图书情报工作

图书情报工作 >

2025 , Vol. 69 >Issue 1: 68 - 79

DOI: https://doi.org/10.13266/j.issn.0252-3116.2025.01.007

研究论文

多向度的数据分类分级:目标、逻辑与路径

  • 许炜 ,
  • 李卓卓 ,
  • 方向阳
展开
  • 1 江苏科技大学商学院, 张家港 215600;
    2 苏州大学社会学院, 苏州 215123;
    3 苏州大学智能社会与数据治理研究院, 苏州 215123;
    4 苏州市职业大学教育人文学院, 苏州 215104
许炜,讲师,博士;李卓卓,副教授,博士,硕士生导师,通信作者,E-mail:smileforever96@126.com;方向阳,教授,硕士。

收稿日期: 2024-04-07

  修回日期: 2024-08-04

  网络出版日期: 2025-01-15

基金资助

本文系江苏省社会科学基金项目“移动应用的隐私政策合规框架与透明度测评研究”(项目编号:23TQB005)研究成果之一。

收起

Multidirectional Data Classification and Grading: Goals, Logic and Path

  • Xu Wei ,
  • Li Zhuozhuo ,
  • Fang Xiangyang
Expand
  • 1 Business School, Jiangsu University of Science and Technology, Zhangjiagang 215600;
    2 School of Social Science, Soochow University, Suzhou 215123;
    3 Smart Society and Data Governance Institute, Soochow University, Suzhou 215123;
    4 School of Humanities and Education, Suzhou Vocational University, Suzhou 215104

Received date: 2024-04-07

  Revised date: 2024-08-04

  Online published: 2025-01-15

Supported by

This work is supported by the Social Science Fund of Jiangsu Province project titled “Research on Privacy Policy Compliance Framework and Transparency Measurement of Mobile Applications” (Grant No. 23TQB005).

Fold

摘要

[目的/意义] 数据分类分级是数据治理和数据价值化的现实需要,在《数据安全法》等国家和地方多部法律法规中均提出要实施数据分类分级管理。然而,实践中不同行业和地方标准在数据分类分级的类目上存在交叉、重叠和模糊现象。由于数据本身属性及特定情境中的数据治理需求不同,对数据分类分级的要求也有所差异。[方法/过程] 研究从现行法规及标准与实践操作的差异出发,明确数据分类分级的目的和依据,构建数据分类分级的底层逻辑框架,并对现有的不同数据分类分级维度进行梳理和比较。[结果/结论] 通过归纳分类分级各维度及选择,研究提出数据元数据标准先行,构建数据分类分级的类目网络,以及先通用再专用兼容的思路,为实施数据分类分级提供可操作方案。

关键词: 数据分类分级; 数据安全; 数据分类; 数据分级; 数据治理

本文引用格式

许炜 , 李卓卓 , 方向阳 . 多向度的数据分类分级:目标、逻辑与路径[J]. 图书情报工作, 2025 , 69(1) : 68 -79 . DOI: 10.13266/j.issn.0252-3116.2025.01.007

Abstract

[Purpose/Significance] Data classification and grading is a practical necessity for data governance and data valorization, their management has been proposed in various national and local laws and regulations, including the Data Security Law. However, in practice, there are overlaps, intersections, and ambiguities in the categories of data classification and grading in different industries and local standards. Different data attributes and data governance needs in specific contexts lead to different requirements for data classification and grading. [Method/Process] Starting from the differences between current regulations and standards and practical operations, the study clarified the purpose and basis of data classification and grading, constructed the underlying logical framework, and analyzed and compared the existing dimensions for data classification and grading. [Result/Conclusion] By summarizing the dimensions and selection for classification and grading, the study proposes to prioritize data metadata standards, construct the class network of data classification and grading, and adopt a general-to-specific approach. It provides an operable scheme for the implementation of data classification and grading.

Key words: data classification and grading; data security; data classification; data grading; data governance

