论公司董事的数据安全保障义务  

作　　者：陈洪磊 CHEN Hong-lie

机构地区：[1]吉林大学理论法学研究中心、法学院

出　　处：《当代法学》2025年第2期57-69,共13页Contemporary Law Review

基　　金：2021年度国家社科基金重点项目“授权资本制法律改革研究”(21AFX018)的阶段性成果。

摘　　要：在数字经济时代,公司数据安全已经成为影响公司利益和公司可持续发展的重要因素之一。由位于公司治理中心位置的董事们负担数据安全保障义务,可以最大限度地降低数据安全风险的治理成本。然而,我国数据治理体系呈现组织法逻辑的缺失、负担数据安全保障义务的主体不明以及对应责任的模糊,这导致我国并未续造出追究董事数据安全保障责任的司法与执法经验,难以实现数据安全风险的终局性消解。观察域外经验发现,董事对公司数据安全负有保障义务已成为数据治理的共识,这对我国具有重要的启示意义。首先,董事数据安全保障义务衍生于董事的信义义务,包括建置数据安全体系的义务、保障体系有效运行的义务、补救的义务、信息披露的义务以及推动公司建立匹配数据安全要求的董事会结构的义务,而且董事的数据安全保障义务与公司的数据安全保障义务并不等同;其次,对董事数据安全保障义务的审查应当配置较为严格的且体现差异的审查标准;最后,采纳网络安全保险以及董事责任保险机制,在鼓励董事积极探索数据利用新模式与防范数据安全风险之间寻求平衡。In the era of the digital economy,data has become another crucial factor of production following land,capital,technology,and management.As the primary organizational form for converting data into value,ensuring the data security of a company is one of the important factors affecting the company's interests and its sustainable development.Imposing the obligation to ensure data security on directors,who are positioned at the core of corporate governance,can minimize the governance costs of data security risks,prevent data violations by insiders within the company,and fill the loopholes in data laws.Moreover,this is also an inevitable requirement and an integral part of directors'fiduciary duties and duties of diligence.However,legislators and scholars in China have mostly emphasized the company's obligation to ensure data security,lacking regulations on the individual obligations and liabil⁃ities of members of corporate organs.The characteristics such as the absence of organizational law logic in the data governance system,the ambiguity of specific obligation subjects,and the vagueness of corre⁃sponding liabilities have led to the fact that China has not accumulated judicial and law enforcement expe⁃riences in holding directors accountable for data security,making it difficult to ultimately eliminate data security risks and failing to achieve a significant deterrent effect on lawbreakers.Observing foreign experi⁃ences,it has become a consensus in the comparative law that company directors have an obligation to en⁃sure data security.Whether in common law countries or civil law countries,they are constantly exploring the connection paths between corporate law and data security laws,attempting to achieve the shift of the focus from organizations under behavioral law norms to individuals under organizational law norms under the provisions of directors'obligations,actively presenting the connotations of directors'obligations to en⁃sure data security,and creating directors'liabilities for ensuring data securi

关 键 词：数据安全 董事义务 安全保障义务 数据治理 

分 类 号：D922.291.91[政治法律—经济法学]