信息通信技术与政策

信息通信技术与政策

信息通信技术与政策 ›› 2023, Vol. 49 ›› Issue (2): 20-29.doi: 10.12267/j.issn.2096-5931.2023.02.004

专题:网络安全 上一篇    下一篇

政务数据安全合规分析与创新实践

Government data security compliance analysis and innovation practice

胡国华1, 王振东1, 刘绍宇2, 李强3   

  1. 1.数安信(北京)科技有限公司,北京 100027
    2.中国社会科学院法学研究所,北京 100029
    3.杭州北山数字科技有限公司,杭州 310059
  • 收稿日期:2022-12-20 出版日期:2023-02-25 发布日期:2023-03-20
  • 作者简介:
    胡国华 数安信(北京)科技有限公司技术总监,高级工程师,主要研究方向为数据安全、数据合规等|王振东 数安信(北京)科技有限公司首席架构师,主要研究方向为数据安全、数据合规等|刘绍宇 中国社会科学院法学研究所助理研究员,法学博士后,主要研究方向为数据安全法、个人信息保护法、数据合规等|李强 杭州北山数字科技有限公司联席总经理,主要研究方向为数据安全、数据合规等

HU Guohua1, WANG Zhendong1, LIU Shaoyu2, LI Qiang3   

  1. 1. TrustNow(Beijing)Technology Co.,Ltd., Beijing 100027, China
    2. Institute of Law, Chinese Academy of Social Sciences, Beijing 100029, China
    3. Hangzhou Beishan Digital Technology Co., Ltd., Hangzhou 310059, China
  • Received:2022-12-20 Online:2023-02-25 Published:2023-03-20

摘要:

近年来,数据安全法律法规持续发布,如何确保政务等重要数据安全合法合规已经成为各级政府部门关注的重点工作。分析了国内政务数据安全所应遵循的法律相关要求,主要针对政务数据相关的《数据安全法》《个人信息保护法》《关键信息基础设施安全保护条例》的两法一条例的合规要求进行了针对性分析。同时,对数据安全评估与数据安全合规评估的差异进行了重点分析,提出了一套政务数据安全合规能力成熟度模型,模型给出了三种数据安全合规成熟度等级,并对每个等级的合规评估要点进行了分析。最后,提出了一种政务数据安全合规创新实践思路,可供各级政务数据处理者进行数据安全合规实践参考。

关键词: 数据安全, 数据安全合规, 政务数据

Abstract:

In recent years, with data security laws and regulations continue to be issued, how to ensure the legal compliance of government affairs and other important data security has become the focus of attention of government departments at all levels. This paper focuses on the analysis of the domestic government affairs data security should follow the relevant legal requirements, mainly for the government affairs data related to the “Data security Law”“Personal Information Protection Law”“Critical information infrastructure security protection regulations” compliance requirements for targeted analysis. At the same time, this paper focuses on the difference between data security assessment and data security compliance assessment, and puts forward a set of government data security compliance capability maturity model, which gives three data security compliance maturity levels, and analyzes the key points of compliance assessment of each level. At the end of this paper, an innovative practice idea of government data security compliance is proposed, which can be used as a reference for data security compliance practice of government data processors at all levels.

Key words: data security, data security compliance, government data

中图分类号: