敏感个人信息分类分级研究

Research on Classification and Grading of Sensitive Personal Information

我国在网络安全领域具有里程碑意义的重要法律--《中华人民共和国数据安全法》于2021年9月1日正式实施,明确提出对数据施行分类分级保护的要求,是我国首次正式将数据分类分级概念写入国家法律。个人信息特别是敏感的个人信息,作为数据安全保护的重要对象,在信息的利用和挖掘过程中面临极大的安全和隐私问题,亟须针对敏感个人信息进行分类分级保护,推动敏感个人信息规范化使用进程。通过研究敏感个人信息分类分级的背景,梳理敏感个人信息分类分级的现状,并指出当前常用方法存在的问题,在此基础上,提出了敏感个人信息分类分级的新思路,其研究成果有利于进一步推动敏感个人信息分类分级的研究。

China’s landmark law in the field of cybersecurity,Data Security Law of the People’s Republic of China,was officially implemented on September 1st,2021,in which the concept of data classification and grading was formally written into national law for the first time,explicitly requiring the implementation of classification and grading of data protection.Personal information,especially sensitive personal information,as an important object of data security protection,faces great security and privacy problems in the process of information utilization and mining,and there is an urgent need for classification and grading protection measures for sensitive personal information to promote the process of standardized use of sensitive personal information.By studying the background of classification and grading of sensitive personal information,this paper reviews the current situation of classification and grading of sensitive personal information,and points out the problems existing in the current common methods.On this basis,this paper proposes a new idea for the classification and grading of sensitive personal information,and its research results are conducive to further promote the research on classification and grading of sensitive personal information.