Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

China: TC260 requests public comments on security requirements for sensitive personal information

On August 9, 2023, the National Information Security Standardization Technical Committee (TC260) released a draft cybersecurity national standard, the Information Security Technology - Security Requirements for Processing of Sensitive Personal Information, and is requesting public comments on the same. The draft standard clarifies how to identify sensitive personal information, common categories of sensitive personal information, and general security requirements for the processing of such data. Specifically, the draft standard details that the processing of sensitive personal information should have a specific purpose, and individual consent should be obtained.

On the basis of meeting the requirements of Standard GB/T 35273-2020 on Information Security Technology - Personal Information Security Specification, the collection, storage, use, processing, transmission, provision, disclosure, and protection measures must be taken in all aspects of processing, such as deletion. Furthermore, the draft standard looks at consent requirements, safety management requirements, and specific types of sensitive personal information, including biometric data, financial data, and health information, among others.

Public comments can be submitted via email to [email protected] until October 8, 2023.

You can read the announcement here and the draft standard here, both only available in Chinese.