NOTE: This translation was originally published on the China Copyright and Media blog, a project of DigiChina’s Prof. Rogier Creemers of the University of Leiden. It has not been edited, double-checked, or standardized with DigiChina’s original content. Read more.
Includes explanatory notes published by the Ministry of Industry and Information Technology.
Our country’s first national personal information protection standards, the “Information Security Technology Guidelines for Personal Information Protection on Public and Commercial Service Information Systems” will be implemented from 1 February 2013. The said standard’s clearest characteristic is that, before sensitive personal information is collected and used, the clear authorization of the subject of that personal information must be obtained in advance.
The Ministry of Industry and Information Technology Information Security Coordination Department’s vice-director Ouyang Wu said, at a teaching meeting on national standards for personal information protection, that these standards are put forward and specifically organized by the National Information Security Standardization Technology Committee, the China Software Observation Centre took the lead in formulating them jointly with many work units. The said standards are our country’s first national standards concerning personal information protection, and were published last year in November.
These standards clearly require that handling personal information shall have a specific, clear and reasonable objective, take place with consent by the subject of the personal information under a situation where the personal information subject is clearly informed, and personal information is to be deleted after the goal for the personal information use has been achieved.
Furthermore, the clearest characteristic of the standard is that it divides personal information into common personal information and sensitive personal information, and puts forward the concept of tacit consent and explicit consent. Handling of common personal information may take place on the basis of tacit consent, as long as personal information subjects do not clearly express opposition, it may be collected and used. Concerning sensitive personal information handling, this must be established on a basis of explicit consent, before collection and use, the authorization of the subject of the personal information must be obtained in advance.
This standard also puts forward eight basic principles that shall be observed in handling personal information, which are having clarity of the purpose, least sufficient use, open notification, individual consent, quality guarantee, security guarantee, honest performance and clear responsibility.
The China Software Observation Centre Vice-Director Zhu Xuan said that the roll-out of the standard means that our country’s personal information protection work has officially entered the stage that “there is a standard to rely on”. The China Software Observation Centre has also taken the lead in establishing a personal information protection promotion association and establishing enterprise self-discipline models, which remedies the lack of organizations and institutions for personal information protection in our country.
Information Security Technology Guidelines for Personal Information Protection on Public and Commercial Service Information Systems
1. Scope
This guiding document standardizes the complete or part of the process of handling personal information through information systems, and provides guidance on the protection of personal information at different stages of personal information handling in information systems.
This guiding document is applicable to the guidance of all sorts of organizations and organs other than government organs and other organs exercising public management responsibilities, such as service organs in telecommunications, finance, medicine and other such areas, to develop personal information protection work in information systems.
2. Referenced normative documents
The following documents are indispensible in the application of this document. For all dated referenced documents, only dated versions apply to this document. For all undated reference documents, the newest version (including all revisions) applies to this document.
GB/T 20269-2006 Information Security Technology – Information System Security Management Requirements
GB/Z 20986-2007 Information Security Technology – Information Security Incident Categorization and Classification Guidelines
3. Technical terminology and definitions
The definitions from documents GB/T 20269-2006 and GB/Z 20986-2007 and the following technical terminology and definitions apply to this technological guiding document.
3.1
Information system
Computer information systems, composed of computers (including mobile telecommunications terminals) and related or complementary equipment and facilities (including networks), that are able to conduct information collection, processing, storage, transmission, search and other such processes according to certain applied goals and rules
3.2
Personal information
Computer data that is handled in computer systems, that are related to a specific natural person, and that can be used independently or in combination with other information to distinguish that specific natural person. Personal information may be divided into sensitive personal information and common personal information.
3.3
Subject of personal information
The natural person to whom personal information refers.
3.4
Personal information administrator
Organizations and institutions that decide the purpose for and method of personal information handling, who actually control personal information and se information systems to handle personal information.
3.5
Personal information receiver
Individuals, organizations and institutions who obtain personal information from information systems, and who handle the personal information obtained on the basis of the wishes of the subject of the personal information.
3.6
Third party testing and evaluation agency
Specialist testing and evaluation institutions independent from personal information administration.
3.7
Sensitive personal information
Personal information that, once it is leaked or altered, may bring about harmful influence to the subject of the indicated personal information. The concrete content sensitive personal information in different sectors is to be determined on the basis of the wishes of the subject of the personal information who receives the service and the particular characteristics of different sectors. Personal information listed as sensitive may include identity card numbers, mobile telephone numbers, ethnicity, political viewpoints, religious beliefs, genes, fingerprints, etc.
