The PRC Standardization Administration issued a national standard entitled the “Information Security Technology – Guideline for Personal Information Protection within Information System for Public and Commercial Services” (the Guidelines) that will take effect on February 1, 2013. The Ministry of Industry and Information Technology (MIIT), the regulator of telecom industry in China, first proposed the Guidelines in January 2011 for public consultation. The Guidelines were a response to numerous incidents involving the misuse of personal information in China. Although the Guidelines were proposed by the MIIT and implemented as a national standard, they are intended to regulate all organizations and entities on the protection of personal information. The Guidelines are only applicable to any processing of personal information that involves the use of an “information system” (e.g. a computing system). The Guidelines therefore are quite limited in scope when compared to usual data protection law whereby no distinction is drawn on whether an information system is involved or not. Under PRC law, the Guidelines do not have the force of law because there are no penalties in the event that they are not complied with.
Read more
