On 1 February 2019 the National Information Security Standardisation Technical Committee published the draft Information Security Technology – Personal Information Security Specifications for public comment. The consultation period will run until 3 March 2019.
The key amendments to the original Personal Information Security Specifications (for approval) are as follows:
- The specifications now include the following clause: "[a] personal information controller shall not force the personal information subject to accept the collection requirements."
- The exceptions regarding authorisation and consent by personal information subjects have been revised.
- A "personalized display and exit" mechanism has been added.
- Rules concerning the merger of personal information have been introduced.
- Management requirements concerning third party access to platforms have been added.
- The importance of data protection officers and departments has been promoted.
- The requirements regarding the reporting of "personal information security events" have been refined.
- Requirements regarding the recording of personal information processing activities have been added.
- Detailed rules have been added regarding how a personal information subject's "right to choose to agree" can be safeguarded.
For further information on this topic please contact Samuel Yang or Yang Chen at AnJie Law Firm by telephone (+86 10 8567 5988) or email ([email protected] or [email protected]). The AnJie Law Firm website can be accessed at www.anjielaw.com.
This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.