On 6 March 2020 the State Administration for Market Regulation and the Standardisation Administration released a national standard circular to announce that the Information Security Technology – Personal Information Security Specification (Specification 2020) and seven additional national standards have been issued and will take effect on 1 October 2020.(1)

Specification 2020 was revised based on the Information Security Technology – Personal Information Security Specification which came into effect in 2018 (Specification 2018). Compared with Specification 2018, Specification 2020 includes the following revisions:

  • the phrase "voluntary selection in multiple business functions" has been added;
  • the phrase "exceptions to consent and authorization" has been revised;
  • the phrase "use restrictions on user profile" has been added;
  • the phrase "use of personalized display" has been added;
  • the phrase "convergence of personal information that is collected for different purposes" has been added;
  • the phrase "de-registration of personal information subject" has been revised;
  • the phrase "third-party access management" has been added;
  • the phrase "specifying responsible departments and personnel" has been revised;
  • the phrase "personal information security engineering" has been added;
  • the phrase "personal information processing activity records" has been added; and
  • the phrase "methods on realising the voluntary intention of personal information subjects" has been revised.

Endnotes

(1) Further details are available here.