当前位置:网站首页>Data security -- 13 -- data security lifecycle management
Data security -- 13 -- data security lifecycle management
2022-07-06 06:35:00 【Follow also】
One 、 Introduction
Data security Lifecycle Management , It starts with the safe collection or generation of data , Secure use of overlay data 、 Secure transport 、 Secure storage 、 Safety disclosure 、 Safe circulation and tracking , The whole process safety guarantee mechanism until safe destruction .
For the privacy lifecycle of data , It is generally divided into the following stages :
● Inform the data subject ( Privacy statement or notice )
● Data subject selection and consent
● Data collection or generation
● The data transfer
● Data storage and retention period management
● Data usage
● Data circulation and exit
● Data disclosure
● Data destruction
Two 、 Inform the data subject
For informing data subjects , Start with data collection , The purpose of the collected data should be clarified 、 Business and product range used 、 Protective measures, etc , Avoid collecting unnecessary user data . In order to protect the right to know of the data subject , And comply with the transparency requirements of laws and regulations , We need to inform the data subject of our privacy policy .
Take the most common website online services as an example , Usually, you need to place a named Privacy policy
Hyperlinks for .
3、 ... and 、 Data subject selection and consent
Processing personal data , At least one of the six legal bases is required , These six bases are The user agrees to
、 Contractual obligations
、 Legal obligations
、 The core interests of data subjects or others
、 public interest
、 The legitimate interests of data controllers and third parties
.
Among the six legal bases :
● Contractual obligations
、 Legal obligations
、 The core interests of data subjects or others
、 public interest
These four bases use very limited scenarios , Not universal .
● Legitimate interests
The most controversial 、 Most complaints , It needs to be avoided as much as possible .
therefore , Most commonly used in practice 、 The most important legal basis is The user agrees to
.
When it may have a great impact on the data subject , In particular, it is necessary to obtain the effective consent or express consent of the data subject . The so-called effective consent , That is, by default, you cannot check "agree" for users , Users are required to actively check the consent option .
in addition , Different types of businesses should use different privacy policies , Instead of using a blanket privacy policy . Some activities mentioned in the privacy policy that may affect the interests of data subjects , For example, personalized advertising push , Switch options should be set , And it cannot be opened by default .
In order to effectively manage the consent of data subjects , The background needs to record the consent record of each data subject to each privacy policy version , When the privacy policy version is updated , The data subject needs to agree again .
Four 、 Secure collection or generation of data
After the user agrees , Should be informed in accordance with the privacy policy , Minimize collection . For the received data , Its data classification and classification should be determined . Data classification and classification determine what measures should be taken to protect it .
To prevent personal information disclosure , Appropriate pretreatment should be taken after data collection , Or measures to reduce privacy sensitivity , Upload to the server , There is no need to transmit original sensitive information .
5、 ... and 、 Secure transmission of data
The transmission of information should use HTTPS Or other encrypted channels . Transmit on the Internet , The preferred HTTPS Encrypted transmission mechanism , It is recommended to use a unified access gateway , Unified management of certificate private key , Enable uniformly HTTPS. Transmit on Intranet , Consider RPC The encrypted 、HTTPS Equal mechanism , Encrypted transmission of sensitive data .
6、 ... and 、 Safe storage and retention period management of data
Generally, encrypted storage measures are taken for the following data :
● password 、 secret key , Include database 、 Passwords and keys in the configuration file .
● Sensitive personal privacy data .
● alive UGC data ( User generated content ).
As for business data , You need to weigh , Especially involving retrieval 、 Sort 、 Sum calculation and other scenarios .
In terms of retention period , It mainly involves two types of data .
● The first is the identity data of the data subject , It is usually collected once , If there is no need to correct , Then it will be stored for a long time , Until the product goes offline or the user cancels the account , Delete the corresponding data .
● The second type is generated during the activity after registration , Such as pay / Records of consumption 、 Sports records, etc , According to the set retention period , Automatically delete or delete the corresponding encryption key when it expires .
7、 ... and 、 Safe use of data
In data usage 、 Retain 、 In the process of storage , Necessary safety control measures need to be taken , To ensure the security of personal data , This part usually includes :
● Access to data requires authorization based on identity 、 Access control 、 Audit mechanism .
● to grant authorization , For example, in addition to the users themselves , Authorize their friends to view their circle of friends information .
● Access control , For example, prevent the database from being directly opened to the public or have weak passwords .
