Detail of JR/T 0098.8-2012

Introduction of JR/T 0098.8-2012

1 Scope This part specifies the basic requirements and test rules in fours aspects, i.e., internal management, organization management, access control and personal information life cycle management, of personal information protection in mobile payment. This part is applicable to guiding the test organizations to formulate the test scheme for personal information protection in mobile payment and to implement the test, and may also be used for guiding the personal information management organization to manufacture relevant products and establish business system. 2 Terms and Definitions For the purposes of this document, the following terms and definitions apply. 2.1 personal information computer data which are processed by information system, related to specific natural person, and capable of identifying this specific natural person separately or by combining with other information Personal information involved in this part includes the following parts: a) Personal identity information: including personal name, gender, nationality and ethnicity, the type, number and term of validity of personal documents, profession, contact information, marital status, family status, domicile or work unit's address, and picture; b) Personal certification information: including log-in password, transaction password and withdrawal password kept at financial organizations and payment organizations; c) Individual account information: including account number, account opening time, account opening organization, balance of account and account transactions; d) Personal credit information: including credit card repayment condition, loan repayment condition, and other information formed by the person in economic activities and capable of reflecting his/her credit status; e) Personal transaction information: including personal information obtained, transmitted and saved by financial organizations and payment organizations in such business process as payment and settlement; f) Derivative information: including personal consumption habits and other information formed through processing and analysis of the original information and capable of reflecting some conditions of a specific person; g) Other personal information obtained and saved during the process of entering into business relation with persons. 2.2 sensitive personal information personal information which may cause loss or adverse impact on the identified personal information subject once being disclosed or modified The sensitive personal information involved in this part includes the following parts: a) Personal identity information: including the type, number and term of validity of personal documents, and the contact information; b) Personal certification information: including log-in password, transaction password and withdrawal password kept at financial organizations and payment organizations as well as question information and feature code reserved for retrieving password; c) Other sensitive personal information: other sensitive personal information (like personal credit information) obtained and saved during the process of entering into business relation with persons. 2.3 general personal information the rest part, with exception of sensitive personal information, in personal information 2.4 personal information subject natural person directed by personal information 2.5 personal information controller organization and institution determining the purpose and mode of personal information processing, actually controlling the personal information and also processing personal information with information system

Contents of JR/T 0098.8-2012

Foreword II Introduction IV 1 Scope 2 Terms and Definitions 3 Basic Requirements 4 Test Rules Annex A (Normative) Operation Specifications Annex B (Normative) Judgment Criteria