Personal Sensitive Information (个人敏感信息)
The leakage, illegal provision, or misuse of personal sensitive information may pose risks to personal and property safety, easily leading to damage to personal reputation, mental and physical health, or discriminatory treatment based on personal information.
Note 1: Personal sensitive information includes identity card numbers, personal biometric information, bank accounts, communication records and content, property information, credit information, travel trajectories, accommodation information, health and physiological information, transaction information, and personal information of children aged 14 and below.
Note 2: Refer to Appendix B for the methods and types of determining personal sensitive information.
Note 3: Information formed by personal information controllers through the processing of personal information or other information, which, if leaked, illegally provided, or misused, may pose risks to personal and property safety, easily leading to damage to personal reputation, mental and physical health, or discriminatory treatment, falls under personal sensitive information.
From GB/T35273 “Information Security Technology - Personal Information Security Specification” Appendix B
Determination of Personal Sensitive Information
Personal sensitive information refers to personal information that, once leaked, illegally provided, or misused, may pose risks to personal and property safety, easily leading to damage to personal reputation, mental and physical health, or discriminatory treatment. In general, personal information of children aged 14 and below and information involving the privacy of natural persons are considered personal sensitive information. The following perspectives can be used to determine whether it falls under personal sensitive information:
Leakage: Once personal information is leaked, the ability of the data subject, as well as the organizations and institutions collecting and using the personal information, to control the personal information is lost. This leads to uncontrollable diffusion of personal information scope and usage. Certain personal information, when used or associated with other information in a manner contrary to the wishes of the data subject, may pose significant risks to the rights and interests of the data subject and should be classified as personal sensitive information. For example, the photocopy of the data subject’s ID card being used by others for mobile phone registration or bank account opening.
Illegal Provision: Some personal information, when disclosed beyond the scope of the data subject’s authorized consent, may pose significant risks to the rights and interests of the data subject and should be classified as personal sensitive information. For example, information about sexual orientation, deposit information, and infectious disease history.
Misuse: Some personal information, when used beyond the authorized reasonable limits (such as changing processing purposes, expanding processing scope, etc.), may pose significant risks to the rights and interests of the data subject and should be classified as personal sensitive information. For example, using health information for insurance company marketing and determining individual premiums without the data subject’s authorization. Table B.1 provides examples of personal sensitive information.
Table B.1 Examples of Personal Sensitive Information
- Personal Property Information: Bank accounts, authentication information (passwords), deposit information (including fund amounts, payment and receipt records, etc.), real estate information, credit records, credit information, transaction and consumption records, flow records, as well as virtual property information such as virtual currency, virtual transactions, and game exchange codes.
- Personal Health and Physiological Information: Relevant records generated by individuals due to illness and treatment, such as symptoms, hospitalization records, medical orders, test reports, surgery and anesthesia records, nursing records, medication records, information on drug and food allergies, reproductive information, past medical history, diagnosis and treatment information, family medical history, current medical history, infectious disease history, etc.
- Personal Biometric Information: Personal genes, fingerprints, voiceprints, palm prints, ear shapes, iris, facial recognition features, etc.
- Personal Identity Information: ID cards, military cards, passports, driver’s licenses, work permits, social security cards, residence permits, etc.
- Other Information: Sexual orientation, marital history, religious beliefs, undisclosed illegal criminal records, communication records and content, address book, friends list, group list, travel trajectories, web browsing records, accommodation information, precise location information, etc.
个人敏感信息 (Personal Sensitive Information)
- 个人财产信息: 银行账户、鉴别信息(口令)、存款信息(包括资金数量、支付收款记录等)、房产信息、信贷记录、征信信息、交易和消费记录、流水记录等，以及虚拟货币、虚拟交易、游戏类兑换码等虚拟财产信息
- 个人健康生理信息: 个人因生病医治等产生的相关记录，如病症、住院志、医嘱单、检验报告、手术及麻醉记录、护理记录、用药记录、药物食物过敏信息、生育信息、以往病史、诊治情况、家族病史、现病史、传染病史等
- 个人生物识别信息: 个人基因、指纹、声纹、掌纹、耳廓、虹膜、面部识别特征等
- 个人身份信息: 身份证、军官证、护照、驾驶证、工作证、社保卡、居住证等
- 其他信息: 性取向、婚史、宗教信仰、未公开的违法犯罪记录、通信记录和内容、通讯录、好友列表、群组列表、行踪轨迹、网页浏览记录、住宿信息、精准定位信息等
- Unlocking Success: A Comprehensive Guide to B2B Marketing in China
- Comprehensive Guide: Testing Your App in China
- the 50th CNNIC Statistical Report on China's Internet Development
- Does Vimeo Work in China?
- Does PageSpeed Insights Work in China?
- How to Host Your Website in China (2022)?
- Does Chinafy work in China?
- Does Firebase Work in China?
- Does SAP Commerce Cloud Work in China?
- Does Oracle Cloud Work in China?
- Does Bloomreach Work in China?
- How to Deploy Gatsby Static Sites in China (A Step-by-Step Guide)
- Examples of Personal Information and Regulatory Insights
Unlocking Success: A Comprehensive Guide to B2B Marketing in China
Nov 17, 2023
How to Successfully Launch Your WeChat Mini Program or Game in China (2023 Updated)
Nov 11, 2023
Comprehensive Guide: Testing Your App in China
Nov 1, 2023
Choosing Between CDN and 21YunBox: Navigating the Chinese Market
Oct 27, 2023
Launching Software As A Service (SaaS) In China
Oct 26, 2023