(29 April 2021) – Guideline to Assess Compliance Level of Personal Information Processing successfully released in China on Apr 29, 2021.
Personal information is one of the most valuable assets in the 21st century. However, it has become an indisputable fact that personal information is out of control in the process of commercialization. Breaches of personal information have emerged one after another, disrupting market order, jeopardizing social stability, and even triggering public and national security crises. Therefore, protecting the security of personal information play a critical role to facilitate free flow of personal information, informatization of country, maintaining national security, guarding human rights and personal privacy.
In order to facilitate compliant processing, ethical utilization and regulated circulation of personal information, under the guidance of relevant state departments, the China Law Association on Science and Technology and China Legal Exchange Foundation organized several professional groups including Beking University Intellectual Property School, The Intellectual Property Development Research Institute of Peking University in the Guangdong-Hong Kong-Macao Greater Bay Area, etc. to issue the “Guideline to Assess Compliance Level of Personal Information Processing”. The issuance of the Guideline is in response to the enterprises’ demands to prove the compliance levels of organizations and to declare capability levels of compliantly processing personal information, above all to balance the needs between the protection and utilization of personal information.
Professor Zhang Ping, Executive Vice President and Secretary-General of the China Law Association on Science and Technology, emphasized that this Guidelines aim to enhance the overall level of personal information protection in society, and to guide enterprises handling personal information in a reasonable and legal manner. She also expressed that the Guidelines transparently and detailly mapping to existing laws and regulations, especially demonstrate the operational guidance to third-party certifications and enterprises’ operations.
Zhang Suofei, chairman of the China Law Exchange Foundation, introduced that the release of the Guidelines provides an important reference and assessing guidance for regulators, enterprises and the fields to clearly determine whether personal information processing is compliant in a sophisticated way.
Professor Wang Xixin, Peking University Law School Professor, believed that protecting personal information and respecting personal privacy is not only a personal matter, but also a national matter. Guidelines is very important for independent third parties to provide assessing standards and evaluation frameworks. Most importantly, Guidelines will keep upgrading along with more practical pilots.
Yao Xiangzhen, Director of Cyber Security Center, China Electronics Standardization Institute, said that It is necessary to improve the standard systems of data security and personal information protection, to formulate normative, guideline, and evaluation standards for enterprises, thus to form an integrated, mutually complementary and interconnected standard system.
Wang Xueli, Deputy Secretary-General Standard Committee, China Society for Economic System Reform, believed that the Guidelines is gradually systematized, generalized, combined, modularized, and finally suitable for scientific research.
Zhao Xiaohai, general manager of Beijing Peking University Yinghua Technology Co., Ltd., believed that the Guidelines is able to empower the enterprise through informatization and intelligence.
Bi Maning, former deputy director of Information security rating center of the Ministry of public security advocated that the Guidelines is creating a community of self-disciplined compliance, self-regulated governance, certification, supervision and enforcement so as to an integrated governance ecology.