摘要
个人信息保护法对企业的个人信息处理行为和用户个人信息保护提供了明确的法律指引,这也使得企业处理个人信息时面临更复杂的挑战和更多的法律风险,尤其表现在外部合规规范缺乏、用户个人信息生命周期管理和敏感信息不当利用等方面。基于此,要实现企业用户个人信息合规,须在平衡用户个人信息保护和合理利用价值基础上,国家和企业协同发力。一方面,健全合规指引体系、细化个人信息分级分类保护、建立合规激励机制;另一方面,完善“告知-同意”、最短存储时间和删除规则,制定风险评估和应急响应计划,加强技术防护。
The PIPL provides clear legal guidance for enterprises’personal information processing behavior and users’personal information protection,which also makes enterprises face more complex challenges and more legal risks when handling personal information,especially in the lack of external compliance norms,the management of users’personal information and the improper use of sensitive information.Based on this,in order to achieve compliance with the personal information of enterprise users,the state and enterprises must make concerted efforts on the basis of balancing the protection of users’personal information and the value of reasonable use.On the one hand,we should improve the compliance guidance system,refine the hierarchical and categorical protection of personal information,and establish a compliance incentive mechanism.On the other hand,we should improve the“inform-consent”,minimum storage time and deletion rules,formulate risk assessment and emergency response plans as well as strengthen technical protection.
作者
陶陶
余飞扬
TAO Tao;YU Feiyang(Anhui University,Hefei Anhui 230039)
出处
《浙江万里学院学报》
2023年第4期48-54,共7页
Journal of Zhejiang Wanli University
基金
安徽省教育厅科学研究项目(YJS20210021)。
关键词
企业合规
个人信息保护
“告知-同意”
corporate compliance
personal information protection
inform consent
