The Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") has recently released the Information Security Technology: Personal Information Security Specifications (Draft) (the "Draft") for public consultation by March 3, 2019.
Compared with the previous version, the Draft introduces major modifications in ten respects. First, a new term, "3.15 Personalized Display", is added to "Part III Abbreviations". Second, a new subsection entitled "5.3 Ban on the Forced Collection of Personal Information" is introduced. Third, the subsection "5.7 Exceptions to Obtainment of Authority and Consent" is revised. Fourth, a new subsection entitled "7.4 Personalized Display and Exit" is added. Fifth, a new subsection entitled "7.5 Aggregation of Personal Information Collected for Different Business Purposes" is added. Sixth, a new subsection entitled "8.7 Administration of Third-party Access" is added. Seventh, the subsection "10.1 Specifying Departments and Individuals Bearing Responsibility" is revised. Eighth, a new subsection entitled "10.2 Records of Personal Information Processing Activities" is added. Ninth, the "Informative Annex C: Methods of Safeguarding the Personal Date Subjects' Right to Grant Consent" is updated. And last, three annexes entitled "Annex C.1 Distinguishing Basic Business Functions from Expanded Business Functions", "Annex C.2 Notification of Basic Business Functions and Explicit Consent Thereto" and "Annex C.3 Notification of Expanded Business Functions and Explicit Consent Thereto", are added.