| 英文摘要 |
In the era of the digital economy, data has become another crucial factor of production following land, capital, technology, and management. As the primary organizational form for converting data into value, ensuring the data security of a company is one of the important factors affecting the company's interests and its sustainable development. Imposing the obligation to ensure data security on directors, who are positioned at the core of corporate governance, can minimize the governance costs of data security risks, prevent data violations by insiders within the company, and fill the loopholes in data laws. Moreover, this is also an inevitable requirement and an integral part of directors' fiduciary duties and duties of diligence. However, legislators and scholars in China have mostly emphasized the company's obligation to ensure data security, lacking regulations on the individual obligations and liabilities of members of corporate organs. The characteristics such as the absence of organizational law logic in the data governance system, the ambiguity of specific obligation subjects, and the vagueness of corresponding liabilities have led to the fact that China has not accumulated judicial and law enforcement experiences in holding directors accountable for data security, making it difficult to ultimately eliminate data security risks and failing to achieve a significant deterrent effect on lawbreakers. Observing foreign experiences, it has become a consensus in the comparative law that company directors have an obligation to ensure data security. Whether in common law countries or civil law countries, they are constantly exploring the connection paths between corporate law and data security laws, attempting to achieve the shift of the focus from organizations under behavioral law norms to individuals under organizational law norms under the provisions of directors' obligations, actively presenting the connotations of directors' obligations to ensure data security, and creating directors' liabilities for ensuring data security. This has important implications for China. Firstly, the directors' obligation to ensure data security is a redistribution at the corporate governance level of the company's obligation to ensure data security, and this obligation is part of the directors' duty of diligence. Secondly, directors' obligation to ensure data security can be categorized into the obligation to establish a data security system, the obligation to ensure the effective operation of this system, the obligation to remedy after data security incidents occur, the obligation to disclose information, and the obligation to promote the company to establish and shape a board of directors structure that matches data security requirements. Thirdly, the general negligence standard should be applied to the review standard for directors' violations of the obligation to ensure data security, breaking away from the traditional loose mode of reviewing directors' violations of the duty of diligence, assisted by the cost-benefit analysis method, and simultaneously configuring the review standards differently according to the types of companies and the identities of directors. Finally, adopting the mechanisms of cyber security insurance and directors' liability insurance to seek a balance between encouraging directors to actively explore new models of data utilization and preventing data security risks. In general, the coordinated linkage between corporate law and data law can achieve the closed loop of the data governance logic of ''data subject - data company - corporate organ'' and achieve a fundamental and symptomatic treatment of data risks. |
本站僅提供期刊文獻檢索。
