摘要
《中华人民共和国个人信息保护法》的实行,将对企业日常运营中的各类个人信息处理活动带来新的影响与挑战。通过选取三个较常见的业务场景,探讨企业在新合规背景下的应对策略。首先,基于产品的隐私设计管理机制建设提出建议,并聚焦移动App隐私合规设计,举例说明合规设计要点;其次,大数据场景下如何做到既赋能业务又保护用户权利,提出五大关注重点;最后,天有不测风云,针对企业在个人信息安全事件响应所面临的挑战,提出了事前、事中和事后的应对机制。
The implementation of the Personal Information Protection Law of the People's Republic of China will bring new impacts and challenges to various personal information processing scenarios in organizations'daily operations.This paper discusses the response strategies of organizations in the context of new compliance with three selected common business scenarios.First,this paper proposes suggestions based on the construction of product privacy design management mechanism,and focuses on mobile App privacy compliance design,giving examples to illustrate the key points of compliance design.Then,it puts forward five key points of concern for how to enable businesses and protect user rights in the big data scenario.Finally,due to the unforeseen circumstances,in response to the challenges faced by organizations in responding to personal information security incidents,a emergency response mechanism covering before,during and after personal information security incidents is proposed.
作者
施建俊
王瑾
SHI Jianjun;WANG Jin(Ernst&Young(China)Advisory Ltd.,Shanghai 200120,China)
出处
《信息安全与通信保密》
2021年第11期19-29,共11页
Information Security and Communications Privacy
关键词
个人信息保护
隐私设计
大数据隐私
应急响应
personal information protection
privacy by design
big data privacy
emergency response