Huntonprivacyblog.com informs that on December 28, 2012, the Standing Committee of the National People’s Congress
(“NPC”) of the People’s Republic of China passed the Resolution of the Standing Committee of the NPC Relating to Strengthening the Protection of Information on the Internet (the “Regulations”). The Regulations contain significant and far-reaching requirements applicable to the collection and processing of electronic personal information via the Internet.
♣ The Regulations begin with two broad statements that, on their face, are not limited to information processing on the Internet:
♠ (1) the State will protect electronic information that can identify individuals and implicate their private affairs, and
♥ (2) no organization or individual may misappropriate or otherwise obtain electronic personal information by unlawful means, or sell or otherwise unlawfully provide it to other persons. The Regulations then set forth a number of requirements that are more specifically directed at Internet service providers (“ISPs”) and other businesses that handle electronic personal information, including:
- ISPs and other businesses must adopt and comply with rules for their collection and use of electronic personal information, and make the rules publicly known.
- ISPs and other businesses must clearly state the purpose, means and scope of their collection and use of electronic personal information, and obtain the consent of the data subject for such collection and use.
- ISPs and other businesses must maintain electronic personal information in strict confidentiality.
- ISPs and other businesses must not divulge, alter or destroy electronic personal information obtained in the course of their business activities, and may not sell it to other persons.
- ISPs and other businesses must adopt information security safeguards, and must take immediate remedial measures in the event of a security breach incident.
- ISPs must report security breach incidents to relevant government agencies.
Read the whole story HERE.
Read more about China’s new data protection law here: China, the newest member in the Data Protection laws global club