Data Security Center (DSC) includes a built-in template that maps its data classification and categorization system to the Chinese national standard GB/T 43697-2024 (*Data Security Technology - Rules for Data Classification and Categorization*). This template is enabled by default and helps enterprises meet compliance requirements across their data processing workflows.
Categorization
DSC uses four sensitivity levels (S1–S4) that correspond to the four data levels defined in GB/T 43697-2024.
| DSC level | DSC description | Regulation level | Regulation description |
|---|---|---|---|
| S1 | Non-sensitive data. Public disclosure generally causes no harm. Examples: provinces, cities, product names. | Level 1 data | A breach, tampering, destruction, or illegal access, use, or sharing does not harm individual or organizational rights and interests. |
| S2 | General sensitive data. Not suitable for public disclosure. A breach causes low harm. Examples: names, addresses. | Level 2 data | A breach, tampering, destruction, or illegal access, use, or sharing causes general harm to individual or organizational rights and interests. |
| S3 | Critical sensitive data. Highly sensitive. A small leak can cause serious harm. Examples: ID certificates, account passwords. | Level 3 data | A breach, tampering, destruction, or illegal access, use, or sharing causes serious harm to individual or organizational rights and interests. |
| S4 | Core confidential data. Must not be leaked under any circumstances. Examples: genes, fingerprints, irises. | Level 4 data | A breach, tampering, destruction, or illegal access, use, or sharing causes particularly serious harm to individual or organizational rights and interests, and may also cause general harm to economic operations, social order, or public interests. |
For the full regulation level definitions, see Appendix H General Data Categorization Reference in *Data Security Technology - Rules for Data Classification and Categorization* (GB/T 43697-2024).
Classification
DSC classifies data based on GB/T 43697-2024 by grouping data child classes with similar subjects and subdividing them based on their described objects.
| DSC classification | Regulation classification |
|---|---|
| Personal information | User data |
| Company information | Business management data |
| Technical management | System O&M data |
| Business data | Business data |
| Marketing service | Business data |
| Comprehensive management | Business management data |
For the full regulation classification definitions, see Table A.1 Reference Examples For Object-based Data Classification in Appendix A of *Data Security Technology - Rules for Data Classification and Categorization* (GB/T 43697-2024).
Classification and feature examples
The following table maps DSC level 1 categories and level 2 child classes to their corresponding standard categories. The regulation reference column links to the applicable appendix in GB/T 43697-2024.
| DSC level 1 category | DSC level 2 child class | Standard level 1 category | Standard level 2 category | Regulation reference | Categorization example |
|---|---|---|---|---|---|
| Personal information | Personal financial information | Personal financial information | Personal financial information | Table B.1 Reference Examples For Personal Information Classification (Appendix B, GB/T 43697-2024) | Personal financial information |
| Personal information | Personal health and physiological information | Personal health and physiological information | Medical and health information | Table B.1 Reference Examples For Personal Information Classification (Appendix B, GB/T 43697-2024) | Personal health and physiological information |