Abstract: Based on the "Data Security Law of the People’s Republic of China" and "Personal Information Protection Law of the People's Republic of China" related regulations, combined with the application scenarios and business characteristics of the railway industry, and analyzed the requirements of railway data security management under the new network environment, this paper proposed a unified management strategy that took into account data security and privacy protection and covered the whole life cycle of data. This study can provide a reference for strengthening data security control system and data security system research.