《電子技術(shù)應(yīng)用》
您所在的位置:首頁(yè) > 其他 > 設(shè)計(jì)應(yīng)用 > 個(gè)人信息保護(hù)合規(guī)審計(jì)的輔助實(shí)現(xiàn)技術(shù)框架研究
個(gè)人信息保護(hù)合規(guī)審計(jì)的輔助實(shí)現(xiàn)技術(shù)框架研究
網(wǎng)絡(luò)安全與數(shù)據(jù)治理
刁毅剛1,,張玲翠2,,劉曉蒙3
1.中央網(wǎng)信辦(國(guó)家網(wǎng)信辦)數(shù)據(jù)與技術(shù)保障中心,;2.中國(guó)科學(xué)院信息工程研究所;3.中電科網(wǎng)絡(luò)安全科技股份有限公司
摘要: 數(shù)字經(jīng)濟(jì)時(shí)代背景下,,合格評(píng)定工作呈現(xiàn)出數(shù)字轉(zhuǎn)型趨勢(shì),這將對(duì)開(kāi)展個(gè)人信息保護(hù)合規(guī)審計(jì)活動(dòng)產(chǎn)生重要影響,。概述了個(gè)人信息保護(hù)合規(guī)檢查技術(shù)工具概況和相關(guān)關(guān)鍵技術(shù),,在此基礎(chǔ)上,提出了個(gè)人信息保護(hù)合規(guī)審計(jì)可以依托技術(shù)輔助實(shí)現(xiàn)的審計(jì)項(xiàng),,指明了個(gè)人信息合規(guī)審計(jì)工作技術(shù)輔助實(shí)現(xiàn)的路徑,。依托以上研究成果,,提出《個(gè)人信息保護(hù)合規(guī)審計(jì)技術(shù)能力及工具要求(征求意見(jiàn)稿)》標(biāo)準(zhǔn),明確了個(gè)人信息保護(hù)合規(guī)審計(jì)輔助實(shí)現(xiàn)技術(shù)框架,,介紹了依據(jù)標(biāo)準(zhǔn)研發(fā)的個(gè)人信息保護(hù)合規(guī)審計(jì)技術(shù)工具原型,,及其對(duì)于個(gè)人信息保護(hù)合規(guī)審計(jì)輔助技術(shù)框架的示范驗(yàn)證作用。
中圖分類號(hào):TP27文獻(xiàn)標(biāo)識(shí)碼:ADOI:10.19358/j.issn.2097-1788.2024.09.008
引用格式:刁毅剛,,張玲翠,,劉曉蒙.個(gè)人信息保護(hù)合規(guī)審計(jì)的輔助實(shí)現(xiàn)技術(shù)框架研究[J].網(wǎng)絡(luò)安全與數(shù)據(jù)治理,2024,,43(9):49-54.
Research on the framework of assisting technology for implementation of personal information protection compliance audit
Diao Yigang 1,,Zhang Lingcui2,Liu Xiaomeng3
1.Data and Technology Support Center of the Cyberspace Administration of China (CAC); 2.National Computer System Engineering Research Institute of China;3.CETC Cyberspace Security Technology Co.,Ltd.
Abstract: In the context of digital economy, the process of digital transformation trend is appearing among conformity assessment activities, which would exert important influence on the personal information protection compliance audit activities afterwards. This article introduces the situation and development of checking software for personal information protection and the relevant technologies.According to basis of pre-research,,this article enlists audit items that could be implemented and supported with the help of technical methods, specifying the path to accomplish personal information protection compliance audit activity with the aid of technical assistance. Basing on the research production done beforehand, the research team proposes the standard of "Specification for the technical ability of auditing for personal information protection compliance and Software", which demonstrates the framework of assisting technology for implementation of personal information protection compliance audit.This article also introduces the prototype of software assisting for personal information protection compliance audit and its function as the demonstration and verification for the framework.
Key words : protection of personal information; compliance audit; conformity assessment; digitization

