China: Personal Information Security Specification (PISS)

« Back to Glossary Index

Data privacy regulations in China are governed by the Personal Information Security Specification (PISS), which was issued in 2018 by the Standardization Administration of China. The PISS defines personal information as any information that can be used to identify a specific individual, including name, identification number, location data, and biometric data.

Under the PISS, organizations are required to obtain explicit consent from individuals before collecting their personal information, and must inform individuals of the purpose, method, and scope of the collection. Organizations are also required to clearly state their data protection policies, and are prohibited from collecting or processing personal information without a legitimate reason.

The PISS requires organizations to take appropriate measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. This includes implementing technical measures such as encryption and access controls, as well as organizational measures such as personnel training and incident response planning.

In addition to the PISS, China also has a Cybersecurity Law, which requires network operators to store personal information within the country and obtain government approval before transferring it overseas. The law also requires network operators to report cybersecurity incidents and cooperate with government investigations.

Failure to comply with data privacy regulations in China can result in significant fines and penalties, as well as damage to an organization’s reputation. It’s important for organizations operating in China to ensure that they are fully compliant with all applicable regulations to protect their customers’ personal information and maintain their reputation.

Accutive Security offers comprehensive data privacy solutions to help organizations comply with data privacy regulations in China and around the world. From data discovery to data masking, our solutions are designed to protect sensitive data and ensure compliance with all applicable regulations. Contact us today to learn more.

Download this Resource