>>>welcome visitor, haven't logged in. Login
Subscribe Now Contact us  
Font Size:  A A A Search “Fabao” Window English 中文 = 简体  繁体
  Favorite   DownLoad   Print
 
Information Security Technology – Guidelines for the Protection of Personal Information in Public and Commercial Service Information Systems [Effective]
信息安全技术 公共及商用服务信息系统个人信息保护指南 [现行有效]
【法宝引证码】

Information Security Technology – Guidelines for the Protection of Personal Information in Public and Commercial Service Information Systems 

信息安全技术 公共及商用服务信息系统个人信息保护指南

(GB/Z 28828-2012, approved and issued by theGeneral Administration of Quality Supervision, Inspection and Quarantine and the Standardization Administration of China on November 5, 2012, and entered into force on February 1, 2013) (GB/Z 28828-2012 国家质量监督检验检疫总局、国家标准化管理委员会2012年11月5日批准发布 2013年2月1日起实施)

With the extensive application of information technologies and the continuous popularization of the Internet, personal information has become increasingly important in social and economic activities, and cases of abusing personal information have also emerged, which has jeopardized the social order and personal vital interests. This technical guidance is developed for purposes of promoting the rational utilization of personal information, guiding and regulating the processing of personal information through information systems. 随着信息技术的广泛应用和互联网的不断普及,个人信息在社会、经济活动中的地位日益凸显,滥用个人信息的现象随之出现,给社会秩序和个人切身利益带来了危害。为促进个人信息的合理利用,指导和规范利用信息系统处理个人信息的活动,制定本指导性技术文件。
1 Scope 

1 范围

This technical guidance regulates the processing of personal information in whole or in part through information systems, and provides guidance for the protection of personal information at different stages of processing personal information in information systems. 本指导性技术文件规范了全部或部分通过信息系统进行个人信息处理的过程,为信息系统中个人信息处理不同阶段的个人信息保护提供指导。
This technical guidance applies to guiding the protection of personal information in information systems by all types of organizations and institutions other than government organs and other institutions performing public management duties, such as service institutions in telecommunications, finance, and medical care, etc. 本指导性技术文件适用于指导除政府机关等行使公共管理职责的机构以外的各类组织和机构,如电信、金融、医疗等领域的服务机构,开展信息系统中的个人信息保护工作。
2 References to Regulatory Documents 

2 规范性引用文件

The following documents are essential to the application of this document. For references to the dated documents, only the dated edition of a document is applicable to this document. For references to undated documents, the latest edition (including all amendments) of a document is applicable to this document. 下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。
GB/T20269-2006 Information Security Technology – Information System Security Management Requirements GB/T20269-2006信息安全技术信息系统安全管理要求
GB/Z20986-2007 Information Security Technology – Guidelines for the Classification and Grading of Information Security Incidents GB/Z20986-2007信息安全技术信息安全事件分类分级指南
3 Terminology and Definition 

