China instructing businesses on how to collect online information

The non-binding guidelines, designed to protect online personal data, are pending final approval from the State Council. The draft was approved by the National Information Security Standard Technology Committee on Dec 30, the China Software Testing Center told China Daily on Thursday.

Last Friday, March 30, the freshly minted Anonymous China announced via Twitter that they had hacked, defaced and leaked information from numerous Chinese government websites.

In December 2011, more than 6 million user accounts and passwords on CSDN, or China Software Developer Network, the country's largest programmers' website, were made public after hacker attacks.

The center is a research institution affiliated to the top industry regulator, the Ministry of Industry and Information Technology.
"The committee passed the third draft of the guidelines last year," said Gao Chiyang, deputy director of the center. "They will be released this year."

Private information includes identity, property interests, family data, e-mails, browser history and search behavior, said Qi Xiangdong, president of Qihoo 360 Technology Co, an online security software maker.

China's Internet population has hit 513 million, the largest in the world, according to a China Internet Network Information Center report in January.

Although the guidelines are not compulsory, Gao said he hoped they will help raise awareness of online privacy and eventually pave the way for a comprehensive law to be adopted to protect personal information.
"Under the guidelines, data will only be collected for necessary use with consent, and the data should be deleted in a timely manner to avoid abuse," Gao said.
Data abuse was common, he said. For example, some websites continue to keep and display information even though it is no longer relevant.

However, many developed countries have introduced information protection legislation, Gao said. Even before the widespread use of computers, a personal information law was adopted in the United States in the 1970s.

The European Union has also introduced legislation protecting personal information.

A report released by the China Software Testing Center last month said the security situation regarding personal information at 105 popular websites, including e-commerce websites Taobao, and Chinese search engine Baidu Inc, wasn't "looking good".

About 60 percent of Chinese Internet users have experienced online data theft, said Liu Jiuru, deputy director of the Electronic Technology Information Research Institute at the Ministry of Industry and Information Technology.
Zhou Hanhua, one of the guideline's drafters, said China lacks a comprehensive law to protect privacy.

The current regulations on privacy protection fail to effectively supervise banks, hospitals and telecom companies, he said.
Although a draft law on privacy protection was published in 2005, the legislation has not been listed on the top legislature's agenda.

The new guidelines are actually "technical guidance," said Zhu Xuan, director assistant of the CSTC. Technical guidance documents are usually taken as references for industrial operation.

Published by:

siavash's picture