论文部分内容阅读
2013年2月1日起,《信息安全技术公共及商用服务信息系统个人信息保护指南》(以下称《指南》)开始付诸实施。作为我国首部个人信息保护国家标准,它确立了“目的明确、最少够用、公开告知、个人同意、质量保证、安全保障、诚信履行、责任明确”8项原则,主要对信息服务从业者进行规范。《指南》最显著的特点是规定个人敏感信息在收集和利用之前,必须首先获得个人信息主体明确授权。然而,在《指南》落地施行一段时间之后,金融机构、通讯运营及电子商务
As of February 1, 2013, the “Guide to the Protection of Personal Information of Information Security Technology Public and Business Services Information Systems” (hereinafter referred to as the “Guide”) has been put into effect. As the first national standard for the protection of personal information in China, it has established the eight principles of “clear purpose, least sufficient use, open disclosure, personal consent, quality assurance, safety assurance, good faith fulfillment and clear responsibility”, mainly focusing on information service practitioners Regulate. The most notable feature of the Guide is that it stipulates that personal sensitive information must first be clearly authorized by the subject of personal information before being collected and utilized. However, some time after the implementation of the Guide, financial institutions, telecommunications operations and e-commerce