Analysis of the Personal Information Security Specification from a Practical Perspective
2017 has witnessed a quickened pace of legislative development on personal information protection worldwide. A variety of countries in the Asia-Pacific region introduced or amended their legislation on personal information protection. Such as in China the Cybersecurity Law of the People’s Republic of China was implemented on June 1, 2017, the Mandatory Data Breach Notification was approved in February, 2017 in Australia, and the revised Personal Information Protection Act took effective on May 30, 2017 in Japan. The General Data Protection Rules (the “GDPR”) issued by the European Commission will come into force on May 25, 2018. In view of the trend of global economic integration, the extended jurisdiction of the GDPR will influence the global practice of personal information protection to a great extent. Against such background, the Information Technology--Personal Information Security Specification (GB/T 35273-2017) (hereinafter the “Specification”), formulated by the Standardization Administration of China based on domestic laws and regulations, international rules, and practices, was released on January 24, 2018 and will be effective as of 1 May 2018. This article will focus on the application of the Specification from a practical perspective based on legislative practice in other countries.