3.8
Common personal information
Personal information other than sensitive personal information.
3.9
Personal information handling
Acts of dealing with personal information, including collection, processing, transmission and deletion.
3.10
Tacit consent
Considering that the subject of personal information consents under circumstances where the subject of personal information has not clearly expressed opposition.
3.11
Explicit consent
Clear authorization and consent by the subject of personal information, for which evidence is kept.
4. Personal information protection overview
4.1. Roles and responsibilities
4.1.1. Summary
The main roles in the process of the protection of personal information protection on information systems include the subject of personal information, personal information administrators, personal information receivers and third party testing and evaluation agencies, for their duties, see 4.1.2. – 4.1.5.
4.1.2. Subjects of personal information
Before providing personal information, they must actively understand the purpose for which personal information administrators collect information, the use and other such information, and provide personal information according to their individual wishes; after they discover that personal information is leaked, lost or altered, they are to appeal or put forward an interpellation with the personal information administrator, or file a complaint with the personal information protection management departments.
4.1.3. Personal information administrators
They are responsible for planning, designing and establishing workflows for personal information handling on information systems according to State laws, regulations and guiding technical documents; formulating individual personal information management system, implementing personal information management responsibilities; assigning special bodies or personnel to be responsible for personal information protection work inside the institution, and receiving complaints and interpellations from subjects of personal information; formulating personal information protection education and training plans and organizing their implementation; establishing personal information protection internal control mechanisms, and regularly conducting self-inspection of the security situation of information system personal information, protection systems and the implementation situation of measures, or entrusting a third party testing and evaluation agencies to conduct testing and evaluation.
Controlling risks in the process of handling personal information on information systems, formulating advance planning to deal with leaks, losses, damage, alteration, improper use and other such incidents that may occur in the process of handling personal information; after discovering that personal information is leaked, lost or altered, timely adopting necessary response measures, prevent the further expansion of the influence of the incident, and timely notifying the subject of the personal information of the influence received; where major incidents occur, timely reporting them to personal information protection and management departments.
Accepting inspection, supervision and guidance from personal information protection and management departments with relation to the situation of personal information protection, vigorously participating and coordinating with third party testing and evaluation organs’ testing and evaluation of the protection situation of personal information on information systems.
4.1.4. Personal information receivers
Where the receipt of personal information proceeds from processing entrustment by another party and other such objectives, personal information receivers must process personal information according to this guiding technical document and the entrustment contract, and after completing processing duties, immediately delete the corresponding personal information.
4.1.5. Third party testing and evaluation agencies
Starting from the angle of safeguarding the public interest, on the basis of authorization of personal information protection management departments and sector associations, or with the entrustment of personal information administrators, and other basis of State laws, regulations and this guiding technical document, conducting testing and evaluation of information systems, obtaining the personal information protection situation, as a basis for personal information administrators’ evaluating, supervising and guiding personal information protection.
4.2. Basic principles
Personal information administrators should abide by the following basic principles when using information systems to handle personal information:
a) The principle of a clear purpose – handling personal information shall have a specific, clear and reasonable purpose, the use scope is not to be expanded, and the purpose for handling personal information shall not be changed under situations where subjects of personal information are unaware of this.
5) The principle of least sufficient use – only the smallest amount of information related to the purpose for handling is to be handled, when the handling purpose is achieved, personal information is to be deleted in the shortest time.
c) The principle of open notification – there is a duty to notify, explain and warn subjects of personal information as well as possible. The purpose for handling personal information, the scope of personal information collection and use, personal information protection measures and other such information are to be truthfully notified to subjects of personal information in clear, easily understandable and appropriate ways,
d) The principle of individual consent – before personal information handling, the consent of the subject of the personal information must be obtained.
e) The principle of quality guarantee – it is to be guaranteed that personal information is kept secret, intact and usable in the process of handling, and this remains in the newest condition.
f) The principle of security guarantee – adopting appropriate management measures and technical methods that are suited to the possibility and gravity of harm to personal information, protecting personal information security, preventing retrieval or disclosure of information without the authorization of the personal information, and the loss, leakage, destruction and alteration of personal information.
g) The principle of honest implementation – handling personal information according to the commitments made at the time of collection, or on the basis of statutory grounds, no longer continuing to handle personal information after achieving the fixed purpose.
h) The principle of clear responsibilities – clarifying the responsibilities of personal information handling processes, adopting corresponding measures and implementing corresponding responsibilities, and recording personal information handling processes in such a manner that they can be easily traced back.
