Recently, the results of the pilot evaluation of the "Personal Information Protection Impact Assessment Special Work" (referred to as "PIA Special Work") were officially released. The PIA special working group is composed of legal and technical experts from China Institute of Electronics Standardization, China Academy of Information and Communications, etc., to evaluate whether the process of carrying out PIA work by the pilot application unit complies with the principles, framework, methods, etc. proposed by the evaluation basis. Baidu , Kuaishou, Douyin, Avita, Hehe Information and other technology companies became the first batch of pilots.
In 2021, the "Personal Information Protection Law of the People's Republic of China" (referred to as the "Personal Information Protection Law") will be officially implemented, marking that my country's personal information protection legal system has entered a new stage. As an important mechanism for implementing risk prevention and management approaches, Articles 55 and 56 of the Personal Information Protection Law clearly incorporate the Personal Information Protection Impact Assessment System (PIA) into the obligations of personal information processors. Since the Act came into force, enterprises still face confusion and blind spots in the process of promoting the impact assessment of personal information protection.
For example, at the level of operational guidance, although the national standard "Information Security Technology Personal Information Security Impact Assessment Guidelines" (GB/T 39335-2020) has given the implementation process of PIA, reference methods, examples of high-risk activities, etc., the general When implementing the various PIA scenarios in the "Personal Information Protection Law" and the special risks of PIA in various industries, it is difficult to take into account the details of all aspects. Therefore, it is very important to gather the power of the industry to jointly promote the implementation of PIA subdivision scenarios and industry guidelines.
In order to effectively promote the effectiveness of the personal information protection impact assessment system, the "China Cyber Security Industry Alliance (CCIA) Data Security Working Committee", "Data Security Community Program (DSC)", and "Data Protection Officer (DPO) Community" jointly launched the " Special work on the impact assessment of personal information protection”, on the basis of participating in the preparation of relevant legislation and standards in the early stage, gathered legal, technical, and standard experts to explore detailed guidelines for the impact assessment of personal information protection, respond to the difficulties and pain points of enterprises’ implementation, and benchmark Domestic and foreign regulatory trends and requirements, promote industry consensus, discover excellent practices, and help the healthy development of the industrial ecology.
The pilot work is based on the "Personal Information Protection Law of the People's Republic of China", "Information Security Technology Personal Information Security Impact Assessment Guidelines" (GB/T 39335-2020), and the "Personal Information Protection Impact Assessment Common Tool Table" compiled by the PIA Special Working Group. " as the basis for evaluation. In the self-assessment stage of the pilot units, on the basis of the special working group's interpretation and publicity of the "Table of Commonly Used Tools for Personal Information Protection Impact Assessment", the pilot units will conduct self-assessment with reference to the assessment basis, and form a personal information protection impact assessment report.
After the initial evaluation and re-evaluation by the PIA special working group, the pilot units of science and technology enterprises such as Hehe Information performed well in information protection scenarios such as sensitive information processing, information use, and external provision, and the corresponding business scenarios were selected as the first batch of pilots.
According to public information, Hehe Information is an artificial intelligence and big data technology company. Based on leading intelligent text recognition and commercial big data core technologies, it provides digital and intelligent products and services for global individual users and corporate customers. The core C-end The products include Scanner Almighty King, Business Card Almighty King, Qixinbao, etc. The company's B-end services cover many top customers in nearly 30 industries including banking, securities, insurance, government, logistics, manufacturing, real estate, and retail.