In December 2019, the People’s Bank of China (“PBOC”) issued the draft Measures for the Protection of Financial Consumers’ Rights and Interests for public comment (“draft Financial Consumer Measures”) (an official Chinese version is available here). Although the draft Financial Consumer Measures focus more broadly on consumer rights in the financial sectors, they imposes upon financial institutions privacy and cybersecurity obligations that—in certain instances—extend beyond the requirements stipulated in China’s Cybersecurity Law (“CSL”).
Following up on the draft Financial Consumer Measures, PBOC issued the Personal Financial Information Protection Technical Specification (“Financial Information Specification”) on February 13, 2020 setting forth additional privacy and cybersecurity requirements applicable to the life cycle of personal financial information collected and processed by regulated financial entities and other entities that process personal financial information (“Financial Industry Entities”). While the Financial Information Specification follows the general personal information protection principles under the Cybersecurity Law (“CSL”) framework, some specific requirements are worth highlighting, as explained below.
Continue Reading China Releases Personal Financial Information Protection Technical Specification