《数据安全技术 电子产品信息清除技术要求》强制性国家标准公开征求意见
智通财经网·2025-07-14 09:30

Core Viewpoint - The Central Cybersecurity and Information Technology Commission has completed a draft for a mandatory national standard on data security technology, specifically focusing on electronic product information erasure, which is now open for public consultation [1]. Group 1: Technical and Functional Requirements - The document outlines the technical and functional requirements for information erasure of electronic products, including the verification of information erasure effectiveness during the recycling process [3]. - It applies to the design, development, and validation of information erasure functions in electronic products, as well as the standardization of information erasure processes during recycling [1][3]. Group 2: Definitions and Terminology - Electronic products are defined as consumer-facing devices with data storage capabilities that have stored user data [6]. - Information erasure refers to the process where user data in the storage space of electronic products is rendered unreadable, inaccessible, or unrecoverable through technical means [7]. Group 3: Information Erasure Scope - The scope of information erasure includes clearing user-installed applications, media files, temporary cache files, backup data, system configuration information, and encryption keys [12]. Group 4: Technical Requirements for Information Erasure - Electronic products must utilize data overwriting and command cleaning techniques for information erasure, ensuring that user data cannot be recovered by any means post-erasure [13][14]. Group 5: Information Erasure Functionality Requirements - Manufacturers are required to provide a one-click function for users to erase all user data, with specific requirements for the number of overwrites based on the type of electronic product [15]. - The functionality must include user notifications regarding the scope of data being erased and the implications of the erasure [15]. Group 6: Recycling Information Erasure Requirements - Electronic product recyclers must ensure that user data is effectively cleared before recycling, with specific conditions under which data can be considered effectively cleared [18]. - The recyclers are prohibited from accessing or retaining user data without explicit user consent [18]. Group 7: Verification of Information Erasure Effectiveness - The effectiveness of information erasure must be verified through various methods, including checking for residual user data and ensuring that data recovery tools cannot retrieve erased data [22][23].