GB/T 41871-2022 英文版 信息安全技術(shù) 汽車數(shù)據(jù)處理安全要求

GB/T 41871-2022 英文版

?

Foreword

?

This document is developed in accordance with the rules given in GB/T 1.1-2020 Directives for standardization - Part 1: Rules for the structure and drafting of standardizing documents.

Attention is drawn to the possibility that some of the parts of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.

This document was proposed by and is under the jurisdiction of SAC/TC 260 National Information Security Standardization Technical Committee.

Information security technology - Security requirements for processing of motor vehicle data

1 ?Scope

This document specifies the general security requirements for motor vehicle data processors to collect and transmit motor vehicle data, security requirements for out-of-vehicle data, security requirements for cabin data and security management requirements.

This document is applicable to the followings: motor vehicle data processing activities carried out by motor vehicle data processors; design, production, sales, use and operation & maintenance of motor vehicles; supervision, management and evaluation of motor vehicle data processing activities by competent supervision departments and third-party evaluation agencies.

2 ?Normative references

The following documents contain requirements which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition (including any amendments) applies.

GB/T 35273 Information security technology - Personal information security specification
GB/T 40660 Information security technology - General requirements for biometric information protection

3 ?Terms and definitions

For the purposes of this document, the following terms and definitions apply.

3.1 ?
motor vehicle data
personal information data and important data involved in design, production, sales, use, operation and maintenance of motor vehicles

3.2 ?
personal information
all kinds of information related to identified or identifiable motor vehicle owners, drivers and passengers as well as persons outside the motor vehicle recorded electronically or by other means, excluding information that has been anonymized

3.3 ?
sensitive personal information
personal information that once leaked or illegally used, may lead to discrimination or serious harm to personal and property safety of motor vehicle owners, drivers and passengers as well as persons outside the motor vehicle

Note: Sensitive personal information includes personal information such as whereabouts, audio, video, images, medical and health care, and religious beliefs; biometric information such as fingerprints, heart rhythm, voiceprint and facial recognition features; personally identifiable information such as resident ID cards, military ID, work permits, social security cards and residence permits that can identify specific identities; personal property information such as bank accounts, identification information (passwords) and financial accounts; and personal information about minors under the age of 14.

3.4 ?
important data
data that once tampered with, destroyed, leaked or illegally acquired or used, ?may endanger national security, public interests or the legitimate rights and interests of individuals and organizations

Note: Important data include: geographic information, personnel flow, vehicle flow and other data in important sensitive areas such as military administrative areas, national defense science and technology units as well as Party and government organizations at or above the county level; data reflecting economic operation, such as vehicle flow and logistics; operation data of motor vehicle charging networks; video and image out-of-vehicle data containing face information and license plate information; personal information involving more than 100,000 personal information subjects; and other data determined by relevant departments that may endanger national security, public interests or legitimate rights and interests of individuals and organizations.

3.5 ?
motor vehicle data processor
organizations that carry out motor vehicle data processing activities, including motor vehicle manufacturers, parts and software suppliers, dealers, maintenance agencies and travel service enterprises

3.6 ?
cabin data
data that might contain personal information collected from motor vehicle cabins through cameras, infrared sensors, fingerprint sensors or microphones, and the data generated after processing the aforesaid data