参考文献

[1] 洪延青. 国家安全视野中的数据分类分级保护[J]. 中国法律评论, 2021(5): 71-78. (HONG Y Q. Data categorization and hierarchical protection in the perspective of national security[J]. China law review, 2021(5): 71-78.)
[2] 张学府. 生成式人工智能服务信息内容安全的三类标准——基于《生成式人工智能服务管理暂行办法》的分析[J]. 中国行政管理, 2024(4): 120-128. (ZHANG X. Triple standards for information content security in gene rative artificial intelligence services: an analysis based on the “Interim Measures for the Administration of Generative Artificial Intelligence Services”[J]. Chinese public administration, 2024(4): 120-128.)
[3] 江海洋, 魏书敏. 基于风险的通用人工智能监管——从欧盟《人工智能法案》视角展开[J]. 科技与法律(中英文), 2024(2): 88-97. (JIANG H, WEI S. Risk-based regulation of generic artificial intelligence: expanding with the perspective of the EU Artificial Intelligence Act[J]. Science technology and law (Chinese-English version), 2024(2): 88-97.)
[4] 张峰, 于乐, 马禹昇, 等. 数据安全分类分级研究与实践[J]. 信息通信技术与政策, 2021, 47(8): 45-50. (ZHANG F, YU L, MA Y S, et al. Research and practice of data security classification and grading[J]. Information and communications technology and policy, 2021, 47(8): 45-50.)
[5] 高磊, 赵章界, 林野丽, 等. 基于《数据安全法》的数据分类分级方法研究[J]. 信息安全研究, 2021, 7(10): 933-940. (GAO L, ZHAO Z J, LIN Y L, et al. Research on data classification and grading method based on data security law[J]. Journal of information security research, 2021, 7(10): 933-940.)
[6] 马费成, 熊思玥, 孙玉姣, 等. 数据分类分级确权对数据要素价值实现的影响[J]. 信息资源管理学报, 2024, 14(1): 4-12. (MA F C, XIONG S Y, SUN Y J, et al. Impact of data classified and graded rights confirmation on the realization of the value of data elements[J]. Journal of information resources management, 2024, 14(1): 4-12.)
[7] 完颜邓邓, 陶成煦. 美国政府数据分类分级管理的实践及启示[J]. 情报理论与实践, 2020, 43(12): 172-177,155. (WANYAN D D, TAO C X. The practice and enlightenment of American government data classification and hierarchical management[J]. Information studies: theory & application, 2020, 43(12): 172-177.)
[8] 陈美, 何祺. 基于特征分析的政府数据分类分级政策量化评价[J]. 情报资料工作, 2024, 45(1): 78-88. (CHEN M, HE Q. Quantitative evaluation of government data classification and grading policies based on feature analysis[J]. Information and documentation services, 2024, 45(1): 78-88.)
[9] 徐婧欣, 郭丰, 苏鹏. 数据分类分级政策演化研究[J]. 图书馆, 2023(2): 48-55. (XU J X, GUO F, SU P. Research on the evolution of data classification and grading policies[J]. Library, 2023(2): 48-55.)
[10] 严炜炜, 谢顺欣, 潘静, 等. 数据分类分级:研究趋势、政策标准与实践进展[J]. 数字图书馆论坛, 2022(9): 2-12. (YAN W W, XIE S X, PAN J, et al. Data classification: research progress, policy standards and enterprise practice[J]. Digital library forum, 2022(9): 2-12.)
[11] 张伟丽. 信息安全等级保护现状浅析[J]. 信息安全与技术, 2014, 5(9): 9-13. (ZHANG W L. Discussion the status of information security base on graded protection[J]. Information security and technology, 2014, 5(9): 9-13.)
[12] CHEN R C, DEWI C, HUANG S W, et al. Selecting critical features for data classification based on machine learning methods[J]. Journal of big data, 2020, 7(1): 1-26.
[13] MUSEN M A, O'CONNOR M J, SCHULTES E, et al. Modeling community standards for metadata as templates makes data FAIR[J]. Scientific data, 2022, 9(1): 696-696.
[14] SAWADOGO P, DARMONT J. On data lake architectures and metadata management[J]. Journal of intelligent information systems, 2021, 56(1): 97-120.
[15] 全国网络安全标准化技术委员会. GB/T 43697-2024, 数据安全技术数据分类分级规则[S]. 北京: 中国标准出版社, 2024. (National Technical Committee 260 on Cybersecurity of Standardization Administration of China. GB/T 43697-2024, Data security technology: rules for data classification and grading[S]. Beijing: Standards Press of China, 2024.)
[16] 楼何超. 数据产权的概念、规制作用及对策建议[J]. 企业经济, 2022, 41(11): 105-113. (LOU H C. Concept, regulatory function and countermeasures of data property rights [J]. Enterprise economy. 2022, 41(11): 105-113.)
[17] 李跇. 充分释放数据要素价值健全数据要素市场体制机制[N]. 人民邮电, 2023-03-16(7). (LI Y. Fully release the value of data elements to improve the institutional mechanism of data elements market[N]. People's posts and telecommunications, 2023-03-16(7).)
[18] 中共中央国务院关于构建数据基础制度更好发挥数据要素作用的意见[N]. 人民日报, 2022-12-20(1). (Opinions of the CPC Central Committee and State Council on building a data base system to better play the role of data elements[N]. People's daily, 2022-12-20(1).)
