Foreword
This document is drafted in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules of standardization documents".
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility of identifying patents. This document is proposed and categorized by the National Information Security Standardization Technical Committee (SAC/TC 260).
1 Scope
This document specifies the security requirements for network audio and video services collection, storage, use, processing, transmission ﹑ provision, disclosure, deletion and other data processing activities.
This document applies to the network audio and video service providers to regulate data processing activities, but also for the regulatory authorities, third-party assessment agencies on the network audio and video service data processing activities to monitor, management, assessment to provide reference.
2 Normative reference documents
The content of the following documents through the normative references in the text and constitute the essential provisions of this document. Among them, note the date of the reference document, only the date of the corresponding version applies to this document; do not note the date of the reference document, its latest version (including all the revision of the list) applies to this document.
GB/T 25069 Information security technical terms
GB/T 35273-2020 Information security technology personal information security specification
GB/T 37988 Information security technology understanding data security can be large maturity model
GB/T 39335 Information security technology personal information security impact assessment guide
GB/T 41391-2022 Information security technology / mobile Internet applications (App) to collect personal information basic requirements
GB/T 41479 Information security technology net around the teaching data processing security requirements
3 Terms and definitions
GB/T 25069,GB/T 35273-2020 defined as well as the following terms and definitions apply to this document.
3.1
Network audio and video serviceonline audio and video service
Through Internet sites, applications and other network platforms, to provide the public with audio and video information production, distribution, dissemination of services.
Note 1: Also known as the network audio and video information services.
Note 2: Excluding audio and video editing tools, local players and online live (such as online meetings) services with instant communication properties. 3.2
Network audio and video service platformonline audio and video service platform
Information system that provides network audio and video services (3.1).
3.3
Network audio and video service provideronline audio and video service provider
To the public to provide network audio and video services (3.1) of the organization or individual.
Note 1: This document refers mainly to the owner of the network audio and video service platform, the manager.
Note 2: This document is referred to as "provider".
4 Acronyms
The following abbreviations apply to this document.
IoT: Internet of Things (Internet of Things)
IP: Internet Protocol (Internet Protocol)
5 Overview
5.1 Network audio and video services service components
Network audio and video services mainly include network audio services, network video services and network live services. Network audio services provide users with audio content production, distribution and dissemination services such as music, radio, music and art, audio books, radio dramas, audio of programs and events, and audio of news and information. Network video services provide users with short videos, movies, TV series, variety and entertainment, program and event videos, news and information videos, and other video information production, distribution and dissemination services. Webcast services provide users with real-time audio information, video information, graphic information and other content release and dissemination services.
6 Basic requirements
7 Data collection
7.1 Collection of personal information
Internet audio and video service providers to collect personal information should meet the requirements of GB/T 35273-2020 in 5.1, 5.2, 5.3, based on the following requirements.
8 data storage and transmission
9 data use and processing
10 data provision and disclosure
11 data exit
Internet audio and video service providers who provide data outside the country for business purposes shall, according to the business development and operation, conduct at least one data exit risk assessment each year by themselves or entrusted to a third-party organization.
12 personal information subject rights
Internet audio and video service providers in the protection of personal information subject rights, should comply with the requirements of Chapter 8 of GB/T 35273-2020, based on the following requirements.
13 Protection of minors
14 audio and video services related scenarios data security requirements
Appendix A (informative) network audio and video services data processing activities and security risks
Appendix B (Informative) Reference Rules for Identification of Important Data and Data Classification Examples for Network Audio and Video Services
Appendix C (informative) the scope of personal information collection and use requirements for common extended business functions of network audio and video services
Appendix D (informative) The scope of application and use requirements for system permissions related to network audio and video service app
Bibliography
Foreword
1 Scope
2 Normative reference documents
3 Terms and definitions
4 Acronyms
5 Overview
6 Basic requirements
7 Data collection
8 data storage and transmission
9 data use and processing
10 data provision and disclosure
11 data exit
12 personal information subject rights
13 Protection of minors
14 audio and video services related scenarios data security requirements
Appendix A (informative) network audio and video services data processing activities and security risks
Appendix B (Informative) Reference Rules for Identification of Important Data and Data Classification Examples for Network Audio and Video Services
Appendix C (informative) the scope of personal information collection and use requirements for common extended business functions of network audio and video services
Appendix D (informative) The scope of application and use requirements for system permissions related to network audio and video service app
Bibliography
Foreword
This document is drafted in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1: Structure and drafting rules of standardization documents".
Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility of identifying patents. This document is proposed and categorized by the National Information Security Standardization Technical Committee (SAC/TC 260).
1 Scope
This document specifies the security requirements for network audio and video services collection, storage, use, processing, transmission ﹑ provision, disclosure, deletion and other data processing activities.
This document applies to the network audio and video service providers to regulate data processing activities, but also for the regulatory authorities, third-party assessment agencies on the network audio and video service data processing activities to monitor, management, assessment to provide reference.
2 Normative reference documents
The content of the following documents through the normative references in the text and constitute the essential provisions of this document. Among them, note the date of the reference document, only the date of the corresponding version applies to this document; do not note the date of the reference document, its latest version (including all the revision of the list) applies to this document.
GB/T 25069 Information security technical terms
GB/T 35273-2020 Information security technology personal information security specification
GB/T 37988 Information security technology understanding data security can be large maturity model
GB/T 39335 Information security technology personal information security impact assessment guide
GB/T 41391-2022 Information security technology / mobile Internet applications (App) to collect personal information basic requirements
GB/T 41479 Information security technology net around the teaching data processing security requirements
3 Terms and definitions
GB/T 25069,GB/T 35273-2020 defined as well as the following terms and definitions apply to this document.
3.1
Network audio and video serviceonline audio and video service
Through Internet sites, applications and other network platforms, to provide the public with audio and video information production, distribution, dissemination of services.
Note 1: Also known as the network audio and video information services.
Note 2: Excluding audio and video editing tools, local players and online live (such as online meetings) services with instant communication properties. 3.2
Network audio and video service platformonline audio and video service platform
Information system that provides network audio and video services (3.1).
3.3
Network audio and video service provideronline audio and video service provider
To the public to provide network audio and video services (3.1) of the organization or individual.
Note 1: This document refers mainly to the owner of the network audio and video service platform, the manager.
Note 2: This document is referred to as "provider".
4 Acronyms
The following abbreviations apply to this document.
IoT: Internet of Things (Internet of Things)
IP: Internet Protocol (Internet Protocol)
5 Overview
5.1 Network audio and video services service components
Network audio and video services mainly include network audio services, network video services and network live services. Network audio services provide users with audio content production, distribution and dissemination services such as music, radio, music and art, audio books, radio dramas, audio of programs and events, and audio of news and information. Network video services provide users with short videos, movies, TV series, variety and entertainment, program and event videos, news and information videos, and other video information production, distribution and dissemination services. Webcast services provide users with real-time audio information, video information, graphic information and other content release and dissemination services.
6 Basic requirements
7 Data collection
7.1 Collection of personal information
Internet audio and video service providers to collect personal information should meet the requirements of GB/T 35273-2020 in 5.1, 5.2, 5.3, based on the following requirements.
8 data storage and transmission
9 data use and processing
10 data provision and disclosure
11 data exit
Internet audio and video service providers who provide data outside the country for business purposes shall, according to the business development and operation, conduct at least one data exit risk assessment each year by themselves or entrusted to a third-party organization.
12 personal information subject rights
Internet audio and video service providers in the protection of personal information subject rights, should comply with the requirements of Chapter 8 of GB/T 35273-2020, based on the following requirements.
13 Protection of minors
14 audio and video services related scenarios data security requirements
Appendix A (informative) network audio and video services data processing activities and security risks
Appendix B (Informative) Reference Rules for Identification of Important Data and Data Classification Examples for Network Audio and Video Services
Appendix C (informative) the scope of personal information collection and use requirements for common extended business functions of network audio and video services
Appendix D (informative) The scope of application and use requirements for system permissions related to network audio and video service app
Bibliography
Contents of GB/T 42016-2022
Foreword
1 Scope
2 Normative reference documents
3 Terms and definitions
4 Acronyms
5 Overview
6 Basic requirements
7 Data collection
8 data storage and transmission
9 data use and processing
10 data provision and disclosure
11 data exit
12 personal information subject rights
13 Protection of minors
14 audio and video services related scenarios data security requirements
Appendix A (informative) network audio and video services data processing activities and security risks
Appendix B (Informative) Reference Rules for Identification of Important Data and Data Classification Examples for Network Audio and Video Services
Appendix C (informative) the scope of personal information collection and use requirements for common extended business functions of network audio and video services
Appendix D (informative) The scope of application and use requirements for system permissions related to network audio and video service app
Bibliography