摘要
[目的/意义]建构数据开放共享隐私风险管理体系有助于化解数据开放共享与个人隐私保护之间的张力,实现数据价值创造与个人权益保护。[方法/过程]借鉴ISO 31000国际风险管理标准,从价值、组织与过程三个维度建构数据开放共享隐私风险管理体系,并对英国数据共享隐私保护的具体实践进行案例分析。[结果/结论]数据开放共享隐私风险管理应明确价值目标,并建立透明、公平、问责、合法和安全的价值创造原则。设置独立的隐私风险监管机构与隐私保护专职人员是公共部门和私营组织隐私风险管理组织建设的重要内容。隐私风险管理的过程体系包括风险沟通与咨询、需求分析与标准制定、风险评估与应对、风险记录与监测等关键环节。数据开放共享隐私风险管理体系建构从风险管理视角有效回应了数据开放共享与个人隐私保护之间的争论,为我国数据开放实践提供了有益参考与借鉴。
[Purpose/significance]Constructing a risk management system for open data sharing and privacy contributes to re-solving the tension between data openness and individual privacy protection,while achieving a balance between data value creation and safeguarding individual rights.[Method/process]This paper draws inspiration from the ISO 31000 international risk manage-ment standard to construct a risk management system for open data sharing and privacy across three dimensions:value,organiza-tion,and process.This is further illustrated through a case analysis of standardized practices in data sharing privacy protection in the United Kingdom.[Result/conclusion]The management of privacy risks in open data sharing should involve clarifying value ob-jectives and establishing value creation principles of transparency,fairness,accountability,legality,and security.The establish-ment of an independent privacy risk regulator and privacy protection personnel is a crucial element in the organizational development of privacy risk management in both public and private organizations.The process system of privacy risk management includes key as-pects such as risk communication and consultation,demand analysis and standardization,risk assessment and response,as well as risk recording and monitoring.The construction of a privacy risk management system for data open sharing effectively addresses the debate between data openness and individual privacy protection from a risk management perspective,providing valuable guidance for China’s data open practice.
作者
孟雪
郝文强
吴钟灿
Meng Xue;Hao Wenqiang;Wu Zhongcan(School of Public Administration and Policy,Renmin University of China,Beijing 100872;School of International Relations&Public Affairs,Fudan University,Shanghai 200433;School of Management,Minzu University of China,Beijing 100081)
出处
《情报理论与实践》
CSSCI
北大核心
2024年第6期184-194,共11页
Information Studies:Theory & Application
基金
中国人民大学2022年度拔尖创新人才培育资助计划成果。
