Personal information handlers shall take the following measures to ensure that their personal information handling activities are in compliance with laws and administrative regulations based on the purpose and means of handling, the categories of personal information to be handled, the impact on personal rights and interests, and the potential security risks, among others, and shall prevent unauthorized access to, as well as breach, tampering or loss of any personal information:
- formulating internal management system and operational procedures;
- implementing classified management of personal information;
- adopting corresponding security technical measures such as encryption and de-identification;
- reasonably determining the operational authority of personal information handling, and regularly conducting safety education and training for practitioners;
- formulating contingent plans for personal information security emergencies and organizing the implementation of such plans; and(6) other measures as provided by laws and administrative regulations.
Related provisions:
Relevant PIPL Compliance Documents
(Subscription Services Required)
- 2017 Cybersecurity Law
- 2021 Data Security Law
- 2020 Personal Information Security Specification
- 2021 Cybersecurity Review Measures
- 2021 Regulations on the Management of Online Data Security (Draft)
For detailed information on XL Law Subscription content, click here or email subscriptions@xllawconsulting.com.