论消费者金融信息安全的规制路径

On the Security of Consumer Financial Information Regulatory Path

消费者金融信息包含多元利益,对消费者金融信息安全的保护起源于对金融隐私权的保护,但消费者对金融信息的绝对支配既无可能也无必要,应区分金融信息类型并采取“相对控制模式”。消费者金融信息处理应遵循合法性、正当性和必要性原则,而敏感金融信息处理还需遵行“特定目的 +单独同意”规则。公共规制路径主要有明确政府信息保护功能、行政处罚和刑事规制。私人规制路径要求金融机构基于信息保护义务进行合规化建设,《个人信息保护法》为消费者金融信息保护侵权责任的落实提供了请求权基础。消费者金融信息权具有经济法属性,立足于金融信息安全的社会公益属性,应从事后救济转化为事先预防、事中监管、事后救济的全过程保护模式。

Consumer financial information contains diverse interests,and the protection of consumer financial information security originates from the protection of financial privacy rights.However,it is neither possible nor necessary of absolute control of financial information by consumers.Therefore,it is necessary to distinguish the types of financial information and adopt“a relative control model”.The processing of consumer financial information should follow the principles of legality,legitimacy,and necessity,while the processing of sensitive financial information also needs to follow the“specific purpose+separate consent”rule.The public regulatory path mainly includes clarifying the government's information protection function,administrative penalties,and criminal regulations.The private regulatory path requires financial institutions to carry out compliance construction based on information protection obligations,and the Personal Information Protection Law provides a basis for the implementation of liability for the tort of consumer financial information protection.Consumer financial information rights have economic law attributes that based on the social welfare attributes of financial information security.They should engage in a wholeprocess protection model that transforms post relief into pre-prevention,in-process supervision,and post relief.