Recently, the "China Cybersecurity Industry Alliance (CCIA) Data Security Working Committee", "Data Security Community Plan (DSC)" and other organizations jointly launched the "Personal Information Protection Impact Assessment Special Work (referred to as "PIA Special Work")" and provided The shortlisted companies were issued corresponding grade marks. Eleven companies including Hehe Information, Kuaishou, Xiaocai Tiancai, and Ant Group were among the first to receive the "PIA Two-Star Logo".
In 2021, the "Personal Information Protection Law of the People's Republic of China" (referred to as the "Personal Information Protection Law") was officially implemented, of which Articles 55 and 56 established my country's personal information protection impact assessment system. Personal information security impact assessment aims to discover, handle and continuously monitor risks that may adversely affect the legitimate rights and interests of personal information subjects during the processing of personal information. However, since the law came into effect, companies still have confusion and blind spots in the process of promoting personal information protection impact assessment. For example, when implementing various PIA scenarios in the "Personal Information Protection Law" and the special risks of PIA in various industries, the existing The operational guidelines given by national standards are difficult to take into account all details.
During the special discussion, the CCIA Data Security Working Committee found that the main reasons for the difficulty in implementing operational guidelines involve the following aspects: Data security risk assessment has high requirements for evaluators, and some organizations are unable to independently complete high-quality data security risk assessments; data security There is no mature list of risk sources, and there may be many omissions in the risk analysis by assessors; the implementation unit only conducts compliance assessments in accordance with the contents of the "Guidelines" and ignores the core risk management concepts in risk assessments.
In order to effectively promote the effectiveness of the personal information protection impact assessment system, PIA special work brings together the industry to jointly promote the implementation of PIA's implementation guidelines for segmented scenarios and industries. The application, evaluation and issuance of the "PIA mark" are important actions in the normalization of personal information protection impact assessment work. Among them, obtaining the "one-star" label requires the company to refer to the corresponding national standards and the tool tables developed by PIA special work for the PIA assessment work of specific business scenarios related to the label, and the working methods are relatively standardized; obtaining the "two-star" label requires Evaluation results from authoritative third-party organizations need to be introduced.
Under the tide of digitalization, how to protect personal information in a more timely and effective manner has become a hot topic around the world. At this stage, many countries and regions such as the United States, Canada, and the European Union have formulated relevant requirements for PIA, and the regulatory requirements for personal information protection impact assessment have been continuously strengthened and improved. The discovery of excellent corporate practice cases will contribute to the healthy development of the industrial ecology. Hehe Information is an artificial intelligence and big data technology company. Through credible technical means and systematic internal control mechanisms, Hehe Information not only responds to compliance requirements and ensures data security, but also provides digital and intelligent products and services to hundreds of millions of individual users and corporate customers around the world.
After evaluation by the PIA special working group and third-party authoritative organizations, the relevant scenarios of technology companies such as Hehe Information performed well in aspects such as the standardization of information processing, the security measures in place, the identification of risk sources, and the analysis of the impact on personal rights and interests, and were awarded the "PIA Second Star Logo". Previously, Hehe Information was selected into the first batch of pilot units for data classification and grading under the "Zhuoxin Big Data Plan" of the China Academy of Information and Communications Technology, and as a pilot unit for data security management capability certification.