China: Adopted TC260 cybersecurity standard practice guidelines-sensitive personal information identification guidelines

On 18 September 2024, the National Information Security Standardization Technical Committee (TC260) released the cybersecurity standard practice guidelines-sensitive personal information identification guidelines. The aim of the guidelines is to enhance the management and protection of sensitive personal information in accordance with Chinese data protection laws, including the cybersecurity law and the data security law. The guideline outlines specific rules for identifying sensitive personal information, which includes data categories such as biometric information, religious beliefs, medical health, and financial accounts. The guideline provides guidance for organisations on recognising, processing, and safeguarding sensitive personal information.