[19] 天津市商务局. 中国(天津)自由贸易试验区企业数据分类分级标准规范[EB/OL]. [2024-10-11]. https://shangwuju.tj.gov.cn/tjsswjzz/zwgk/zcfg_48995/swjwj/202402/t20240207_6534807.html. (TIANJIN COMMERCE COMMITTEE. China (Tianjin) pilot free trade zone enterprise data categorization and classification standard specifications[EB/OL]. [2024-10-11]. https://shangwuju.tj.gov.cn/tjsswjzz/zwgk/zcfg_48995/swjwj/202402/t20240207_6534807.html.)
[20] OECD. Data-driven innovation: big data for growth and well-being[M]. Paris: OECD Publishing, 2015.
[21] SPIEKERMANN S, KORUNOVSKA J. Towards a value theory for personal data[J]. Journal of information technology, 2017, 32(1): 62-84.
[22] FINCK M, PALLAS F. They who must not be identified: distinguishing personal from non-personal data under the GDPR[J]. International data privacy law, 2020, 10(1): 11-36.
[23] UNESCO. Recommendation concerning the promotion and use of multilingualism and universal access to cyberspace[EB/OL]. [2024-10-11]. https://unesdoc.unesco.org/ark:/48223/pf0000133171_chi.page=89http://portal.unesco.org/en/ev.php-URL_ID=17717&URL_DO=DO_TOPIC&URL_SECTION=201.html.
[24] 上海市数据条例[N]. 解放日报, 2021-12-07(6). (Shanghai municipal data regulation[N]. Jiefang daily, 2021-12-07(6).)
[25] OECD. Enhancing access to and sharing of data: reconciling risks and benefits for data re-use across societies[M]. Paris: OECD Publishing, 2019.
[26] VOIGT P, VON DEM BUSSCHE A. The EU general data protection regulation (GDPR): a practical guide[M]. Cham: Springer, 2017.
[27] AARONSON S A. Data is different, and that’s why the world needs a new approach to governing cross-border data flows[J]. Digital policy, regulation and governance, 2019, 21(5): 441-460.
[28] ESTEVES B, RODRÍGUEZ-DONCEL V. Analysis of ontologies and policy languages to represent information flows in GDPR[J]. Semantic web, 2024, 15(3): 709-743.
[29] ISO/IEC. Information technology cloud computing interoperability and portability: ISO/IEC 19941:2017[S/OL]. [2024-10-11]. http://www.iso.org/standard/66639.html.
[30] 全国网络安全标准化技术委员会. GB/T 43697-2024, 数据安全技术数据分类分级规则[S]. 北京: 中国标准出版社, 2024. (National Technical Committee 260 on Cybersecurity of Standardization Administration of China. GB/T 43697-2024, Data security technology: rules for data classification and grading[S]. Beijing: Standards Press of China, 2024.)
[31] SCHNEIER B. A taxonomy of social networking data[J]. IEEE security & privacy, 2010, 8(4): 88-88.
[32] VILJOEN S. A relational theory of data governance[J]. The Yale law journal, 2021, 131(2): 573-654.
[33] WALTER M, LOVETT R, MAHER B, et al. Indigenous data sovereignty in the era of big data and open data[J]. Australian journal of social issues, 2021, 56(2): 143-156.
[34] REIMSBACH-KOUNATZE C. Enhancing access to and sharing of data: striking the balance between openness and control over data[C]//Data access, consumer interests and public welfare. Baden-Baden: Nomos Publishing, 2021: 25-68.
[35] 洪永淼, 张明, 刘颖. 推动跨境数据安全有序流动引领数字经济全球化发展[J]. 中国科学院院刊, 2022, 37(10): 1418-1425. (HONG Y M, ZHANG M, LIU Y. Promoting safe and orderly flow of cross-border data to lead development of globalization of digital economy[J]. Bulletin of Chinese Academy of Sciences, 2022, 37(10): 1418-1425.)
[36] NALIN M, BARONI I, FAIELLA G, et al. The European cross-border health data exchange roadmap: case study in the Italian setting[J]. Journal of biomedical informatics, 2019, 94(April): 103183.
[37] 赵景欣, 岳星辉, 冯崇朋, 等. 基于通用数据保护条例的数据隐私安全综述[J]. 计算机研究与发展, 2022, 59(10): 2130-2163. (ZHAO J X, YUE X H, FENG C P, et al. Survey of data privacy security based on general data protection regulation[J]. Journal of computer research and development, 2022, 59(10): 2130-2163.)
[38] WILKINSON M D, DUMONTIER M, AALBERSBERG I J, et al. The FAIR guiding principles for scientific data management and stewardship[J]. Scientific data, 2016, 3(1): 1-9.
[39] 李悦, 孙坦, 赵瑞雪, 等. 大规模RDF三元组转换及存储工具比较研究[J]. 数字图书馆论坛, 2020(11): 2-12. (LI Y, SUN T, ZHAO R X, et al. A comparative study of large-scale RDF triple conversion and storage tools[J]. Digital library forum, 2020(11): 2-12.)
Options
文章导航

/