GB/T 42582-2023 English PDF

US$1599.00 · In stock
Delivery: <= 9 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 42582-2023: Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)
Status: Valid

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GB/T 42582-2023	1599	Add to Cart	9 days	Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)	Valid

Similar standards

GB/T 42453   GB/T 42447   GB/T 42460   GB/T 42573   GB/T 42572   

Basic data

Standard ID: GB/T 42582-2023 (GB/T42582-2023)
Description (Translated English): Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)
Sector / Industry: National Standard (Recommended)
Classification of Chinese Standard: L80
Classification of International Standard: 35.030
Word Count Estimation: 79,774
Date of Issue: 2023-05-23
Date of Implementation: 2023-12-01
Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration

GB/T 42582-2023: Information security technology - Personal information security testing and evaluation specification in mobile internet applications(App)

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030 CCSL80 National Standards of People's Republic of China Information Security Technology Mobile Internet Application (App) Personal Information Security Evaluation Specifications Released on 2023-05-23 2023-12-01 implementation State Administration for Market Regulation Released by the National Standardization Management Committee

table of contents

Preface I 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 Evaluation Process and Method 3 5:1 Overview 3 5:2 Evaluation Process 3 5:3 Evaluation method 4 5:4 Evaluation Environment and Tools 5 6 Evaluation implementation content 5 6:1 Evaluation of Personal Information Collection 5 6:2 Evaluation of Personal Information Storage 18 6:3 Evaluation of the use of personal information 22 6:4 Assessment of the rights of personal information subjects 30 6:5 Evaluation of entrusted processing, sharing, transfer, and public disclosure of personal information 39 6:6 Evaluation of Personal Information Security Incident Handling 53 6:7 Evaluation of Organizational Personal Information Security Management Requirements 56 7 Result judgment 67 8 Reporting 67 Appendix A (Informative) Basic Information Collection Form of App Operators 68 Appendix B (informative) Description of the evaluation unit number 69 Appendix C (Informative) Examples of App Fraud, Deception, and Misleading Ways to Collect Personal Information 70 Appendix D (Informative) Frequency of App Collection of Personal Information in Different Scenarios 71 Appendix E (Informative) Additional notifications when App applies for specific types of system permissions or collects specific types of system information Reference 72 Appendix F (informative) Applicable evaluation units only for App evaluation 73 Reference 75

foreword

This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents" drafting: Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents: This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260): This document was drafted by: China Institute of Electronic Technology Standardization, China Network Security Review Technology and Certification Center, First Research Institute of the Ministry of Public Security Research Institute, Beijing Information Security Evaluation Center, China Electronics Technology Group Corporation Fifteenth Research Institute, National Computer Network Emergency Technology Handling Association Investigation Center, Beijing Baidu Netcom Technology Co:, Ltd:, Beijing Bangbang Security Technology Co:, Ltd:, China Academy of Information and Communications Technology, Beijing Zhizhangyike Technology Co:, Ltd:, Digital Currency Research Institute of the People's Bank of China, China Mobile Communications Group Co:, Ltd:, Qi Anxin Wangshen Information Technology (Beijing) Co:, Ltd:, Beijing Hanhua Feitian Xinan Technology Co:, Ltd:, Beijing Qihoo Technology Co:, Ltd:, Shaanxi Province Network and Information Security Evaluation Center, Institute of Information Engineering, Chinese Academy of Sciences, National Information Technology Security Research Center, Beijing UnionPay Gold Card Technology Co:, Ltd:, Beijing Transportation University, Xi'an Jiaotong University, China Automotive Engineering Research Institute Co:, Ltd:, Beijing Douyin Information Service Co:, Ltd:, Daily Interactive Co:, Ltd: Co:, Ltd:, Venustech Information Technology Group Co:, Ltd:, OPPO Guangdong Mobile Communication Co:, Ltd:, Shenzhen Tencent Computer System Co:, Ltd:, Beijing Zhiyou Network Security Technology Co:, Ltd:, Quanzhi Technology (Hangzhou) Co:, Ltd:, Jiangsu Tongfudun Information Security Technology Co:, Ltd: Company, Zhongke Sharp Eye (Tianjin) Technology Co:, Ltd: The main drafters of this document: Hu Ying, Liu Xing, Fan Bo, Yao Xiangzhen, Gao Chao, Yan Yan, Xin Jianfeng, Han Yu, Fan Hong, Li Yuan, Liu Jian, Dong Jingjing, Lin Xingchen, Wang Yiyu, Li Xiaoxue, Wang Haitang, Deng Ting, Fang Ning, Wang Danhui, Li Biao, Song Lingwei, Qiu Qin, Zhao Shuai, Peng Gen, Yao Yinan, Yang Jing, Du Dan, Wu Dongyu, Li Yu, Wang Wei, Fan Ming, Li Guangping, Yang Xiaohan, Dong Lin, Shi Jing, Li Teng, Xu Yongtai, Han Yun, Wang Xiesi, Wang Dejia, Zhao Hongyu: Information Security Technology Mobile Internet Application (App) Personal Information Security Evaluation Specifications

1 Scope

This document specifies the evaluation process for personal information security evaluation of mobile Internet applications based on GB/T 35273-2020: and methods for evaluating various safety requirements: This document is applicable to guide third-party evaluation agencies to evaluate personal information security of mobile Internet applications, and to supervise The department supervises and manages the personal information security of mobile Internet applications, and mobile Internet application operators carry out personal information security: Refer to the implementation of the full self-assessment:

2 Normative references

The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document: GB/T 25069-2022 Information Security Technical Terminology GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology GB/T 41391-2022 Information Security Technology Mobile Internet Application (App) Basic Requirements for Collection of Personal Information

3 Terms and Definitions

Defined in GB/T 25069-2022, GB/T 35273-2020 and GB/T 41391-2022 and the following terms and definitions apply in this document: 3:1 Applications running on mobile smart terminals: Note: Including mobile smart terminal presets, downloaded and installed applications and applets: 3:2 Mobile internet application owner, manager or provider: 3:3 Software libraries to assist in software development: NOTE: A software development kit typically includes a collection of related binaries, documentation, examples, and tools: 3:4 Privacy Policyprivacypolicy Text describing the rules governing the handling of personal information by mobile internet applications: Note: For the content contained in the personal information protection policy, see 5:5 in GB/T 35273-2020: ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 42582-2023_English be delivered?

Answer: Upon your order, we will start to translate GB/T 42582-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 6 ~ 9 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 42582-2023_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 42582-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.