等级保护2.0之App个人信息保护测评方法的探讨

Discussion on App Personal Information Protection Evaluation Method of Classified Protection 2.0

2019年5月13日《网络安全等级保护基本要求》正式发布,新标准新增了个人信息保护的要求。文章在分析移动App在个人信息保护中的必要性及难点的基础上,以App评估为切入点,结合近期发布的《个人信息安全规范》(征求意见稿)以及公安部等国家四部委“关于开展App违法违规收集使用个人信息专项治理”工作,探讨个人信息在采集、传输、保存、访问等过程中所面临的风险,为等级保护2.0中的个人信息保护要求提供一些测评思路。

On May 13,2019,the"Basic Requirements for the classified protection of Network Security"was officially released,and the new standard added requirements for personal information protection.Based on the analysis of the necessity and difficulty of mobile App in the personal information protection,this article takes the app evaluation as the starting point,Combining the recent⁃ly released"Personal Information Security Specifications"(draft for comments)and the work results of"Special Governance on the Collection and Use of Personal Information by App in Illegal and Illegal Activities"carried out by the four national ministries and commissions such as the Ministry of Public Security,explore the risks faced by personal information in the process of collection,transmission,storage,access,etc.,and provide some evaluation ideas for personal information protection requirements in classified protection 2.0.