The Cyberspace Administration of China recently issued the Administrative Regulations on the Provision of Financial Information Services. Under the regulations, parties must obtain the corresponding permits before they can provide various financial information services. Further, service providers must establish service specifications regarding information content auditing, data retention, information security and personal information and IP protection.
The National Health Commission recently released the Circular regarding Issuing National Health Medical Big Data Standards, Safety and Service Management Measures (For Trial Implementation). The circular provides guidelines regarding the standards and security of Big Data in the healthcare industry, as well as service management measures. As the circular is considered to mark the Cybersecurity Law's implementation in the healthcare industry, most of its security measures are derived from the law.
In one of the Guangdong province's top 10 internet cases of 2017, the court found that Apple IDs constitute personal information which may affect other parties' personal and property safety. As such, the two defendants concerned were convicted of infringing citizens' personal data rights after more than 1,200 pieces of personal information were found on their computers. This decision is believed to have had a demonstrable effect on the handling of similar cases.
The Ministry of Public Security recently released the Provisions on the Supervision and Inspection of Internet Security by Public Security Organs. According to the provisions, public security organs must supervise and inspect internet service providers and network entity users that provide a range of internet-related services. They also list certain powers that public security organs may use when supervising and inspecting internet security on-site.
The National Information Security Standardisation Technical Committee recently held a meeting to commence the pilot work on the Information Security Technology – Guidelines for Critical Information Infrastructure (CII) Security Examination Assessment (For Approval). The pilot work will focus on the reasonability and practicability of the guidelines. Twelve CII operators from the telecoms, internet, transportation, energy, finance, e-government and public services industries have been selected as pilot units.