Personal Information Security Standard Finalized

On January 24th, SAC and TC260 released the official text of the national voluntary standard: Information Security Technology - Personal information security specification, with an effective date of May 1st, 2018. The standard specifies the principles and recommended actions in each stage of information processing, i.e. the collection, storage, use, sharing, transfer and disclosure, provided detailed examples of personal information and personal sensitive information, and templates of privacy terms in the Annex. 

Although the standard is a national voluntary one and takes effect in the coming May, the regulators, CAC in particular, has already been heavily relying on the standard in a couple of personal information protection enforcement actions, such as the recent personal information protection initiative and CAC's recent handling of Alipay's sesame credit's privacy violation. Therefore, the standard is of practical importance to businesses in guiding personal information protection compliance efforts both internally and externally.