On 13 June 2018 the National Information Security Standardisation Technical Committee (NISSTC) released the Information Security Technology – Guide to the Personal Information Security Impact Assessment (Draft for Comment),(1) which is open for public comment until 25 July 2018.

The guide provides direction on the personal information specification and stipulates the basic concepts, framework, methods and procedures regarding personal information security impact assessments. It also establishes the procedures for implementing such assessments, including with regard to:

  • preparation;
  • necessity analysis;
  • data mapping analysis;
  • personal interests influence analysis;
  • security incident possibility analysis;
  • risk analysis;
  • assessment reporting;
  • risk management; and
  • report releasing.

Further, the guide provides information on compliance gap analysis and the activities which typically involve the processing of personal information in order to assist data controllers in undertaking a personal information security impact assessment. The guide's annexes set out the judgment criteria and implemental tables for such assessments.

For further information on this topic please contact Samuel Yang at AnJie Law Firm by telephone (+86 10 8567 5988) or email (yanghongquan@anjielaw.com). The AnJie Law Firm website can be accessed at www.anjielaw.com.?


(1) Available here.

This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.