5. Personal information protection
5.1.
Summary
The handling process of personal information on information systems can be divided into four main segments: collection, processing, transmission and deletion. Protection of personal information penetrates the four segments:
a) Collection refers to obtaining and recording personal information.
b) Processing refers to conducting operations with personal information, including entering, storing, revising, annotating, comparing, mining, screening, etc.
c) Transmission refers to the act of providing personal information to personal information receivers, such as open publication, disclosure to specific groups, reproduction onto other information systems because of entrustment of processing to other persons, etc.
d) Deletion refers to ensuring that personal information can no longer be used on information systems.
5.2. The collection stage
5.2.1. There must be a specific, clear and reasonable purpose
5.2.2. Before collection, a method to easily inform the subject of the personal information must be adopted, and the subject of the personal information must be notified and warned about the following matters:
a) the purpose for personal information handling
b) the personal information collection means and methods, the concrete collected content and duration of preservation;
c) the use scope of personal information, including the scope of disclosure or of provision of personal information to other organizations and institutions;
d) personal information protection protection measures;
e) the name, address, contact method and other such relevant information of the personal information administrator;
f) the risks that may exist after the subject of the personal information provides personal information;
g) the consequences that may occur if the subject of the personal information does not provide personal information;
h) the complaint channels for the subject of the personal information;
i) if it is necessary to transmit personal information to or entrust it with other organizations or institutions, the notification to subject of the personal information must contain but is not limited to the following information: the purpose of transmission or entrustment, the concrete content and use scope of transmitted or entrusted personal information, the name, address and contact method of the personal information receiver to whom it is transmitted or entrusted, etc.
5.2.3. Before handling personal information, the consent of the subject of the personal information must be obtained, which includes tacit consent and explicit consent. When collecting common personal information, it may be assumed that the subject of the personal information gives tacit consent, if the subject of the personal information clearly voices opposition, the collection of personal information must be ceased and personal information deleted; when collecting sensitive personal information, the explicit consent of the subject of the personal information must be obtained.
5.2.4. Only collect the smallest amount of information necessary to achieve the notified purpose.
5.2.5. Adopt notified methods and means to directly collect from subjects of personal information, do not adopt hidden means or indirect means to collect personal information.
5.2.6. Provide corresponding functions during the collection of personal information, permitting the subject of personal information to dispose of, adjust and close personal information collection functions.
5.2.7. Do not directly collect sensitive personal information from minors under the age of 16 and other persons whose civil capacity to act is limited or who do not have the capacity to act, where it is truly necessary to collect their sensitive personal information, the explicit consent of their statutory guardian must be obtained.
5.3. The processing stage
5.3.1. Do not violate the use purpose notified during the collection stage, or process personal information in excess of the notified scope.
5.3.2. Adopt notified methods and means.
5.3.3. Guarantee that personal information does not become known to any individual, organization or institution that is unrelated to the purpose of handling during the processing stage.
5.3.4. Without clear consent of the subject of the personal information, do not leak the personal information being handled to other individuals, organizations or institutions.
5.3.5. Guarantee that in the process of processing, stable operation of information systems is maintained, that personal information remains intact and in a usable state, and is maintained in the newest condition.
5.3.6. When subjects of personal information discover that flaws exist in their personal information or it needs to be revised, personal information administrators must inspect and check matters according to the requirements of the subject of the personal information, and under the precondition of guaranteeing the integrity of personal information, revise or supplement the corresponding information.
5.3.7. Record the condition of personal information minutely, when subjects of personal information demand to inspect their personal information, personal information administrators must truthfully and without charge notify whether or not it holds personal information, the content of the personal information it holds, the processing condition of personal information and other content, except where the costs of notification or the frequency of requests exceeds a reasonable scope.
5.4. The transmission stage.
5.4.1. Do not violate the transmission purpose notified during the collection stage, or transmit personal information in excess of the notified scope.
5.4.2. Before transmitting personal information to other organizations or institutions, assess whether they are able or not to handle personal information according to the requirements of this guiding technical document, and guarantee the responsibility for personal information protection of that organization or institution through contract.
5.4.3. Guarantee that in the process of transmission, personal information does not become known by individuals, organizations or institutions outside of the personal information receiver.
5.4.4. Before and after personal information transmission, the integrity and usability of personal information is to be maintained in the newest conditions.
