China's Evolving Personal Data Privacy Landscape
The first ever national standard on personal data privacy protection has come into force in China. The guidelines, called the Information Security Technology - Guide for Personal Information Protection within Public and Commercial Information Systems (Guidelines), were originally proposed by the nation's telecoms regulator, the Ministry of Industry and Information Technology in 2011 and subsequently released by the Standardization Administration of China. The Guidelines provide guidance on protecting personal information handled in information systems and applies generally to the private sector. While the Guidelines do not have the force of law, the introduction of a general national standard on personal data privacy protection marks a significant move for China. The China Software Evaluation and Test Centre have announced it is forming a self-regulatory group to play a consultative role in future legislation in the personal data privacy arena. Organizations should take active measures now to prepare their data collection, handling and processing|use practices for compliance with the best practice Guidelines.