摘要: 本文围绕数据库营销中消费者敏感信息使用的合规问题展开系统研究。在数字经济背景下，企业在利用敏感信息提升营销效率的同时，面临着日益严峻的合规挑战。文章基于《中华人民共和国个人信息保护法》等法律法规，从敏感信息的定义与特殊性出发，指出数据库营销中应遵循的合法必要、知情同意和安全保障三大原则。通过识别信息收集、存储分析和使用等环节中存在的过度收集、告知不清、同意瑕疵、安全措施不足及第三方共享风险等问题，结合典型案例进行深入剖析。研究进一步从法律监管、企业自律和消费者参与三个层面，提出构建多方协同的合规治理框架的具体路径，旨在平衡商业效率与个人信息保护，促进数字经济的健康可持续发展。

Abstract: This paper undertakes a systematic exploration of the compliance issues associated with the utilization of consumers’ sensitive information in database marketing. In the context of the digital economy, while enterprises are harnessing sensitive information to boost marketing efficiency, they are grappling with increasingly formidable compliance challenges. Grounding on laws and regulations, including the “Personal Information Protection Law”, this paper commences from the definition and distinctiveness of sensitive information. It posits three fundamental principles that ought to be adhered to in database marketing: lawfulness and necessity, informed consent, and security safeguards. By pinpointing issues such as over-collection, ambiguous notification, consent irregularities, inadequate security provisions, and risks related to third-party sharing during the stages of information collection, storage, analysis, and application, this paper conducts an in-depth dissection in conjunction with typical cases. Furthermore, this research puts forward specific approaches for constructing a multi-stakeholder collaborative compliance governance framework from three dimensions: legal supervision, corporate self-regulation, and consumer engagement. The objective is to strike a balance between commercial efficiency and personal information protection, thereby facilitating the sound and sustainable development of the digital economy.