Telecommunications And Internet Users ' Personal Information Protection Rules

Original Language Title: 电信和互联网用户个人信息保护规定

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: http://www.chinalaw.gov.cn/article/fgkd/xfg/gwybmgz/201311/20131100393568.shtml

Telecommunications and Internet users ' personal information protection rules

    (Released July 16, 2013, Ministry of industry and information technology, the 24th since September 1, 2013) Chapter I General provisions

    First in order to protect the legitimate rights and interests of Telecom and Internet users, maintenance of network and information security, in accordance with the decision of the Standing Committee of the national people's Congress on strengthening of the protection of network information and the People's Republic of China Telecom regulations and the management of Internet information services and other laws and administrative rules and regulations, this provision is enacted.

    Article People's Republic of China territory of provision of telecommunication services and Internet information services, the use of users ' personal information collected during the activities, the present provisions shall apply.

    Article industry and information technology departments and provinces, autonomous regions and municipalities directly under the Communications Authority (hereinafter referred to as the telecommunications regulators) shall exercise supervision over telecommunications and Internet users ' personal information protection management.

    Fourth users ' personal information in these rules refers to telecommunications operators and Internet service providers in the provision of services in the process of collecting user name, date of birth, identification number, address, telephone number, user ID and password to be able to separate or combined with other information to identify a user's information, and users use the service time, location and other information.

    Article fifth telecommunications business operators, Internet information service providers in the provision of services in the course of collection, use the user's personal information, should follow the principle of legal, legitimate and necessary.

    Sixth telecommunications business operators, Internet information service providers in the course of providing services to its collection, use, users are responsible for the security of your personal information.

    Seventh State encourages the telecommunications and Internet industry self-regulatory efforts of personal information protection.

    Chapter II information collection and use

    Article eighth telecom operators, Internet information service providers should develop rules of user's personal information collection, use, and in their places of business or services, Web site and other made public.

    Nineth without the user's consent, and telecommunication business operators, Internet service providers should not collect, using users ' personal information.

    Telecommunication business operators, Internet information service providers collect, using users ' personal information, shall expressly inform the user collection, use, purpose, manner and scope of information, inquiries, corrections to information and refused to provide information on such matters as the consequences of.

    Telecommunication business operators, Internet information service providers shall not collect the required to provide services other than the user's personal information or use the information for the purpose of providing services, not to deceive, mislead, or forced, or violation of laws, administrative regulations, and the two sides agreed to collect and use information.

    Telecommunication business operators, Internet information service providers the user terminates the use of telecommunications services or Internet information services, should stop the collection and use of personal information, and by providing a cancellation number or account services.

    Legal and administrative regulations for the first to fourth paragraphs of this article otherwise provides, from its provisions.

    Article tenth telecommunication business operators, Internet service providers and their staff in the course of providing services in collection, use the user's personal information should be kept confidential shall not be disclosed, altered or destroyed, may be sold or illegally provided to others.

    11th telecommunications business operators, Internet information service providers on whose behalf the agent marketing and technical services directly to users of the service, involving the collection, use the user's personal information, the user agent should be oversight and management of the personal information protection and shall not entrust personal information about users does not comply with the provisions of protection requirements for agent-related services.

    12th telecommunications business operators, Internet information service providers user complaint handling mechanism should be established, announced effective contact, accept complaints related to personal information protection, and on the date of receipt of the complaint within 15th replies to the complainants.

    Chapter III safeguard measures

    13th telecommunication business operators, Internet service providers should take the following measures to prevent personal information leaks, damaged, tampered with or lost:

    (A) determine the sector, jobs and branches of the users personal information security management responsibilities;

    (B) establish the user's personal information collection, use, and activities related to work procedures and safety management system;

    (C) rights management of staff and agents, destruction of bulk export, copy, review information and leak-proof measures taken;

    (D) keep records of users ' personal information on paper, optical media, magnetic media such as carrier and take corresponding measures to secure storage;

    (V) information systems to store users ' personal information for access to review and take measures such as intrusion prevention, anti-virus;

    (F) record of user personal information of personnel, time, location, and other information;

    (VII) in accordance with the provisions of the telecommunications regulators to carry out communication network security work;

    (VIII) other necessary measures stipulated in the telecommunications regulators.

    Article 14th telecommunications business operators, Internet information service providers keep the user's personal information or possible leaking, damaged or lost, shall take immediate remedial measures has caused, or is likely to cause serious consequences, shall immediately grant the license or registration of the telecommunications regulators report with the relevant Department for investigation and treatment. Telecommunications regulators should be reported or discovered possible violation of the provisions of the Act to assess the impact; particularly significant, relevant provinces, autonomous regions, municipalities directly under the communications authority should report to the Ministry of industry and information technology.

    Telecommunications regulators in the treatment decisions made pursuant to this provision, can require telecoms operators and Internet service providers to suspend the Act, telecommunication business operators and Internet service providers should be implemented.

    15th telecommunication business operators, Internet information service providers shall users personal information protection of its staff knowledge, skills and safety training.

    16th telecommunications business operators, Internet information service providers should conduct a self-examination at least once a year on protection of personal information, record of self-examination, to eliminate security risks found in the self.

    Fourth chapter of supervision and inspection

    17th telecommunications regulators should be on telecommunications business operators, Internet information service providers conducting supervision and inspection to protect users ' personal information.

    The telecommunications regulators when conducting supervision and inspection, you can ask telecommunication business operators, Internet information service providers to provide relevant materials, access to their place of business to investigate the situation, telecommunication business operators, Internet service providers should be matched.

    Telecommunications regulators conducting supervision and inspection, supervision and inspection shall be recorded and shall be without prejudice to telecommunications business operators, Internet information service providers or service activities of normal, shall not collect any fees.

    18th telecommunications regulatory bodies and their staff to perform their duties in the knowledge of the user's personal information should be kept confidential shall not be disclosed, altered or destroyed, may be sold or illegally provided to others.

    Article 19th telecommunications regulatory agencies implement telecommunications business license and license during the annual roadworthiness inspection, protection of personal information should be reviewed.

    Article 20th telecommunications regulatory bodies should be telecommunications business operators, an Internet information service provider acts in violation of the provisions recorded social credit file and to the public.

    21st to encourage telecoms and Internet industry association the self-discipline of the law related to the personal information protection management system, and guide members to strengthen management, improve the level of personal information protection.

    The fifth chapter legal liability

    22nd telecommunications business operator, an Internet information service provider in violation of the provisions of article eighth, 12th article, by telecommunications regulators ordered ex officio correction, with a warning, and may be fined not more than 10,000 yuan.

    Article 23rd telecom operator, an Internet information service provider in violation of the provisions of article Nineth to 11th, 13th to 16th, 17th paragraph, by telecommunications regulators ordered ex officio corrections, be warned, may be of less than 10,000 yuan and 30,000 yuan fines, announced to the public constitutes a crime, criminal responsibility shall be investigated according to law.

    Article 24th telecommunications management staff to supervise and administer the user's personal information protection in the process of neglect, abuse, deception, shall be subject to processing constitutes a crime, criminal responsibility shall be investigated according to law.

    The sixth chapter supplementary articles 25th article of the regulations come into force on September 1, 2013.