1 Scope
This standard standardizes the process that personal information is wholly or partially handled by way of the information system and provides guidance for the protection of personal information in different stages for personal information handling in the information system.
This standard is applicable to the protection of personal information in the information system performed by various organizations and institutes except government agency and other institutes exercising public administration duty, such as facilitating agencies concerning telecommunication, finance and medical treatment.
2 Normative References
The following documents are essential for the application of this document. For dated reference, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.
GB/Z 20986-2007 Information Security Technology - Guidelines for The Category and Classification of Information Security Incidents
3 Terms and Definitions
For the purpose this standard, terms and definitions in GB/Z 20986-2007 and those below apply.
Foreword I
Introduction II
1 Scope
2 Normative References
3 Terms and Definitions
4 Overview of Personal Information Protection
5 Personal Information Protection During Information Handling
Bibliography