摘要
[目的/意义]当数据合规成为大数据时代企业的命脉,研究用户隐私影响评估标准(PIA)之间的异同,对于企业规避数据合规风险具有现实意义。[过程/方法]运用文献分析法以及比较分析法,以ISO/IEC 29134基本框架为依据,从PIA的界定与作用、进行PIA的时机、进行PIA的目的、PIA的流程及内容以及审核及问责制度5个方面,对各国隐私影响评估标准进行比较与评价。[结果/结论]当前中外隐私影响评估标准普遍存在操作性不强的问题,对标准的完善及评估模板的研究与编制是未来重要的研究方向。
[Purpose/significance]When data compliance becomes the lifeblood of enterprises in the era of big data,it is of practical significance to study the similarities and differences between user privacy impact assessment standards for enterprises to avoid data compliance risks.[Process/method]Based on the basic framework of ISO/IEC 29134,this paper uses literature analysis and comparative analysis to compare and evaluate the privacy impact assessment standards of different countries from five aspects:the definition and function of PIA,the timing of PIA,the purpose of PIA,the process and content of PIA,and the audit and accountability system.[Result/conclusion]The current privacy impact assessment standards at home and abroad are generally not operable,The improvement of the standard and the study and compilation of the evaluation template are important research directions in the future.
出处
《情报理论与实践》
CSSCI
北大核心
2021年第8期153-158,共6页
Information Studies:Theory & Application
基金
国家社会科学基金一般项目“新型国家安全观下的个人数据保护研究”的阶段性成果之一,项目编号:18BTQ084。
关键词
隐私影响评估
用户隐私
数据合规
评估标准
比较研究
privacy impact assessment
user privacy
data compliance
evaluation criterion
comparative study
