个人信息保护标准综述

Review of Personal Information Protection Standards

通过分析ISO/IEC 29100系列标准、NIST SP800-53v4、欧盟CWA 16113:2010等国际上主要的个人信息保护标准,阐述标准对个人信息保护立法的补充和促进作用;并以欧盟将于2018年生效的《通用数据保护条例》为例,建议制定数据保护风险评估等标准对法律进行支撑。

By reviewing the major international standards for personal information protection, including families of standards such as ISO/IEC 29100, NIST SP800-53v4, CWA 16113：2010, elaborates on how standards complete and promote existing legislations for personal information protection. Using the example of the General Data Protection Regulation of the EU which will be in effect in 2018, this article makes the point that standards such as data protection risk assessment should be drafted to sustain the legislation.