China is in the process of drafting the Personal Information Security Standard (PIS Standard). This news comes after the launch of a working group in June 2016. Many people will be interested to see what the standard will address and how it will be practically implemented, if at all.
Personal Information Security Standard
The Chinese government committee gave the order to draft the standard, and a task team has been appointed. The standard will cover the protection of personal information that is currently unregulated in China. Although there is a high flow in personal information, a law dealing with the protection of information does not exist.
Data protection in China
The PIS Standard cannot be compared to other data protection laws in other countries. China is still in the infancy stages of creating regulations and legislation that is focused on the protection and security of information. It must be noted that the basis for the protection of privacy differs from one country to the next.
The lack of framework legislation and a regulatory authority may be reasons for the lack of regulation in China. Although there are sector regulations that address data protection, it is not sufficient. Chinese law does not have common data protection definitions that are in line with other countries’ legislative requirements.
Transfer of information to and from China
China is a minefield for personal information and they are heading towards a new, more protected frontier. The EU launched the General Data Protection Regulation (GDPR) that could possibly become the global standard for data protection. The GDPR is applied strictly, which may prohibit the transfer of personal information to China because of the lack of data protection regulation.