How to ensure the compliant use of credit information in the era of big data

In the era of big data, information that collects an individual’s current credit value is increasingly valued by various industries. The value behind it is immeasurable. At present, commercial banks and various financial institutions are increasingly extending their business to the Internet. Compared with the traditional offline face-to-face communication with customers, commercial banks and various financial institutions now use more credit reporting and big data services. Data products provided by organizations to assist in the design and implementation of innovative Internet businesses. For example, personal identity profiling, credit assessment, etc. can be carried out through personal social, consumption, and behavioral data. However, whether it is personal credit information or reporting products, because it involves personal privacy, according to the "Credit Industry Management Regulations": except for personal information disclosed in accordance with the law, the collection of personal information must be obtained with the consent of the information subject, and shall not be collected without consent; Unless otherwise provided by law, if others inquire about personal information from credit reporting agencies, they must obtain the written consent of the information subject and agree on the purpose. Credit reporting agencies shall not provide personal information in violation of regulations. Therefore, if financial and credit reporting agencies need to collect and view personal credit data, they must obtain an authorization signed by the financial consumer himself. However, in reality, there are many problems with credit reporting authorization. For example, the authorization terms designed by some financial institutions are ambiguous, and the scope and time limit of authorization are not defined. There is a situation of one authorization, multiple use, and unlimited use; online signing When issuing a power of attorney, because most people lack understanding of the authorization, they often click "agree to the agreement" without checking the authorization content in detail; when a dispute occurs, if regulatory agencies and public security organs want to authenticate the power of attorney, they lack effective The identification method confirms whether the authorization letter was signed by the financial consumer himself at the time when the business occurred. At present, the state's protection of personal information is constantly increasing, especially with the implementation of the "Cybersecurity Law". If financial, credit reporting, and data service institutions fail to protect users' knowledge during the collection and use of personal data, rights, consent rights and other rights, you are likely to bear legal liability. How to effectively ensure the security of personal information and collect and use relevant information legally and compliantly while enjoying the dividends of the big data era has become an urgent problem that practitioners need to solve. In view of the current extensive drawbacks of personal data authorization and collection methods, it is a good strategy to introduce financial technology to help them move toward compliance. Just recently, a data information subject electronic authorization product - "Safe Authorization" developed by the third-party electronic certification agency China Financial Certification Center (CFCA) will be launched soon. This product can help relevant institutions obtain user credit inquiry authorization, legal The following help is provided when using user information in compliance with regulations: The product is based on electronic authentication, FIDO biometrics and other technologies to authenticate the user's identity and electronically sign the authorization letter, providing anti-repudiation, anti-tampering and anti-counterfeiting, and ensuring the content of the authorization letter. The authenticity, integrity and confidentiality of the signed electronic authorization letter are consistent with my country’s Contract Law, Electronic Signature Law, Cybersecurity Law and Credit Information Industry Management Regulations. Paper power of attorney has the same legal effect and provides complete judicial protection for the signer and user of the electronic power of attorney.

The "Safe Authorization" electronic authorization letter can verify the authenticity and validity of the user's signature

The principle of "one authorization for one thing" is adopted, that is, exclusive authorization is obtained for a specific purpose at a specific time. , and confirm the authorization time by issuing a scene certificate or stamping an electronic timestamp to avoid the situation of a single authorization being used repeatedly, multiple times, and unlimitedly. For individual users, if relevant institutions use the "Safe Authorization" platform to ask them to sign an electronic authorization form, the user will receive a mobile phone verification code prompt before signing, ensuring their right to know. Once an authorization dispute arises afterwards, "Safe Authorization" can also issue electronic evidence such as a "Digital Signature Verification Report" for the parties to use as judicial evidence. The electronic authorization form adopted by "Safe Authorization" meets the application and regulatory needs of the big data era and can be widely used in big data information query scenarios. In the long term, in addition to finance and credit reporting agencies, all industries related to the use of data services can adopt this method to ensure the standardized inquiry, collection and use of personal information.