5.4.5. Without explicit consent by the subject of personal information, or clear provisions in laws or regulations, or without the agreement of the controlling departments, personal information administrators may not transmit personal information to foreign personal information receivers, including individuals abroad or foreign-registered organizations and institutions.
5.5. The deletion stage
5.5.1. When subjects of personal information have a legitimate reason to demand the deletion of their personal information, timely delete the personal information. When deleting personal information may influence law enforcement organs’ investigations or evidence-gathering, adopt appropriate storage and screening measures.
5.5.2. After the purpose for personal information use notified during the collection stage has been achieved, immediately delete personal information; if it is necessary to continue handling, content that enables the distinction of a concrete individual must be deleted; if it is necessary to continue to handle sensitive personal information, the explicit consent of the subject of the personal information must be obtained.
5.5.3. When exceeding the personal information preservation period notified during the collection stage has been exceeded, corresponding information must be deleted immediately; where there are explicit provisions concerning preservation periods, the corresponding provisions are to be implemented.
5.5.4. When personal information administrators go bankrupt or close down, if it is impossible to continue to complete the commitments of the purpose for personal information handling, personal information must be deleted. Where deleting personal information may influence law enforcement organs’ investigations or evidence-gathering, adopt appropriate storage and screening measures.
信息安全技术公共及商用服务信息系统个人信息保护指南我国首个个人信息保护国家标准——《信息安全技术公共及商用服务信息系统个人信息保护指南》将于2013年2月1日起实施。该标准最显著的特点是规定个人敏感信息在收集和利用之前,必须首先获得个人信息主体明确授权。工业和信息化部信息安全协调司副司长欧阳武在21日举行的个人信息保护国家标准宣讲会上说,这项标准是由全国信息安全标准化技术委员会提出并归口组织,中国软件评测中心牵头,联合多家单位制定。该标准是我国首个关于个人信息保护的国家标准,于去年11月发布。这项标准明确要求,处理个人信息应有特定、明确和合理的目的,并在个人信息主体知情的情况下获得个人信息主体的同意,在达成个人信息使用目的之后删除个人信息。其中,标准最显著的特点是将个人信息分为个人一般信息和个人敏感信息,并提出默许同意和明示同意的概念。对于个人一般信息的处理可以建立在默许同意的基础上,只要个人信息主体没有明确表示反对,便可收集和利用。对于个人敏感信息,则需要建立在明示同意的基础上,在收集和利用之前,必须首先获得个人信息主体明确的授权。