3 术语和定义

The terms and definitions as defined in GB/T20269-2006 and GB/Z20986-2007 and the following terms and definitions shall apply to this technical guidance. GB/T20269-2006和GB/Z20986-2007中界定的以及下列术语和定义适用于本技术性指导文件。
3.1 Information System  3.1 信息系统 informationsystem
The computer information system is composed of a computer (including mobile communication terminal) and its related and supporting equipment and facilities (including network), which can collect, process, store, transmit, retrieve information according to certain application objectives and rules. 即计算机信息系统,由计算机(含移动通信终端)及其相关的和配套的设备、设施(含网络)构成,能够按照一定的应用目标和规则对信息进行采集、加工、存储、传输、检索等处理。
3.2 Personal Information  3.2 个人信息 personalinformation
The computer data, which can be processed by information systems, is related to specific natural persons, and can identify such specific natural persons independently or in combination with other information. Personal information may be divided into sensitive personal information and personal general information. 可为信息系统所处理、与特定自然人相关、能够单独或通过与其他信息结合识别该特定自然人的计算机数据。个人信息可以分为个人敏感信息和个人一般信息。
3.3 Subject of Personal Information  3.3 个人信息主体 subjectofpersonalinformation
Natural persons to whom personal information directs to. 个人信息指向的自然人。
3.4 Administrator of Personal Information  3.4 个人信息管理者 administratorofpersonalinformation
An organization or institution that determines the purposes and manners of processing personal information, actually controls personal information and processes personal information through any information system. 决定个人信息处理的目的和方式,实际控制个人信息并利用信息系统处理个人信息的组织和机构。
3.5 Receiver of Personal Information  3.5 个人信息获得者 receiverofpersonalinformation
An individual, organization or institution that receives personal information from any information system and processes the person information received according to the consent of the subject of personal information. 从信息系统获取个人信息的个人、组织和机构,依据个人信息主体的意愿对获得的个人信息进行处理。
3.6 Third Party Testing and Evaluation Agency  3.6 第三方测评机构 thirdpartytestingandevaluationagency
A professional testing and evaluation agency independent of the administrator of personal information. 独立于个人信息管理者的专业测评机构。
3.7 Sensitive Personal Information  3.7 个人敏感信息 personalsensitiveinformation
The personal information which, once exposed or modified, will have an adverse impact on the labeled subject of personal information. The specific contents of sensitive personal information of all industries shall be determined according to the consent of the subjects of individual information that accept services and their respective business characteristics. For example, sensitive personal information may include identity card numbers, mobile phone numbers, races, political views, religious beliefs, genes, and fingerprints, among others. 一旦遭到泄露或修改,会对标识的个人信息主体造成不良影响的个人信息。各行业个人敏感信息的具体内容根据接受服务的个人信息主体意愿和各自业务特点确定。例如个人敏感信息可以包括身份证号码、手机号码、种族、政治观点、宗教信仰、基因、指纹等。
3.8 Personal General Information  3.8 个人一般信息 personalgeneralinformation
Personal information other than sensitive personal information. 除个人敏感信息以外的个人信息。
3.9 Processing of Personal Information  3.9 个人信息处理 personalinformationhandling
Personal information processing shall include information collection, processing, transfer, deletion. 处置个人信息的行为,包括收集、加工、转移、删除。
3.10 Tacit Consent  3.10 默许同意 tacitconsent
The subject of personal information shall be deemedconsentient when he or she raises no clear objection. 在个人信息主体无明确反对的情况下,认为个人信息主体同意。
3.11 Expressed Consent
......
  3.11 明示同意 expressedconsent
......

Dear visitor, as a premium member of this database, you will get complete access to all content.Please go premium and get more.

1. To become a premium member, please call 400-810-8266 Ext. 171.

2. Binding to the account with access to this database.

3. Apply for a trial account.

4. To get instant access to a document, you can Pay Amount 【¥500.00】 for your single purchase.
 
您好:您现在要进入的是北大法宝英文库会员专区。
如您是我们英文用户可直接 登录,进入会员专区查询您所需要的信息;如您还不是我们 的英文用户;您可通过网上支付进行单篇购买,支付成功后即可立即查看本篇内容。
Tel: +86 (10) 82689699, +86 (10) 82668266 ext. 153
Mobile: +86 13311570713
Fax: +86 (10) 82668268
E-mail:info@chinalawinfo.com
     
     
Scan QR Code and Read on Mobile
【法宝引证码】        北大法宝en.pkulaw.cn
Message: Please kindly comment on the present translation.
 
Confirmation Code:
Click image to reset code
 
  Translations are by lawinfochina.com, and we retain exclusive copyright over content found on our website except for content we publish as authorized by respective copyright owners or content that is publicly available from government sources.

Due to differences in language, legal systems, and culture, English translations of Chinese law are for reference purposes only. Please use the official Chinese-language versions as the final authority. Lawinfochina.com and its staff will not be directly or indirectly liable for use of materials found on this website.

We welcome your comments and suggestions, which assist us in continuing to improve the quality of our materials as we dynamically expand content.
 
Home | About us | Disclaimer | Chinese