Originally published in Privacy & Security Law on 03/18/2013.

There is continued focus in China on privacy and data security issues. China still has no omnibus law, but it has promulgated some sector-specific regulations. The latest of these regulations governs protection of consumer data by credit reporting agencies. More significantly, China has issued new voluntary guidelines on management of computerized information of individuals. We discuss both of these developments below.

Voluntary Guidelines -

The Information Security Guidelines for Protection of Personal Information Within Information Systems for Public and Commercial Services (the ‘‘Guidelines’’) took effect Feb. 1. The Guidelines, which were issued as a ‘‘national standard’’ under China’s GB (‘‘guobiao’’) standardization system, are not mandatory and thus lack the force of law. That said, we anticipate that the Guidelines will serve as an important reference for companies seeking to develop best practices in order to comply with existing People’s Republic of China (PRC) legal provisions that pertain to data privacy, such as the general right to privacy under the Tort Liability Law and the sector-specific regulations mentioned above. Moreover, the Guidelines may serve as an indication of the direction in which the PRC government may be heading with respect to data protection laws in the future.