事关金融信息服务数据分类分级 国家网信办公开征求意见

Core Viewpoint - The National Internet Information Office, in collaboration with relevant departments, has drafted the "Guidelines for the Classification and Grading of Financial Information Service Data" to standardize data processing activities and enhance data security in financial information services [1][3]. Group 1: Purpose and Basis - The guidelines aim to regulate financial information service data processing and improve data security levels, based on various laws and regulations including the Cybersecurity Law and the Data Security Law of the People's Republic of China [3]. - The document references the national standard GB/T 43697—2024 for data classification and grading rules [3]. Group 2: Scope of Application - The guidelines apply to financial information service providers operating within the territory of the People's Republic of China, focusing on data classification, grading, and identification of important data [4]. - Data related to national secrets and military data is explicitly excluded from these guidelines [5]. Group 3: Definitions - Financial information services are defined as services that provide information and/or financial data that may affect financial markets to users engaged in financial analysis, transactions, or decision-making [6]. - Financial information service data refers to data collected and generated during the provision of financial information services [8]. - Important data is categorized as data that, if leaked or altered, could directly harm national security, economic operation, social stability, or public health and safety [11]. Group 4: Data Classification Rules - Financial information service data can be classified based on business attributes into three primary categories: business data, user data, and enterprise data, with further subdivisions into nine secondary categories and sixty-six tertiary categories [15]. - Business data includes financial market data, macroeconomic data, industry indicators, organizational data, and information reports [15][16][17][18][19]. Group 5: Data Grading Rules - Data is graded into four levels based on its importance and sensitivity, which include core data, important data, sensitive general data, and routine general data [20]. - Factors influencing data grading include coverage, time span, precision, public status, and geographic relevance [21][24]. Group 6: Data Grading Process - The process for data classification and grading involves identifying and analyzing grading factors, assessing the impact on national security, economic operation, social order, public interest, organizational rights, and personal rights [53]. - Regular reviews and updates of data classification and grading are required, especially when significant changes occur in data attributes or usage [52][54].