"Requirements for Data Security Technology and Electronic Product Information Clearing Technology" Mandatory National Standard Answers to Journalist Questions

Question: What specific obligations do electronic product manufacturers have according to the "Technical Requirements"? In order to ensure the security of user data from the source, the "Technical Requirements" stipulate that electronic product manufacturers should provide users with built-in information erasure functions. If they are unable to develop built-in functions, manufacturers must provide external information erasure tools, or provide information on available third-party tools, or provide users with free information erasure services. Before performing erasure, users must be informed of the scope, method, and impact of the erasure and obtain user consent. The erasure function must cover various files generated by users, address books, applications and data, identity authentication information, encryption keys, etc. Question: What requirements does the "Technical Requirements" impose on second-hand electronic product recycling operators? Recycling operators are key security nodes in the flow of second-hand electronic products. The "Technical Requirements" stipulate that recycling operators must meet the following requirements. Prompting and authorization: Users must be prompted to clear data before recycling, and access or retention of user data without consent is prohibited. Thorough erasure: Erasure must be carried out using functions or tools that comply with the "Technical Requirements". If the product is damaged and software erasure is not possible, physical destruction of the storage media must be carried out. Verification and traceability: The effectiveness of erasure must be verified before sale, and products with uncleared user data are prohibited from being resold or exported. Additionally, records of erasure operations and verification results must be kept for a minimum of 3 years.