Recently, the National Data Bureau drafted the "Three-Year Action Plan for "Data Elements" (2024-2026) (Draft for Comments) (hereinafter referred to as the "Action Plan"), which solicits opinions from the public from five aspects: activating the potential of data elements, overall requirements, key actions, strengthening guarantee support, and doing a good job in organization and implementation, aiming to promote the multiplier effect of data in different scenarios.
1.Give full play to the multiplier effect of data elements
With the development of scientific and technological revolution and industrial transformation, the value of data, as an important factor of production, has received more and more attention. For the implementation of the three-year action of the "Data Element", the Action Plan sets out specific goals. By the end of 2026, the breadth and depth of data element application scenarios will be greatly expanded, and the multiplier effect of data elements in the field of economic development will be revealed, creating more than 300 typical application scenarios with strong demonstration, high visibility and wide driving force, the average annual growth rate of the data industry will exceed 20%, the scale of data transactions will increase by 1 times, and the scale of on-site transactions will be greatly increased.
According to reports, the "multiplier effect of data elements" is manifested as:
Achieve global optimization through collaboration, improve industrial operation efficiency, and enhance the core competitiveness of the industryExpand the boundaries of production possibilities through reuse, release new value of data, and expand new space for economic growthPromote quantitative change and qualitative change through integration, give birth to new applications and new business formats, and cultivate new momentum for economic development. 2.Scene traction is more grounded
The high-level application of data elements is inseparable from scenarios. The Action Plan is classified and planned in detail according to the scenarios, and from the perspective of top-level design, it draws a blueprint for the future construction of the data element market. It can be seen from the 12 key actions of "data element x" that the Action Plan focuses on the real economy, people's livelihood services and social governance.
3.Strengthen support for support
Strengthening security support means that in the process of developing the digital economy, in order to ensure the reliability and security of data, a series of measures need to be taken to strengthen the supply, circulation and security of data.
1) Improve the level of data supply: Establish an industry common data resource library, create high-quality AI large model training datasets, and strengthen the supply of public data resources.
2) Optimize the data circulation environment: improve the efficiency of transaction circulation, support enterprises in the industry to jointly formulate data circulation rules and standards, create a safe and credible circulation environment, and cultivate circulation service subjects.
3) Strengthen data security guarantees: Implement data security laws and regulations, establish and improve data security governance systems, strengthen personal information protection, enrich data security products and services, and promote data assetization.
China's digital economy is entering the stage of specialization and concretization, and data, as a new factor of production in the digital economy, is the foundation of digitalization, networking and intelligence. In this situation, Daopu information risk management and control experts pointed out that while releasing the value of data, it is also necessary to prevent data security risks.
1.Data security compliance risks
The state has issued a series of policy documents, reflecting the macro trend of upgraded compliance and stricter supervision.
The Data Security Law and the Personal Information Protection Law have been promulgated successively, making relevant provisions on data security and privacy protection in the process of circulation and use of data elements.
In December 2021, ** issued the "Overall Plan for the Pilot of Comprehensive Reform of Market-oriented Allocation of Factors", which proposes to explore the establishment of rules for the circulation of data elements, strengthen data security protection, and promote the improvement of the data classification and classification security protection system.
On December 2, 2022, the "Opinions on Building a Data Basic System to Better Play the Role of Data Elements" clearly pointed out that data security is the bottom line and red line for the circulation and transaction of data elements, and is the primary condition for carrying out data circulation and trading.
In December 2022, the Ministry of Industry and Information Technology (MIIT) issued the Measures for the Management of Data Security in the Field of Industry and Information Technology (for Trial Implementation), which puts forward seven aspects of corresponding security management and protection requirements, focusing on data collection, storage, processing, transmission, provision, disclosure, destruction, exit, transfer, and entrusted processing.
In June 2023, the Ministry of Transport issued the "Measures for the Security Protection and Management of Highway and Waterway Critical Information Infrastructure", which proposes to effectively ensure the security of highway and waterway critical information infrastructure and maintain network and data security.
In July 2023, the Measures for the Management of Data Security in the Business Fields of the People's Bank of China (Draft for Comments) proposed to encourage data processors to actively promote the efficient circulation and innovative application of data under the premise of ensuring security and compliance.
The promulgation of the Action Plan focuses on promoting the high-level application of data elements, and proposes to improve the level of data supply, optimize the data circulation environment, and strengthen data security.
2.Data element circulation risk
The circulation and use environment of data elements is complex, involving multiple parties and multiple links, and data products are extremely easy to copy, non-exclusive, and difficult to trace, all of which make the circulation and use of data face security risks, privacy leakage challenges and other problems. This not only threatens national data security, but also is not conducive to the protection of the digital rights and interests of enterprises and individuals, and seriously hinders the market-oriented allocation of data elements for circulation and use.
3.Data classification and classification risk
Data classification and grading is a necessary prerequisite for building and improving the data element market. The construction of basic systems is relatively lagging behind, and it cannot effectively support the work of data classification and gradingTraditional data classification and grading tools do not have a high recognition rate in the width and accuracy of sensitive dataFacing the classification and grading of data assets for massive data, there is a huge gap in the number of professionals.
4.Data lifecycle risk
In the data life cycle of data collection, storage, transmission, processing, exchange, and destruction, there are risks such as functionality, reliability, security, performance, and ease of use.
Focusing on further strengthening security support, the Action Plan proposes to strengthen data security guarantees. Driven by data security risks and compliance requirements, Daopu information risk management and control experts suggest that security is the whole and compliance is the benchmark, and professional third-party risk management and control services can be used to build a data security protection system with compliance as the bottom line and technology as the guarantee, and adopt multi-regulation management and integration to ensure that data security risks are controllable and promote the implementation of data security protection.
1.The integration of multi-regulation management strengthens data security and compliance
Based on the national and industry regulatory requirements for data security, we carry out multi-regulation assessments such as classified protection and customs protection, put forward improvement suggestions for risks, and help complete compliance rectification. Strengthen data security risk assessment, identify and assess risks throughout the data life cycle, improve data security assurance capabilities and risk discovery capabilities, and ensure that data security risks are controllable.
2.Security technology builds a data security protection system
In view of the risks of data security, the data security technology framework follows the idea of active defense, realizes in-depth defense from the spatial dimension and realizes full-chain protection from the time dimension, forms a unified management and hierarchical deployment of the security technology system, and controls all in-depth protection links as a whole to achieve environmental awareness and trusted control.
Data is a key element of the digital economy, and the construction of China's data infrastructure system and the reform of market-oriented allocation of data elements have achieved phased results, and it is necessary to further explore the application value of data in various industries and fields. Through the implementation of the "data element" action, it is conducive to giving full play to the advantages of China's massive data scale and rich application scenarios, which should not only promote the multiplier effect of data in different scenarios, but also maintain the bottom line of security. Daopu information risk management and control experts emphasized that with the help of professional third-party risk management and control methods, through the integration of multi-regulation management, the construction of a security operation system and other means, comprehensively strengthen the data security guarantee system and capacity building, establish and improve data security management, risk assessment, testing and certification and other mechanisms, build a credible and controllable digital security barrier, and contribute to the national data element work.