19 April 2012
A set of new national standards, namely, "Information Security Technology - Guide for Personal Information Protection" (Guide) is anticipated to be adopted in the first half of this year, as disclosed by an official of the Ministry of Information and Industry of PRC recently.
In the absence of effective legal protection on privacy (see our previous Legal Update Privacy Issues under PRC Employment Law
on 19 January 2012 for further information), the enacting of this Guide is hoped to strengthen the personal information protection in China.
The final version of this Guide is reported to require the information administrator to delete the personal information upon the fulfilling of the relevant purpose for which the personal information was collected. We understand that it will be a requirement under the Guide for the information administrator to expressly communicate to and agree with the relevant individual from whom the information is collected, the purpose of collection of the personal information.
A draft of the Guide was issued more than a year ago for comments from the public. The draft Guide at that time required an information administrator not to, without legal authorisation or express approval from a competent authority, transfer any personal information to any person outside China. However, it is yet to be seen whether this requirement is retained in the Guide that is issued.
As a national standard, the Guide when it is approved will not have legal effect. However, any non-compliance of such Guide may be taken into account by the courts when deciding whether the relevant individual's privacy has been infringed. That said, what penalty the information administrator will be exposed to for such infringement, and how much compensation (if any) the relevant individual may recover, is unclear.
For inquiries related to this Legal Update, please contact Hong Tran
, Rachel Zhang
, or your usual contacts with our firm.
Learn more about our Hong Kong office
, PRC offices
and Employment & Benefits