China: Information Security Technology-Personal Information Security Specification Was Recently Released

The National Information Security Standardization Technical Committee recently released the Information Security Technology-Personal Information Security Specification (GB/T 35273-2017) (hereinafter the “Specification”). The Specification defines and explains the technical terms related to personal information security, such as “personal information”, “personal sensitive information”, “personal data subject”, etc. The Specification also provides detailed requirements and standards for the collection, preservation, use, processing and transmission of personal information.  It further specifies the basic principles of personal information security, such as “seeking personal data subject’s consent”, “minimum use of personal information”, “ensuring personal information security” and “personal data subject’s participation”.  In addition, the Specification provides a Privacy Policy Template in its appendixes to elaborate the specific terms and requirements of a privacy policy as guidelines for businesses to formulate and announce privacy policies.  Although recommended as national standards, the Specification is not legally binding; it is an important reference in respect of businesses’ compliance with regulation on personal information.