After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet, private networks, or offline. As China’s primary cybersecurity regulator under China’s Cybersecurity Law (CSL), MPS previously issued regulations specific to network operators’ multi-level protection scheme, as well as procedures for China’s Public Security Bureaus (PSB) to inspect Internet service providers. The voluntary Guideline sets forth MPS-recommended best practices to “protect cybersecurity and individuals’ legitimate interests” that will likely inform PSB cybersecurity inspections. Businesses with interests in China are likely to face continued challenges to comply with the expanding implementation of the CSL (especially with respect to broadening definitions of Personal Information Holders and data localization requirements).
To read more on the guidelines, click here.