Beijing's Guideline ensures firms must take care with personal info

Mainland specifications for personal information protection, under the name of the "Guideline", mark the latest step by Beijing to address data privacy issues after a number of recent high-profile cases involving unauthorised use and disclosure of personal information.

The Guideline is an indication of the increasing attention being paid to data privacy issues on the mainland. The provisions of the guidelines are worth noting as they are likely to form the foundation of future legally binding data privacy laws.

The Guideline establishes eight basic principles regarding the handling of personal information. They are:

• Information collectors should have specific and clear purposes as well as justifiable reasons when processing personal information;
• Organisations should collect no more information than is necessary to fulfill their purposes and must delete the information once its intended use has been fulfilled;
• Information collectors must inform individuals in a clear, understandable and appropriate manner of the purpose, scope and use of personal information collected and of the measures which will be taken to keep the information secure;
• Information collectors must obtain consent to the collection of personal information;
• Information collectors must ensure that all personal information is complete and up to date;
• Organisations must take appropriate management and technical measures to keep information secure;
• Organisations must not continue to use information once the purpose for which it has been collected has been fulfilled; and
• Organisations must clearly define internal responsibilities for personal information, must take appropriate measures to implement the responsibilities and must keep records of data processing.

The Guideline divides personal information into general and sensitive information, although no detail is provided regarding what information will be classed as sensitive.