Privacy & Information Security Law Blog

In March 2014, the State Postal Bureau of the People’s Republic of China (the “SPBC”) formally issued three rules (the “Rules”) establishing significant requirements regarding the protection of personal information: (1) Provisions on the Management of the Security of Personal Information of Postal and Delivery Service Users (the “Security Provisions”); (2) Provisions on the Reporting and Handling of Security Information in the Postal Sector (the “Reporting and Handling Provisions”); and (3) Provisions on the Management of Undeliverable Express Mail Items (the “Management Provisions”). The Rules, each of which became effective on its date of promulgation, were issued in draft form in November 2013 along with a request for public comment.

The latest versions of the Rules generally retain most of what was contained in the original drafts. No material alterations were made to the personal information protection provisions, although some minor changes were made to the wording and the sequence of certain sentences was changed for conformity. Notably, the Security Provisions:

• create a coherent framework for information security in postal and express delivery services;
• define the “personal information of postal and delivery service users” (the “Users’ Information”); and
• clarify the purpose and scope of application of the Security Provisions and the allocation of responsibilities in the event of information security incidents.

The Security Provisions also take a major step forward in encouraging enterprises to optimize information security management processes and use technical means to reduce the risks of disclosures of Users’ Information.

In addition to alleviating problems arising from the misappropriation of personal information used for postal and express delivery service purposes, the Rules also represent a positive development in China’s data protection legal regime and are the most recent addition to an expanding array of sector-specific regulations governing personal information in China. Companies operating in the postal delivery sector may need to modify and improve their business processes and service strategies to comply with the Rules.