Fined one million yuan, a company in Zhejiang caused data leakage while developing systems for government departments | fine | data supervisor
According to the WeChat official account "Online Security Bureau of the Ministry of Public Security", in March 2023, the Zhejiang Wenzhou Public Security Online Security Department found problems when investigating a case involving data security violations.
It is reported that during the process of developing an operation and maintenance information management system for a county-level government department in Zhejiang, a technology company in Zhejiang illegally uploaded sensitive business data collected by the construction unit to a rented public cloud server without the consent of the construction unit, and did not take security measures, resulting in serious data leakage.
According to Article 45 of the Data Security Law, the public security organs in Wenzhou, Zhejiang Province have imposed administrative penalties of 1 million yuan, 80000 yuan, and 60000 yuan on the company, project managers, and directly responsible personnel, respectively.
In response to the situation of the construction unit's negligence and failure to fulfill its data security protection responsibilities, the local discipline inspection and supervision commission, in accordance with the Implementation Rules of the Wenzhou Party Committee's Network Security Work Responsibility System, has made decisions to hold the main responsible comrades and department heads of the construction unit accountable, including criticism and education, admonishment talks, and government case investigations.
According to Article 45 of the Data Security Law, which will come into effect on September 1, 2021, if an organization or individual carrying out data processing activities fails to fulfill the data security protection obligations stipulated in Articles 27, 29, and 30 of this Law, the relevant competent department shall order it to make corrections, give a warning, and may also impose a fine of not less than 50000 yuan but not more than 500000 yuan. The directly responsible supervisor and other directly responsible personnel may be fined not less than 10000 yuan but not more than 100000 yuan; Those who refuse to correct or cause serious consequences such as a large amount of data leakage shall be fined not less than 500000 yuan but not more than 2 million yuan, and may be ordered to suspend relevant business, suspend business for rectification, revoke relevant business licenses or revoke business licenses. The directly responsible supervisors and other directly responsible personnel shall be fined not less than 50000 yuan but not more than 200000 yuan.