金融信息服务数据 分类分级规则征求意见

Core Viewpoint - The National Internet Information Office, in collaboration with relevant departments, has drafted the "Guidelines for the Classification and Grading of Financial Information Service Data (Draft for Public Consultation)" to standardize data processing activities and enhance data security in financial information services [1][2]. Group 1: Data Classification - Financial information service data is categorized based on business attributes into three primary categories: business data, user data, and enterprise data [1]. - Business data is further divided into five secondary categories: financial market data, macroeconomic data, industry indicator data, organizational data, and information report data, which can be broken down into 52 tertiary categories including stock data, bond data, fund data, wealth management data, foreign exchange data, and commodity data [1]. - User data is classified into personal user data and institutional user data, with personal user data including basic information, transaction data, and biometric identification information, while institutional user data includes basic information and transaction data [1]. - Enterprise data is categorized into operational management data and system operation and maintenance data [1]. Group 2: Data Grading - The guidelines classify data into four levels based on its importance and sensitivity, which are core data, important data, general sensitive data, and general routine data [2]. - The classification is determined by analyzing factors such as data coverage, time span, accuracy, public status, and geographic location [2]. - Regular reviews and updates of data classification are mandated when there are changes in business attributes, importance, or potential harm [2]. Group 3: Industry Insights - Industry experts emphasize that the financial sector has a high sensitivity to information, and effective data security measures are crucial for ensuring financial safety [2]. - The classification and grading of data will help financial institutions clarify data security priorities, allocate resources effectively, reduce risks, and enhance security management levels [2].