China lays out rules to protect customer data

China lays out rules to protect customer data

Summary: In the first non-legally binding guideline, some rules implemented by the government include companies deleting data after use and setting up on internal system to manage and protect customer data.

SHARE:

The Chinese government has set out rules and guidelines which companies must observe when they process personal data.

The non-legally binding code came into effect on Friday, according to China Daily. Companies and institutions have been instructed to delete customer information after use. Data should also be collected with the permission of the user and must be deleted as soon as possible after its usage.

chinasecuritykey620x465
Some rules for consumer data protection include companies deleting data and setting up internal systems to manage data.

The guidelines also allow companies to collect private data only for a specific and reasonable purpose, which cannot be altered or amended during the process. The code also requires companies to follow "the minimal principle", which means companies can only collect data sufficient for the specific purpose, and no fishing of information is permitted.

Companies must also set up an internal protection system to manage personal data and the person responsible for information protection must be clearly stated.

According to Gao Chiyang, deputy director of China Software Testing Center, which is affiliated with the Ministry of Industry and Information Technology (MIIT), 80 percent of personal information leaks took place from the inside. Employees working for companies also can easily access a large amount of personal information.

To better safeguard this, employees working for telecom companies, financial institutions, schools and hospitals also face up to three years in prison if they illegally provide personal information to others.

The Chinese police force had been pushing for more regulated and clearly defined parameters on crime involving the theft of personal data, as existing ones have been hampering its efforts to obtain conviction since July last year.

Other Asian nations have also stepped up data protection measures. Singapore's Data Protection Law came into effect in October last year, Malaysia's Personal Data Protection Act was launched in April 2010, while the Indian government in 2007 enacted the country's Do-Not-Call directive.

 

 

 

 

Topics: Security, Data Management, China

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Oh, the irony!

    I wonder what the Chinese government recommends if that data includes "Dalai Llama" "Tiananmen square" and/or "Wen Jiabao family billions"?
    matthew_maurice