这项标准还提出了处理个人信息时应当遵循的八项基本原则,即目的明确、最少够用、公开告知、个人同意、质量保证、安全保障、诚信履行和责任明确。中国软件评测中心副主任朱璇说,标准的出台意味着我国个人信息保护工作正式进入“有标可依”阶段。中国软件评测中心还将牵头组建个人信息保护推进联盟,建立企业自律模式,弥补我国个人信息保护相关组织机构的缺失。信息安全技术 公共及商用服务信息系统个人信息保护指南1 范围本指导性技术文件规范了全部或部分通过信息系统进行个人信息处理的过程,为信息系统中个人信息处理不同阶段的个人信息保护提供指导。本指导性技术文件适用于指导除政府机关等行使公共管理职责的机构以外的各类组织和机构,如电信、金融、医疗等领域的服务机构,开展信息系统中的个人信息保护工作。2 规范性引用文件下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。GB/T 20269-2006 信息安全技术 信息系统安全管理要求GB/Z 20986-2007 信息安全技术 信息安全事件分类分级指南3 术语和定义GB/T 20269-2006 和GB/Z 20986-2007中界定的以及下列术语和定义适用于本技术性指导文件。3.1信息系统 information system即计算机信息系统,由计算机(含移动通信终端)及其相关的和配套的设备、设施(含网络)构成,能够按照一定的应用目标和规则对信息进行采集、加工、存储、传输、检索等处理。3.2个人信息 personal information可为信息系统所处理、与特定自然人相关、能够单独或通过与其他信息结合识别该特定自然人的计算机数据。个人信息可以分为个人敏感信息和个人一般信息。3.3个人信息主体 subject of personal information个人信息指向的自然人。3.4个人信息管理者 administrator of personal information决定个人信息处理的目的和方式,实际控制个人信息并利用信息系统处理个人信息的组织和机构。3.5个人信息获得者 receiver of personal information从信息系统获取个人信息的个人、组织和机构,依据个人信息主体的意愿对获得的个人信息进行处理。3.6第三方测评机构 third party testing and evaluation agency独立于个人信息管理者的专业测评机构。3.7个人敏感信息 personal sensitive information一旦遭到泄露或修改,会对标识的个人信息主体造成不良影响的个人信息。各行业个人敏感信息的具体内容根据接受服务的个人信息主体意愿和各自业务特点确定。例如个人敏感信息可以包括身份证号码、手机号码、种族、政治观点、宗教信仰、基因、指纹等。3.8个人一般信息 personal general information除个人敏感信息以外的个人信息。3.9个人信息处理 personal information handling处置个人信息的行为,包括收集、加工、转移、删除。3.10默许同意 tacit consent在个人信息主体无明确反对的情况下,认为个人信息主体同意。3.11明示同意 expressed consent个人信息主体明确授权同意,并保留证据。4 个人信息保护概述4.1 角色和职责4.1.1 综述信息系统个人信息保护实施过程中涉及的角色主要有个人信息主体、个人信息管理者、个人信息获得者和独立测评机构,其职责见4.1.2至4.1.5。4.1.2 个人信息主体在提供个人信息前,要主动了解个人信息管理者收集的目的、用途等信息,按照个人意愿提供个人信息;发现个人信息出现泄漏、丢失、篡改后,向个人信息管理者投诉或提出质询,或向个人信息保护管理部门发起申诉。4.1.3 个人信息管理者负责依照国家法律、法规和本指导性技术文件,规划、设计和建立信息系统个人信息处理流程;制定个人信息管理制度、落实个人信息管理责任;指定专门机构或人员负责机构内部的个人信息保护工作,接受个人信息主体的投诉与质询;制定个人信息保护的教育培训计划并组织落实;建立个人信息保护的内控机制,并定期对信息系统个人信息的安全状况、保护制度及措施的落实情况进行自查或委托独立测评机构进行测评。管控信息系统个人信息处理过程中的风险,对个人信息处理过程中可能出现的泄露、丢失、损坏、篡改、不当使用等事件制定预案;发现个人信息遭到泄漏、丢失、篡改后,及时采取应对措施,防止事件影响进一步扩大,并及时告知受影响的个人信息主体;发生重大事件的,及时向个人信息保护管理部门通报。接受个人信息保护管理部门对个人信息保护状况的检查、监督和指导,积极参与和配合第三方测评机构对信息系统个人信息保护状况的测评。4.1.4 个人信息获得者当个人信息的获取是出于对方委托加工等目的,个人信息获得者要依照本指导性技术文件和委托合同,对个人信息进行加工,并在完成加工任务后,立即删除相关个人信息。4.1.5 第三方测评机构从维护公众利益角度出发、根据个人信息保护管理部门和行业协会的授权、或受个人信息管理者的委托,依据相关国家法律、法规和本指导性技术文件,对信息系统进行测试和评估,获取个人信息保护状况,作为个人信息管理者评价、监督和指导个人信息保护的依据。