引言

黨的二十大報(bào)告提出加快建設(shè)網(wǎng)絡(luò)強(qiáng)國(guó),、數(shù)字中國(guó),加快發(fā)展數(shù)字經(jīng)濟(jì),。近年來(lái),,順應(yīng)數(shù)字經(jīng)濟(jì)的發(fā)展需要,我國(guó)積極推進(jìn)數(shù)字經(jīng)濟(jì)領(lǐng)域立法,,從《網(wǎng)絡(luò)安全法》的施行到《民法典》的頒布實(shí)施,,從《數(shù)據(jù)安全法》《個(gè)人信息保護(hù)法》的制定出臺(tái)到相關(guān)領(lǐng)域制度、標(biāo)準(zhǔn),、政策文件的起草和征求意見(jiàn),,在數(shù)字經(jīng)濟(jì)發(fā)展和法治建設(shè)進(jìn)程中,我國(guó)數(shù)據(jù)安全,、個(gè)人信息保護(hù)法律制度逐步建立并不斷發(fā)展完善,,數(shù)字經(jīng)濟(jì)法治環(huán)境日益完備健全[1]。近年來(lái),個(gè)人信息保護(hù)合規(guī)審計(jì)受到業(yè)界廣泛關(guān)注,,其不僅有利于保護(hù)公民個(gè)人信息權(quán)益,,還有望對(duì)解決公共數(shù)據(jù)授權(quán)運(yùn)營(yíng)等數(shù)據(jù)開(kāi)發(fā)利用活動(dòng)中的數(shù)據(jù)安全問(wèn)題,對(duì)數(shù)字經(jīng)濟(jì)發(fā)展產(chǎn)生重要而深遠(yuǎn)的影響,。

2021年出臺(tái)實(shí)施的《個(gè)人信息保護(hù)法》第五十四條,、第六十四條明確提出開(kāi)展個(gè)人信息保護(hù)合規(guī)審計(jì),構(gòu)成個(gè)人信息保護(hù)合規(guī)審計(jì)制度的法律依據(jù),;2021年11月,,面向社會(huì)公開(kāi)征求意見(jiàn)的《網(wǎng)絡(luò)數(shù)據(jù)安全管理?xiàng)l例(征求意見(jiàn)稿)》第五十三條規(guī)定“大型互聯(lián)網(wǎng)平臺(tái)運(yùn)營(yíng)者應(yīng)當(dāng)通過(guò)委托第三方審計(jì)方式,每年對(duì)平臺(tái)數(shù)據(jù)安全情況,、平臺(tái)規(guī)則和自身承諾的執(zhí)行情況,、個(gè)人信息保護(hù)情況、數(shù)據(jù)開(kāi)發(fā)利用情況等進(jìn)行年度審計(jì),,并披露審計(jì)結(jié)果” [2],;2023年11月,國(guó)家互聯(lián)網(wǎng)信息辦公室將《個(gè)人信息保護(hù)合規(guī)審計(jì)管理辦法(征求意見(jiàn)稿)》(以下簡(jiǎn)稱“《辦法》”)面向社會(huì)公開(kāi)征求意見(jiàn),,《辦法》共16條,,其中附錄《個(gè)人信息保護(hù)合規(guī)審計(jì)參考要點(diǎn)》(以下簡(jiǎn)稱“《要點(diǎn)》”)共31條,《辦法》從審計(jì)分類,、主體范圍和審計(jì)頻率,、審計(jì)機(jī)構(gòu)、審計(jì)時(shí)限等方面明確了個(gè)人信息保護(hù)合規(guī)審計(jì)的相關(guān)要求,,《辦法》的出臺(tái)使個(gè)人信息保護(hù)合規(guī)審計(jì)制度落實(shí)落地更具可操作性,,也對(duì)個(gè)人信息保護(hù)合規(guī)審計(jì)工作提出更嚴(yán)格細(xì)致的要求。

按照我國(guó)相關(guān)制度的頂層設(shè)計(jì),,個(gè)人信息保護(hù)合規(guī)審計(jì)是一項(xiàng)融法律,、數(shù)據(jù)治理、網(wǎng)絡(luò)(數(shù)據(jù))安全技術(shù)“三位一體”的綜合性合規(guī)活動(dòng),,具備一定專業(yè)性,、創(chuàng)新性[3],要做好這項(xiàng)工作,,相關(guān)方宜樹(shù)立系統(tǒng)思維,,結(jié)合所在單位個(gè)人信息處理的實(shí)際,運(yùn)用專業(yè)團(tuán)隊(duì)和手段,,有效應(yīng)對(duì)個(gè)人信息保護(hù)合規(guī)審計(jì)的審計(jì)項(xiàng)多,、存證工作量大、技術(shù)性強(qiáng)等特點(diǎn),,履行好個(gè)人信息處理者的責(zé)任,。


本文詳細(xì)內(nèi)容請(qǐng)下載:

http://forexkbc.com/resource/share/2000006163


作者信息:

刁毅剛1,張玲翠2,,劉曉蒙3

(1.中央網(wǎng)信辦(國(guó)家網(wǎng)信辦)數(shù)據(jù)與技術(shù)保障中心,,北京100048;

2.中國(guó)科學(xué)院信息工程研究所,,北京100085,;

3.中電科網(wǎng)絡(luò)安全科技股份有限公司,四川成都610095)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),,未經(jīng)授權(quán)禁止轉(zhuǎn)載,。