新浪科技讯 1月8日下午消息，近日，全国政协公布了《关于加快推动我国标准制度型开放的提案》等 100件好提案名单，全国政协委员、360集团创始人周鸿祎提出的《构建数据流通安全基础设施平台，护 航数字中国高质量发展》提案成功入选。该提案聚焦数据流通安全核心痛点，提出系统性解决方案，为 推动数据要素合规高效流通、助力新质生产力发展提供了重要参考。 面对数据流通规模扩大带来的复杂化、全局化风险，周鸿祎在提案中指出，当前数据安全治理正面 临"三大短板"： 一是市场主体多采用孤立防护模式，安全数据沉淀为"信息孤岛"，全局态势感知薄 弱；二是各地安全建设与运营标准不统一，重复投入造成资源浪费；三是缺乏跨行业跨地域联动机制， 难以应对APT攻击等复合型威胁及协同难题。这些问题已成为制约数据价值释放、威胁数字经济生态的 关键瓶颈。 针对上述痛点，周鸿祎在提案中提出了三方面建议：一是构建数据流通安全基础设施平台，打破"信息 孤岛"，建立全程全链路安全监测机制，形成立体化防护体系；二是建立统一安全标准，规范认证访 问、数据脱敏等环节，确保流通全程受控；三是打造多主体联动运营体系，整合监管单位、数据供需方 等资源，实现全生命周期动 ...

Core Viewpoint - The article highlights that Ping An Good Doctor has successfully passed the second evaluation of the Data Security Management Capability (DSMC) certification, becoming the first in the healthcare sector to achieve this milestone, which underscores the importance of data security and privacy protection in the company's sustainable development strategy [1][4]. Group 1: DSMC Certification and Evaluation - The DSMC assessment is a dynamic and ongoing process aimed at ensuring that certified companies maintain the effectiveness and advancement of their data security management systems over a three-year period [3]. - The recent re-evaluation was based on the updated T/ISC0059—2024 standards, which impose higher requirements on the completeness of management systems, effectiveness of technical tools, and compliance of process execution [3]. Group 2: Data Security Achievements - As of 2024, Ping An Good Doctor has obtained multiple information security management system certifications, including ISO 27001, ISO 27701, and ISO 27799, covering 100% of its business operations [3]. - The company has enhanced its self-developed business system's comprehensive security defense capabilities, achieving a 35% improvement in alert detection compared to previous commercial products [3]. Group 3: Commitment to Sustainable Development - The company emphasizes that data security and personal information protection are fundamental responsibilities for compliance and sustainable development [4]. - Ping An Good Doctor's sustainable development strategy focuses on comprehensive sustainability, advanced technology empowerment, robust information security protection, and extensive social responsibility [4]. Group 4: Future Directions and Industry Collaboration - The company plans to use its certification as a starting point to deepen privacy protection practices and build a solid digital trust for users [4]. - The China Academy of Information and Communications Technology (CAICT) aims to enhance the DSMC evaluation system by integrating the latest national standards, encouraging more companies, especially those in data processing, to participate in DSMC evaluations [5].

Group 1 - Digital security is crucial for national security, economic development, and social stability, with digitalization becoming a key feature for high-quality development across various industries, including finance [1] - The rapid advancement of technology in digital finance has led to increased risks, such as cyberattacks and data breaches, particularly with the integration of AI, which can facilitate more frequent and lower-barrier attacks on financial institutions [1] - There is a consensus in the industry that regulatory bodies must enhance planning and oversight, while technology companies and financial institutions need to collaborate to strengthen technical safeguards and establish a comprehensive protection system for data integrity, confidentiality, and availability [1] Group 2 - Data security governance is essential for the stable operation of financial institutions, the healthy development of financial markets, and the interests of consumers, with increasing emphasis on data governance and security issues in the digital finance sector [2] - Recent government policies, such as the "Network Data Security Management Regulations" and the "Data Security Management Measures for Banking and Insurance Institutions," outline the direction for data security protection and emphasize the establishment of a governance system aligned with business goals [2] - Despite the growing attention to data security governance and the continuous improvement of related policies, there are still significant challenges in the practical implementation within the financial sector [2] Group 3 - The central economic work conference emphasizes the need for coordinated efforts to combat illegal financial activities, particularly those exploiting technology for unlawful purposes [3] - Enhancing computing power security is identified as a critical step in ensuring digital financial security, with plans to strengthen data classification and protection, and to implement strict management of important data [3] - Financial institutions are encouraged to establish monitoring mechanisms, improve standardization and regulation, and invest in talent development to enhance their data security risk assessment and management capabilities [3]

Group 1 - The national data standardization technical committee is soliciting public opinions on seven technical documents related to integrated computing power network construction, including requirements for computing power networking and resource management [1][2] - The Central Committee and the State Council have issued opinions to deepen the market-oriented allocation of data elements, supporting Shenzhen in exploring data trading and trusted circulation mechanisms [2][3] - The National Development and Reform Commission emphasizes four key measures to promote high-quality development of the real economy through finance, technology, and data, while supporting Shenzhen's comprehensive reform pilot [3] Group 2 - Anhui Province has established a pricing mechanism for public data resources, allowing free access for public governance and charging fees for industrial use, with a focus on cost recovery and reasonable profit [4][5] - Shanxi Province is seeking public opinions on a draft implementation plan for data circulation safety governance, proposing specific safety management measures to ensure compliant data circulation [6][7] - Wuhan has released a three-year action plan for the development of the data labeling industry, aiming to establish several data labeling industrial parks and support small and medium-sized enterprises [7][8]

Core Insights - The Beijing government is exploring data security governance for personal, enterprise, and public data to enhance service delivery and convenience [3][4] Group 1: Personal Data - The core issue with personal data is the lack of unified anonymization standards, which creates concerns for data circulation among enterprises [3] - Beijing is collaborating with hospitals to create public datasets from chest X-ray imaging data, aiming to balance patient safety and research needs [3] Group 2: Public Data - Balancing public interest and commercial utilization of public data is a key challenge, with no unified regulations on authorization and pricing [3][4] - The Beijing government has adopted a decentralized authorization approach for public data, particularly in the financial sector, and is considering whether to expand this or shift to centralized authorization [3] Group 3: Enterprise Data - Trust is crucial for enterprise data circulation, and external factors significantly influence its value [5] - Beijing is utilizing blockchain technology to establish a value-added collaboration network to enhance trust among enterprises, particularly in the steel industry where strong interconnections exist [5]