Privacy & Information Security Law Blog

In recent months, the Chinese government has devoted attention to the protection of personal information with, as we previously reported, the promulgation of a number of new data protection regulations. This focus is also illustrated by recent actions related to crimes involving personal information.

Gang Selling Personal Information Busted

Police apprehended a 10-member gang in Beijing and Shanghai for illegally obtaining and selling nearly one million pieces of personal information. The gang made over RMB 320,000 in illegal profits from their activity.

In mid-August of this year, a woman in Shanghai filed a complaint with the police, claiming that her personal information was improperly disclosed after she had applied for an online exam. After applying, the woman received spam messages relating to training classes in the same subject matter. Zhabei District police investigated online message platforms, and targeted an education information consulting company as the source of the spam messages. When police apprehended the owner in the Pudong New Area, he said that he had bought the personal information from an unemployed local resident, who was then apprehended in the same district. Further investigation showed that this local resident had obtained the information from a man who was responsible for maintaining a national examination application website. This person had sold the data to the local resident, who then resold them to the education company owner and a few others, including the owners of another education company and a cultural communications company.

Courier Firm Staff under Suspicion of Large-Scale Customer Data Theft

Staff at a leading Shanghai courier firm, YTO Express, are suspected of selling millions of items of personal information about its customers to online traders, who then sold the information to online retailers.

A spokesperson for YTO Express said in October 2013 that it was investigating the case and promised to crack down on the information theft. It has since been verified that the personal information sold included customer names, addresses, telephone numbers and transaction serial numbers. Armed with this information, unscrupulous online retailers can forge customer records, while other businesses can use the information to contact potential customers. Since the incident, YTO Express has reportedly taken emergency measures to reduce security risks, and has begun to conduct a comprehensive internal investigation to search for the source of the improper disclosure of personal information. YTO Express is also reportedly working with its information technology partners to enhance the security of express delivery information.

Arrest of Three Men in Illegal Sales of Millions of Items of Personal Information

An employee at a local taxation bureau in Wuhan took advantage of his position to secretly copy personal information from the local taxation bureau’s intranet onto a USB memory drive. The employee then sold the information to another person via QQ, an instant messaging software, for an illegal profit of over RMB 100,000. The purchaser then resold the information to a third person. All three men were arrested for illegally obtaining personal information.