● Retention period management , For payment / Records of consumption 、 Sports records, etc , According to the set retention period , Automatically delete or delete the corresponding encryption key when it expires .
● Data display , Some data cannot be displayed , Like passwords 、 Biometrics for identity authentication , Some data need desensitization , Such as name 、 Phone number 、 Address 、 Bank card number, etc .
● Data disclosure , Data before disclosure , Strict desensitization should be taken 、 To mark words and other measures 、 Due diligence and signing should be carried out before disclosure to data processors DPA.
8、 ... and 、 Data circulation and exit
For the safe flow of data , It is recommended not to provide raw data , It is encapsulated as a data service , Insert a tracking field that can be uniquely located to a specific business , Provide desensitization data query interface , Establish corresponding accounts for other businesses and authorize them 、 Limit the query frequency 、 Record the query log . If you have to provide raw data , Consider inserting some fake data that can uniquely locate the other party's business , It is used to locate the party responsible for the leakage of data in batches .
Provide data to other businesses through data interface , Other business demanders need to promise or sign confidentiality agreements , Disable caching 、 It is forbidden to delete tracking fields , And check the implementation when the other party's business goes online .
If the data is collected or generated domestically , By default, it should be stored in China . If you want to transfer abroad , It needs to be strictly evaluated , And consult the legal department of the enterprise .
If it's a cell phone APP And other scenes directly involving personal data exit , At least get the express consent of the user . Express consent is included in the privacy statement to actively and clearly inform 、 The user actively checks agree .
Nine 、 Data destruction
In practice , It is still quite difficult to truly destroy or make it unusable in the sense of security , In general , When the user requests deletion , You can delete the key of the corresponding record , Make the original encrypted data in the backup no longer available .
For retired hard disks , Generally, low-level formatting is required 、 Degaussing 、 Physical bending destruction and other means for destruction .
边栏推荐
- Fledgling Xiao Li's 103rd blog CC2530 resource introduction
- CS通过(CDN+证书)powershell上线详细版
- 电子书-CHM-上线CS
- CS passed (cdn+ certificate) PowerShell online detailed version
- keil MDK中删除添加到watch1中的变量
- Black cat takes you to learn UFS protocol Chapter 18: how UFS configures logical units (Lu Management)
- 模拟卷Leetcode【普通】1249. 移除无效的括号
- 字幕翻译中翻英一分钟多少钱?
- MFC dynamically creates dialog boxes and changes the size and position of controls
- Simulation volume leetcode [general] 1414 The minimum number of Fibonacci numbers with a sum of K
猜你喜欢
Transfert des paramètres de la barre d'adresse de la page de liste basée sur jeecg - boot
Black cat takes you to learn UFS protocol Chapter 4: detailed explanation of UFS protocol stack
sourceInsight中文乱码
Financial German translation, a professional translation company in Beijing
CS passed (cdn+ certificate) PowerShell online detailed version
Black cat takes you to learn EMMC Protocol Part 10: EMMC read and write operation details (read & write)
国际经贸合同翻译 中译英怎样效果好
Advanced MySQL: Basics (1-4 Lectures)
It is necessary to understand these characteristics in translating subtitles of film and television dramas
Past and present lives of QR code and sorting out six test points
随机推荐
Simulation volume leetcode [general] 1414 The minimum number of Fibonacci numbers with a sum of K
Convert the array selected by El tree into an array object
基於JEECG-BOOT的list頁面的地址欄參數傳遞
How effective is the Chinese-English translation of international economic and trade contracts
How to do a good job in financial literature translation?
Defense (greed), FBI tree (binary tree)
Simulation volume leetcode [general] 1219 Golden Miner
Selenium source code read through · 9 | desiredcapabilities class analysis
模拟卷Leetcode【普通】1143. 最长公共子序列
Redis core technology and basic architecture of actual combat: what does a key value database contain?
The ECU of 21 Audi q5l 45tfsi brushes is upgraded to master special adjustment, and the horsepower is safely and stably increased to 305 horsepower
Modify the list page on the basis of jeecg boot code generation (combined with customized components)
Phishing & filename inversion & Office remote template
Simulation volume leetcode [general] 1109 Flight reservation statistics
如何将flv文件转为mp4文件?一个简单的解决办法
sourceInsight中文乱码
MySQL5.72.msi安装失败
Cannot create poolableconnectionfactory (could not create connection to database server. error
基于JEECG-BOOT制作“左树右表”交互页面
How to extract login cookies when JMeter performs interface testing