A new guide offering tips on protecting individual personal information is now available from the Ministry of Industry and Information Technology (MIIT).
Drafted by MIIT along with more than 30 other government departments, this guide sets out principles with respect to the collection, processing, transmission, utilization and management of individuals' personal information in various information systems. It emphasizes that personal information collected by companies should be used only for the intended business purpose, and once the personal information has been used, it should be deleted at once.
In recent years, the leakage of personal information and subsequent identity theft have become a widespread problem. The government's recent guide on personal information protection shows the importance of consumer protection measures and provides conduct standards for companies. But the guide provides little protection for consumers if its standards remain non-compulsory.
To address the problem, administrative and legal measures are needed.
In 2009, the criminal law added a new amendment which made the sale and unauthorized disclosure of personal information illegal for those working in government departments, financial institutions, telecommunications, transport, education and medical departments. But the provision contains no clear definition on the scope of "personal information" or detail on what defines an illegal action.
The lack of judicial interpretation has caused differences in understanding between judges and legal professionals as well as imbalanced measurements of the new law's effectiveness. Moreover, it does not include other institutions or companies which can also obtain personal information. New judicial interpretation is therefore necessary to make specific and feasible definition.
Criminal law protections are not enough; we also see flaws in the civil code. For example, the definition of "privacy" is not clearly explained. As a result, there is a debate on whether retaining some personal information such as ID numbers and telephone numbers constitutes an invasion of privacy.
In civil proceedings, the onus of proof is "He who is affirming must prove". Normally, it's hard for ordinary people to find out the source of leakage and provide enough proof to make a case. Since material losses are unlikely in certain common cases like phone harassment, the infringing party only bears civil responsibility for the cessation of the infringement, the elimination of any negative effects caused by his actions and offering a public apology without paying damages. For corporations, the cost of such litigation is minimal, but for ordinary people, a lawsuit would cost lots of time and money.
People expect reasonable, feasible and comprehensive laws to protect personal information protection. But to achieve all-round protection, all parts need to work together. For example, we need to establish mechanisms to trace the source of information leaks, award public tip-offs of information misuse and evaluate companies with a client information protection rating system. Only through these mechanisms can we promote the self-regulation of industry, enhance administrative supervision and coordination as well as encourage the public to protect themselves through taking legal action against offenders.
This article is first published in Chinese and translated by Li Shen.
Opinion articles reflect the views of their authors, not necessarily those of China.org.cn.