GB/T 42014-2022 English PDFUS$419.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 42014-2022: Information security technology - Data security requirements for online shopping services Status: Valid
Basic dataStandard ID: GB/T 42014-2022 (GB/T42014-2022)Description (Translated English): Information security technology - Data security requirements for online shopping services Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.030 Word Count Estimation: 20,239 Date of Issue: 2022-10-12 Date of Implementation: 2023-05-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 42014-2022: Information security technology - Data security requirements for online shopping services---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology - Data security requirements for online shopping services ICS 35.030 CCSL80 National Standards of People's Republic of China Information Security Technology Data Security Requirements for Online Shopping Services shopping services Released on 2022-10-12 2023-05-01 implementation State Administration for Market Regulation Released by the National Standardization Management Committee table of contentsPreface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Abbreviations 2 5 Overview 2 5.1 Composition of online shopping service business 2 5.2 Data scope of online shopping service 2 6 Basic Requirements 3 7 Data Collection 3 7.1 Collection of personal information 3 7.2 Applying for system permissions 3 7.3 Informed Consent 4 8 Data storage and transmission 4 9 Data usage and processing 4 9.1 Data usage 4 9.2 Automated Decision Making 5 10 Data provision and disclosure 5 10.1 Data provision 5 10.2 Data disclosure 6 11 Data Deletion6 12 Data Export 6 13 Rights of Personal Information Subject 7 13.1 Access to personal information 7 13.2 Correction of personal information 7 13.3 Deletion of personal information 7 13.4 Cancel account 7 13.5 Protection of Minors' Personal Information 8 14 Data Security Requirements for Typical Scenarios of Online Shopping Services 8 14.1 Social Shopping 8 14.2 Live Shopping 8 14.3 Online and offline integrated shopping 8 Appendix A (Informative) Data Processing Activities and Data Security Risks of Online Shopping Services 10 Appendix B (Informative) Reference Rules for Identification of Important Data in Online Shopping Services and Examples of Data Classification 12 Appendix C (Informative) Scope of Personal Information Collection and Use Requirements for Common Extended Business Functions of Online Shopping Services 13 Appendix D (informative) Application scope and usage requirements for relevant system permissions of online shopping service App 14 Reference 15forewordThis document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for Standardization Work Part 1.Structure and Drafting Rules for Standardization Documents" drafting. Please note that some contents of this document may refer to patents. The issuing agency of this document assumes no responsibility for identifying patents. This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260). This document is drafted by. Alibaba (Beijing) Software Services Co., Ltd., China Electronics Standardization Institute, Beijing Xiaomi Mobile Software Co., Ltd., Beijing Jingdong Shangke Information Technology Co., Ltd., Suning.com Group Co., Ltd., Huawei Technologies Co., Ltd., Shanghai Xunmeng Information Technology Co., Ltd., Beijing Sankuai Online Technology Co., Ltd., Lenovo (Beijing) Co., Ltd., China Power Great Wall Internet System Application Co., Ltd. Co., Ltd., National Computer Network Emergency Technology Coordination Center, Beijing Byte Beat Technology Co., Ltd., Information Engineering Research Institute of Chinese Academy of Sciences Research Institute, Glory Terminal Co., Ltd., China Academy of Information and Communications Technology, Shanghai Guanan Information Technology Co., Ltd., Wuhan Antiy Information Technology Co., Ltd. limited liability company. The main drafters of this document. Zhu Hongru, Shangguan Xiaoli, Bai Xiaoyuan, Huang Tianning, Xu Yujia, Hu Ying, Chen Shu, Gu Wei, Wang Yunxiang, Li Ruiqing, Qi Junqing, Yan Shaomin, Yi Qiang, Liu Xiaocen, Min Jinghua, Chen Xiaohua, Li Ruxin, Liu Yuling, Jiang Zhengwei, Shu Min, Wei Wei, Chen Tian, Lu Yining, Wang Ying, Zhou Chenwei, Li Haidong, Zhao Xinqiang, Huang Xinbei, Zhao Xiaona, Kang Qiong, Sun Xudong, Liu Aijing, Zhang Yinze, Song Jian, Luo Yu, Chen Yong, Yan Ximin, Cao Jing, Zhao Yunwei, Xie Jiang, Ye Chuan, Gao Yubing. Information Security Technology Data Security Requirements for Online Shopping Services1 ScopeThis document stipulates the collection, storage, transmission, use, processing, provision, disclosure, deletion, export and other data processing activities of online shopping services safety requirements. This document is applicable to the standardization of data processing activities of online shopping service providers, and can also be used by regulatory authorities and third-party assessment agencies to regulate online shopping. Provide reference for supervision, management and evaluation of material service data processing activities.2 Normative referencesThe contents of the following documents constitute the essential provisions of this document through normative references in the text. Among them, dated references For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 25069 Information Security Technical Terms GB/T 35273-2020 Personal Information Security Specifications for Information Security Technology GB/T 37988 Information Security Technology Data Security Capability Maturity Model GB/T 39335 Information Security Technology Personal Information Security Impact Assessment Guidelines GB/T 41391-2022 Information Security Technology Mobile Internet Application (App) Basic Requirements for Collection of Personal Information GB/T 41479 Information Security Technology Network Data Processing Security Requirements3 Terms and DefinitionsGB/T 25069, GB/T 35273-2020 and the following terms and definitions apply to this document. 3.1 The business activity of selling goods or services through information networks such as the Internet. Note 1.In addition to mall shopping, common online shopping service forms also include live broadcast shopping, social shopping, online and offline integrated shopping, etc. Note 2.According to the characteristics of the goods or services provided by online shopping services, online shopping services also include food delivery, transportation ticketing, hotel services and performance tickets service etc. [Source. GB/T 38652-2020, 2.1, with modifications] 3.2 Provide one or more services such as information release, information delivery, and data processing for two or more parties to a transaction to achieve the purpose of transaction matching Information system. [Source. GB/T 38652-2020, 2.2, modified] 3.3 Data collected and generated during online shopping services. ...... |
