China: Adopted TC260 cybersecurity standard practice guidelines-sensitive personal information identification guidelines

Description

Adopted TC260 cybersecurity standard practice guidelines-sensitive personal information identification guidelines

On 18 September 2024, the National Information Security Standardization Technical Committee (TC260) released the cybersecurity standard practice guidelines-sensitive personal information identification guidelines. The aim of the guidelines is to enhance the management and protection of sensitive personal information in accordance with Chinese data protection laws, including the cybersecurity law and the data security law. The guideline outlines specific rules for identifying sensitive personal information, which includes data categories such as biometric information, religious beliefs, medical health, and financial accounts. The guideline provides guidance for organisations on recognising, processing, and safeguarding sensitive personal information.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2024-06-11
in consultation

On 11 June 2024, the Chinese National Network Security Standardization Technical Committee Secretar…

2024-06-24
processing consultation

On 24 June 2024, the Chinese National Network Security Standardization Technical Committee Secretar…

2024-09-18
adopted

On 18 September 2024, the National Information Security Standardization Technical Committee (TC260)…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.