public about the security of personal information including but not limited to financial and other information.

In 2021, CCTV 315 evening named "face recognition abuse" and other consumer industry chaos, and a number of related technology companies apologized one after another.

For technology companies that involve a lot of data processing and analysis in their daily operations, security is an insurmountable mountain. In the process of online and offline operations, the backend of enterprises need to collect, integrate and analyze operational data to promote continuous optimization of products and services. This process for brands and consumers, which is supposed to enhance the behavior of consumer user purchase and experience.

However, when massive amounts of user data are collected, shared and used, consumers' personal privacy begins to face potential risks that are difficult to completely avoid: the risk of personal information being collected in violation of the law, the risk of being misused for big data analysis, the risk of being leaked, stolen and illegally sold ...... is impossible to prevent. At the same time, brands also face unpredictable hidden risks such as data loss and irreversibility, illegal theft of data by third parties, and malicious disclosure of data by loopholes.

Taking personal privacy leakage as a typical example, the emergence of various data security issues has seriously hindered the value creation of data elements, prevented brands from reasonably collecting and using consumer information, and further delayed the healthy growth of brand value. How to find a balance between "safeguarding the security of consumer data" and "leveraging the value of data for brand growth" has become an important problem that needs to be solved by brands and businesses.


How do brands win by law when users resist?

As multiple data security incidents continue to fester, consumers have also shown significant resistance and consumer behavior has been greatly affected by this.

In March, the Global Times and market research organizations released the "2022 Chinese Consumer Survey on Data Security and Privacy Awareness and Concerns of Smart Connected Vehicles", which revealed that Chinese consumers have little confidence in smart car manufacturers' ability to properly protect sensitive personal information, with more than 40% of consumers expressing no or little confidence.

The "China Consumer Confidence Index", compiled quarterly by the National Development Institute of Peking University, has also revealed several times that consumers are sensitive and dissatisfied with the security of personal information data, which in turn affects the perception of consumer experience and satisfaction in different consumer areas. It is clear that in the new era of digital economy, the security of consumers' data is becoming an important factor influencing consumer behavior, and is gradually becoming a new competitive "watershed" between retail companies.

The Law of the People's Republic of China on Data Security came into effect on September 1, 2021, and the Law of the People's Republic of China on the Protection of Personal Information came into effect on November 1, 2011. Together with the Civil Code, the Supervision and Administration of Internet Transactions, and the Anti-monopoly Guidelines on the Platform Economy ......, the strongest information security-related legal documents since China entered the era of big data have come into force, building a legal framework dedicated to "protecting the rights and interests of personal information, regulating personal information processing activities, and promoting the reasonable use of personal information". It also protects consumers' personal rights and interests in a three-dimensional manner from four perspectives: administrative, civil, criminal and public interest litigation.

From another perspective, these important changes in legal policy are not only limited to the protection of consumer information security and related rights, but also emphasize the hard requirement that "regulation and healthy development must go hand in hand" for digital economy enterprises.


"Compliance Management", the brand's risk-averse grip

For brands, if they want to balance the security of user information with the full use of data value, they need to take a solid approach to the three dimensions of information collection, information storage and protection, and information use.

  • Information collection level: information is collected with a legal basis and necessary for business development; collection and processing processes are strictly regulated and the principle of minimal information collection is adhered to; organizational and technical measures must meet relevant regulatory requirements.

  • Information storage and protection: Follow the time limit requirements of relevant laws and policies, equipped with various security technologies, management systems, departments responsible for personal information protection, relevant internal control systems, and emergency plans for security incidents.

  • Use of information: Information is used only when providing services to users, improving the quality of services, and ensuring the safety of users' accounts. And in strict accordance with the relevant requirements, the user's consent is obtained again in the form of confirmation agreements, authorized consent actions, etc.

Whale's Compliance Management is deeply rooted in this area, closing the loop on three levels and providing a variety of features to help brands avoid legal risks.

  • Avoiding face biometric minefield

In the offline consumption scenario, instead of collecting and storing facial bio-information features, the solution of collecting other compliant customer flow information, completing the calculation at the edge, and uploading only statistical information to the cloud replaces facial bio-information collection, strengthening risk control and avoiding minefield blind spots.

  • Strict access control

In terms of data storage authority, there are different permission levels for different access subjects (employees, APIs, etc.), corresponding to different data levels. Each time data is read, it must be unlocked and encrypted, and the logs of data reading and storage will be archived.

  • Fully respect the wishes of consumers

In terms of user consent, we will help establish a user authorization mechanism to protect the user's right to information and choice and prevent excessive collection and use. In the commercial application of data, in addition to the obligation to inform, we must also provide users with the option to "refuse" and delete the corresponding data.

  • Easy observation, content editing and continuous optimization

By choosing to use Compliance Management, brands can easily observe user information security risks and make relevant adjustments: changing a single line of code in the data burial SDK can make their applications comply with personal information protection laws and increase user trust and product transparency; whenever the privacy policy is updated, brands can adjust the information in the pop-up window through the pop-up content editing function without re-posting a version; and through the data dashboard, brands can understand the privacy policy consent status in real time and continuously optimize it with the content editing function.

  • Hardcore design & technology foundation

In the product design, the edge + cloud double-layer security encryption mechanism is used to insist on strengthening the ability of security compliance to safeguard user privacy. In the process of technology application, actively enhance the technical means, throughout the whole process of data collection, storage, analysis, processing, deletion and provide five protection measures.

Not to lose every bit of value of brand marketing data, and not to give up every bit of security of consumer user information. In this era of digital economy gradually spread to every corner, in the situation of data information security chaos, the use of "compliance management" to make technology more warm, so that user information security and data to leverage brand growth balanced and symbiotic.

Empower Business Growth