Tag Archives: China

China’s New Draft National Standards on Personal Information Protection

In our previous post, we discussed seven draft cybersecurity and data protection national standards released by China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), on December 21, 2016. “Information Security Technology – Personal Information Security Specification” … Continue Reading

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period … Continue Reading

Anthem Insurance Set to Brief Congress Two Days after Disclosing Cyber Attack

Just two days after disclosing publicly that it was “the target of a very sophisticated external cyber attack” in which the personal information of over 80 million customers was compromised, officials of Anthem Inc., the nation’s second largest health insurance company, are to brief staffers of the House Energy and Committee on the security breach.  … Continue Reading

Fraud Investigators Imprisoned for Illegally Collecting Personal Data in China

By Eric Carlson and Scott Livingston On Friday, August 8, 2014, a Chinese court convicted British fraud investigator Peter Humphrey and his wife, Yu Yingzeng, a naturalized US citizen, of illegally obtaining personal information.  Mr. Humphrey was sentenced to two and a half years in prison and fined RMB 200,000 (about US $32,000); Ms. Yu … Continue Reading

British Fraud Investigator Admits on Chinese State TV to Illegally Purchasing and Selling Personal Information

By Eric Carlson & Scott Livingston On August 27, 2013, state-run China Central Television broadcast a taped confession of detained British fraud investigator Peter Humphrey confessing to having used “illegal means” to obtain the personal information of Chinese citizens.  This highly unusual broadcast of a confession made by a foreigner in China, along with other … Continue Reading

China Issues Comprehensive Regulation on Collection and Use of Personal Information by Websites and Telecommunication Service Providers

On July 16, 2013, China’s Ministry of Industry and Information Technology (“MIIT”) promulgated the Provisions on Protecting the Personal Information of Telecommunication and Internet Users (“Internet Provisions”).  The Internet Provisions, which take effect September 1, 2013, provide specific implementation rules for telecommunication and internet information service provider’s (“TSPs” and “IISPs,” respectively) collection and use of … Continue Reading

China Regulates Smart Device Manufacturers’ Use of Pre-installed Apps

China’s Ministry of Internet and Information Technology (“MIIT”) has promulgated a new regulation targeting manufacturers of mobile smart devices (such as smart phones) that prohibits them from preinstalling certain apps that raise privacy, security, or prohibited content concerns.  Entitled “Notice Regarding Strengthening the Management of Network Access for Mobile Smart Terminals,” the new regulation forbids … Continue Reading

China Releases Draft Regulation for Online Collection and Use of Personal Information

On April 10, 2013, China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), issued a draft regulation for public comment entitled Provisions on Protecting the Personal Information of Telecommunication and Internet Users  (“Draft Provisions”).  The Draft Provisions would impose additional requirements when telecommunication service providers (“TSPs”) and internet information service providers (“IISPs”) collect … Continue Reading

Report Links Cyberattacks on U.S. Companies to Chinese Military

On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006. Mandiant claims the activity—carried out by a group called the … Continue Reading

China Releases National Standard for Personal Information Collected Over Information Systems; Industry Self-Regulatory Organization Established

China’s Standardization Administration recently released a long-awaited national standard related to personal information.  Entitled Information Security Technology — Guidelines for Personal Information Protection Within Public and Commercial Services Information Systems (信息安全技术公共及商用服务信息系统个人信息保护指南) (“Guidelines”), the new standard will take effect February 1, 2013.  The Guidelines are voluntary and lack the force of law.  They nevertheless clarify key … Continue Reading

Dun & Bradstreet Reportedly Fined RMB $1 Million for Illegally Obtaining Personal Information in China; Four Employees Imprisoned

A recent decision by a Shanghai court sheds new light onto a vague provision of the PRC Criminal Law and highlights the challenges faced by foreign companies overseeing local operations in China. On September 28, 2012, Dun & Bradstreet’s local operating subsidiary Shanghai Roadway D&B Marketing Services Co., Ltd. (“Roadway”) was charged by the Shanghai … Continue Reading

China’s New Data Privacy Legislation Targets “Personal Electronic Information” And Implements Real Name Registration for Certain Websites

On December 28, 2012, China’s national legislature enacted a new law to further regulate the collection and use of online personal information and to require certain network service providers to implement real name registration for all users.  As described below, the new law may affect all businesses handling an individual’s “personal electronic information” in China, … Continue Reading

Data Privacy Regulation for Websites in China Takes Effect, National Standards for Commercial Industries Forthcoming

On March 15, 2012, new provisions governing the online collection, use, and storage of personal information went into effect in China.  Promulgated by China’s Ministry of Industry and Information Technology (“MIIT”), the Several Provisions on Regulating the Market Order of Internet Information Services (“Provisions”) govern the competition-related activities of Internet Information Services Providers (“IISP”) in … Continue Reading

China’s Local Data Privacy Regulations Foreshadow National Efforts in 2012

As China’s central regulators finalize several national laws with data privacy components, provincial and municipal authorities are filling in the current legislative gap by passing local regulations governing the collection of personal information. Currently at the national level, sector-specific laws target various aspects of personal information collection but no single comprehensive law exists to govern … Continue Reading

Release of China’s First Personal Information Protection Standards Imminent

China’s Internet regulator, the Ministry of Information and Industry Technology, or MIIT,  is close to releasing the final version of China’s first national standards for personal information protection.  Drafted with the assistance of two other government departments, the release of  “Information Security Technology – Guidelines for Personal Information Protection” (信息安全技术个人信息保护指南) represents China’s first foray into … Continue Reading

Hong Kong Moves Closer to New Privacy Amendment

On July 13, the Personal Data (Amendment) Bill 2011 was introduced to Hong Kong’s Legislative Council for final approval.  The Bill, which is designed to implement the recommendations of a April 2011 government report on privacy reform, aims to address a spate of recent concerns about the prevalence of direct marketing-related data sales and transfers … Continue Reading