In terms of the compliance use of data, Yu Hai Yongchuang ensures that the interests of customers, partners and himself are not infringed by the following standards for the legal and compliance use of data, hoping to promote the healthy development of the industry.
At present, we have carried out the following work:
1. Standardize the data security management mechanism.
The strategy of unified management of central point and multi-point collaborative management is adopted to strictly control and ensure data security in all aspects of data collection, transmission, processing and use. Carry out data security education, training and sharing in stages around data security within the enterprise to create a strict awareness of data security. For example, establish a strategic cooperation model with data security companies such as Niu Ding Science and Technology, and build an intelligent network security barrier to protect data security with the help of its military-quality intelligent network security products.
2. Follow the principles of legality, compliance and rationality of data collection.
When providing services to users, customers are required to clearly state the content and authorization of user privacy terms. For example, in the privacy clause, nEqual, as a data service provider, has the right to use data in standard scenarios. Refuse to receive user data forcibly collected without any prompt. For the data sources provided by external suppliers that need to be accessed, suppliers need to specify the data sources, provide relevant certificates, and obtain authorization from consumers.
3. Store and use data according to law.
In the case of authorized access, data is transmitted and stored through strict data encryption technology. Before use, clean the data and conduct data desensitization technology again to prepare for all subsequent analysis. For analysis data, based on encrypted and desensitized data, the process is irreversible, which ensures the reasonable collection and safe use of data.
4. In data processing and use, a complete data layering mechanism is established, which automatically layers, encrypts, de-identifies, desensitizes, standardizes analysis and processing all data according to the marking rules, monitors and records all data operations, and supervises all operations in real time.
In data operation, strict data access authority management has been established, and specific data access authority has been assigned to each data operator, adhering to the principle of minimum availability to ensure that designated personnel can only access designated data.
As a very important asset, the principle of multi-layer encryption is adopted in the transmission and use of data to ensure that the data can be correctly and reasonably output and used.
For the data of service enterprises, the qualification of the docking party will be reviewed and judged. For example, the transmission mode and storage mode of the docking party, and the information security qualification of the docking party system, such as whether it has passed the national network security level protection (level 3) (version 2.0).
6. Standardize partner data application standards.
Audit the data cooperation that conforms to the data compliance specification in many aspects, including the third-party data security audit of the partner, and its hardware, network, operation and maintenance, operation and other business scenarios involving data processing. To ensure that data flows in a legal and compliant process.
7. For data destruction, customers are supported to specify the validity period of data, and for expired data, it is supported to delete data through API interface or mail.
8. Continue to carry out quarterly review of internal systems, and accept the annual review of professional data security institutions, from product design and coding realization to online management of operation and maintenance, authority management, document management, operation logs, operation processes and other links to ensure that everything has rules to follow without leaving any security loopholes.
Yu Hai Yong Chuang Data Leak Prevention System: This is a set of software system to ensure data security and safe use from the source. Including transparent file encryption and decryption, internal file circulation function, security level control, offline management, file delivery management, flexible approval process, working mode switching, server white list and other functions. Fundamentally prevent information leakage and ensure information security. Monitor all the operation behaviors of end users, generate various statistical reports, help locate the source of security incidents, and provide a strong basis.