4.2 基本原则个人信息管理者在使用信息系统对个人信息进行处理时,宜遵循以下基本原则:a)目的明确原则——处理个人信息具有特定、明确、合理的目的,不扩大使用范围,不在个人信息主体不知情的情况下改变处理个人信息的目的。b)最少够用原则——只处理与处理目的有关的最少信息,达到处理目的后,在最短时间内删除个人信息。c)公开告知原则——对个人信息主体要尽到告知、说明和警示的义务。以明确、易懂和适宜的方式如实向个人信息主体告知处理个人信息的目的、个人信息的收集和使用范围、个人信息保护措施等信息。d)个人同意原则——处理个人信息前要征得个人信息主体的同意。e)质量保证原则——保证处理过程中的个人信息保密、完整、可用,并处于最新状态。f)安全保障原则——采取适当的、与个人信息遭受损害的可能性和严重性相适应的管理措施和技术手段,保护个人信息安全,防止未经个人信息管理者授权的检索、披露及丢失、泄露、损毁和篡改个人信息。g)诚信履行原则——按照收集时的承诺,或基于法定事由处理个人信息,在达到既定目的后不再继续处理个人信息。h)责任明确原则——明确个人信息处理过程中的责任,采取相应的措施落实相关责任,并对个人信息处理过程进行记录以便于追溯。5 个人信息保护5.1 概述信息系统中个人信息的处理过程可分为收集、加工、转移、删除4个主要环节。对个人信息的保护贯穿于4个环节中:a)收集指对个人信息进行获取并记录。b)加工指对个人信息进行的操作,如录入、存储、修改、标注、比对、挖掘、屏蔽等。c)转移指将个人信息提供给个人信息获得者的行为,如向公众公开、向特定群体披露、由于委托他人加工而将个人信息复制到其他信息系统等。d)删除指使个人信息在信息系统中不再可用。5.2 收集阶段5.2.1 要具有特定、明确、合法的目的。5.2.2 收集前要采用个人信息主体易知悉的方式,向个人信息主体明确告知和警示如下事项:a)处理个人信息的目的;b)个人信息的收集方式和手段、收集的具体内容和留存时限;c)个人信息的使用范围,包括披露或向其他组织和机构提供其个人信息的范围;d)个人信息的保护措施;e)个人信息管理者的名称、地址、联系方式等相关信息;f)个人信息主体提供个人信息后可能存在的风险;g)个人信息主体不提供个人信息可能出现的后果;h)个人信息主体的投诉渠道;i)如需将个人信息转移或委托于其他组织和机构,要向个人信息主体明确告知包括但不限于以下信息:转移或委托的目的、转移或委托个人信息的具体内容和使用范围、接受委托的个人信息获得者的名称、地址、联系方式等。5.2.3 处理个人信息前要征得个人信息主体的同意,包括默许同意或明示同意。收集个人一般信息时,可认为个人信息主体默许同意,如果个人信息主体明确反对,要停止收集或删除个人信息;收集个人敏感信息时,要得到个人信息主体的明示同意。5.2.4 只收集能够达到已告知目的的最少信息。5.2.5 要采用已告知的手段和方式直接向个人信息主体收集,不采取隐蔽手段或以间接方式收集个人信息。5.2.6 持续收集个人信息时提供相关功能,允许个人信息主体配置、调整、关闭个人信息收集功能。5.2.7 不直接向未满16周岁的未成年人等限制民事行为能力或无行为能力人收集个人敏感信息,确需收集其个人敏感信息的,要征得其法定监护人的明示同意。5.3 加工阶段5.3.1 不违背收集阶段已告知的使用目的,或超出告知范围对个人信息进行加工。5.3.2 采用已告知的方法和手段。5.3.3 保证加工过程中个人信息不被任何与处理目的无关的个人、组织和机构获知。5.3.4 未经个人信息主体明示同意,不向其他个人、组织和机构披露其处理的个人信息。5.3.5 保证加工过程中信息系统持续稳定运行,个人信息处于完整、可用状态,且保持最新。5.3.6 个人信息主体发现其个人信息存在缺陷并要求修改时,个人信息管理者要根据个人信息主体的要求进行查验核对,在保证个人信息完整性的前提下,修改或补充相关信息。5.3.7 详细记录对个人信息的状态,个人信息主体要求对其个人信息进行查询时,个人信息管理者要如实并免费告知是否拥有其个人信息、拥有其个人信息的内容、个人信息的加工状态等内容,除非告知成本或者请求频率超出合理的范围。5.4 转移阶段5.4.1 不违背收集阶段告知的转移目的,或超出告知的转移范围转移个人信息。5.4.2 向其他组织和机构转移个人信息前,评估其是否能够按照本指导性技术文件的要求处理个人信息,并通过合同明确该组织和机构的个人信息保护责任。5.4.3 保证转移过程中,个人信息不被个人信息获得者之外的任何个人、组织和机构所获知。5.4.4 保证转移前后,个人信息的完整性和可用性,且保持最新。5.4.5 未经个人信息主体的明示同意,或法律法规明确规定,或未经主管部门同意,个人信息管理者不得将个人信息转移给境外个人信息获得者,包括位于境外的个人或境外注册的组织和机构。5.5 删除阶段5.5.1 个人信息主体有正当理由要求删除其个人信息时,及时删除个人信息。删除个人信息可能会影响执法机构调查取证时,采取适当的存储和屏蔽措施。5.5.2 收集阶段告知的个人信息使用目的达到后,立即删除个人信息;如需继续处理,要消除其中能够识别具体个人的内容;如需继续处理个人敏感信息,要获得个人信息主体的明示同意。5.5.3 超出收集阶段告知的个人信息留存期限,要立即删除相关信息;对留存期限有明确规定的,按相关规定执行。5.5.4 个人信息管理者破产或解散时,若无法继续完成承诺的个人信息处理目的,要删除个人信息。删除个人信息可能会影响执法机构调查取证时,采取适当的存储和屏蔽措施。
