个人信息安全影响评估标准在支付业务领域的应用实践
Practice of Personal Information Security Impact Assessment Standard Application in Payment Business
华锦芝 1呼如生 1刘磊 1欧阳琛 1吴彦涵 1钟伟1
作者信息
摘要
围绕《中华人民共和国个人信息保护法》提出的个人信息保护影响评估要求,遵循GB/T 39335-2020《信息安全技术 个人信息安全影响评估指南》,构建符合企业业务实际的个人信息保护影响评估体系,通过评估业务或产品对个人的自主选择权、财产权、公平权等权益的影响程度以及个人信息全生命周期安全保护措施的适应性,并配套管理制度和平台工具,提前识别并降低业务可能存在的个人信息安全风险,主要应用在转接清算、二维码支付、无卡支付等各种支付业务场景且取得良好效果.
Abstract
In compliance with the personal information protection impact assessment requirements by the Personal Information Protection Law,following GB/T 39335-2020 Information security technology—Guidance for personal information security impact assessment we built a personal information protection impact assessment system tailored to the specific business of the enterprise.Through assessing the impact of the business on individual customer's rights of discretion,property,and fairness,as well as the adaptability of security protection measures throughout the life cycle of personal information with its supporting management processes and platform tools,the system can identify and reduce possible personal information security risks in advance,and has shown promising performance in various payment scenarios such as transaction clearing,QR code payment and card not present payment.
关键词
个人信息保护法/GB/T39335-2020/个人信息安全影响评估/支付业务Key words
Personal Information Protection Law/GB/T 39335-2020/personal information security impact assessment/payment business引用本文复制引用
出版年
2024
NETL
NSTL
万方数据