Protection of an employee's personal data
Currently there is no dedicated law or regulation for privacy protection of employees in Mainland China. However, under the Employment Services and Management Regulations, which were issued by the Labour and Social Security Ministry (now known as the Human Resources and Social Security Ministry) and took effect from 1 January 2008, an employer is obliged to keep certain data relating to its employees confidential. It also limits the usage of such data by the employer.
Unfortunately, the law does not explain precisely what data is covered by this Regulation. However, in practice, such data should be taken to include the employee's name, ID number, contact details, education background, employment experience and similar information.
The Regulation also does not set out a list of the uses of the data that are prohibited by the employer. However it is anticipated that any use which results in the publishing of such data to the public will be a prohibited use if the relevant employee's written consent has not been obtained.
- Draft Personal Information Protection Law
Since 2003, China has been considering introduction of a Personal Information Protection Law. However, to date such law remains in draft form and is only circulated internally among authorities. There is no schedule for promulgation of this law.
- Information Security Technology – Guidance of Personal Information Protection (Draft 2011)
In February 2011, the Ministry of Information and Industry of China prepared a draft document headed "Information Security Technology - Guide for Personal Information Protection" ("Draft Guide"). This was published for comment by the public.
This Draft Guide, if enacted, will provide some guidelines as to the steps an employer can take while collecting, processing, transferring, using and managing an employee's personal information. For example it would oblige an employer to explain to the employee the purpose of collection of personal information. It would also limit the processing, management, transfer, and use of the employee's personal information to the scope which has been communicated to the employee.
In addition, the Draft Guide contains certain proposals, which, if enacted, would cause problems for employers who administer their HR and payroll functions of their China based employees outside China. These include a proposal that an information administrator shall not, without the express authorisation under the law or approval by the competent authority, transfer any personal information to any person outside China. However, concerns about such provisions have been expressed in firm tones to the appropriate authorities. As such we anticipate that such offending provision will be omitted or changed, when (or rather if) the Draft Guide is enacted (which is by no means certain).
Further, this draft Guide, even enacted, is likely to be a national standard rather than a "law". So it is hard to say to what extent it can impact the employer without the relevant laws or regulations issued to ensure its enforceability.