This month, China’s National Information Security Standardization Technical Committee (“NISSTC”) organized a meeting to launch a working group tasked with drafting a Personal Information Security Standard (“PIS Standard”). NISSTC is a government committee jointly supervised by the Standardization Administration of China and the Cyberspace Administration of China. In addition to the government agencies, several Chinese research institutions and Internet companies (including Tencent and Alibaba) will also participate in the working group.

According to one report, an NISSTC official explained that the PIS Standard would be a non-binding guideline serving as a bottom line for the data privacy and security practices of companies, including internet companies, operating in China. The official said that the PIS Standard would limit the kinds of information companies are permitted to collect, and that certain data protection-related conditions would be imposed on providers of information services and the design of relevant software. This official indicated that the PIS Standard would cover both data privacy and security; another official, according to a NISSTC press release, stated the hope that it would serve as the foundational standard for personal information protection practices in China. It is not currently clear whether the greater emphasis would be on data security or on privacy.

Although the contemplated PIS Standard would not be legally binding, its content may influence the future trajectory of data privacy and security-related legislation amid calls for a more comprehensive legal regime governing the protection of personal information. Further, as Chinese regulators generally wield significant discretion in the interpretation and application of often vaguely worded laws and regulations, such a standard could serve as a barometer for assessing legal compliance.

Steven Zhu of Covington & Burling LLP assisted with the research and preparation of this article.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Eric Carlson Eric Carlson

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has…

Eric Carlson has nearly two decades of experience advising clients operating in China and other jurisdictions in Asia on compliance and investigations matters, particularly in the areas of corruption/FCPA/fraud and export controls/sanctions.

Having lived in China for more than a decade, he has deep experience leading highly sensitive investigations in China and other jurisdictions in Asia, including investigations presenting complex legal, political, and reputational risks. He speaks Mandarin and Cantonese and has led more than four hundred witness interviews in Chinese in 24 provinces in China, and conducted dozens of trainings in Chinese. He is a Certified Fraud Examiner.

Eric also counsels clients on the compliance risks of proposed transactions, conducts compliance due diligence as part of mergers, acquisitions, and joint ventures, assists companies in updating and strengthening their internal compliance programs and tailoring them to the unique features of Asian markets, and developing and presenting tailored compliance training in Chinese and English. Eric has advised scores of companies and organizations representing nearly every major industry.

Eric is a regular speaker on China-related compliance issues. He has been quoted in publications such as 

The Wall Street Journal

The Economist, The Financial Times, Global Investigations Review, Compliance Week, FCPA Report, The Corporate Treasurer, Commercial Dispute Resolution, China Business Law Journal, 

and 

Economy and Nation Weekly

and

was a contributing editor to the

 FCPA Blog.

 

Chambers notes that Eric has “much more than just a conversational grasp of the language, but the ability to conduct interviews on specific subject matter details and get to the root of the issues.” Chambers further notes that “his language skills are very impressive” and that he provides “great advice that is grounded in reality,” adding: “They know the industry and their advice is very risk-based and balanced.” One client noted to Chambers: “They have strong regional coverage both in terms of footprint as well as language skills. If I have a compliance investigation in region with a tight timeframe, I know they can get it done. They take a more realistic approach to scoping investigations.” Other clients noted to Chambers that Eric is “really brilliant” and “an expert in this field.” According to one client surveyed by Chambers, “he is particularly adept at ‘right sizing’ the scope of an investigation to get at the key issues without incurring unnecessary operational or financial burden. He is also incredibly responsive to client communications.”