Chinese Postal Bureau Issues Personal Information Protection Rules
Time 2 Minute Read
Categories: Information Security, International

In March 2014, the State Postal Bureau of the People’s Republic of China (the “SPBC”) formally issued three rules (the “Rules”) establishing significant requirements regarding the protection of personal information: (1) Provisions on the Management of the Security of Personal Information of Postal and Delivery Service Users (the “Security Provisions”); (2) Provisions on the Reporting and Handling of Security Information in the Postal Sector (the “Reporting and Handling Provisions”); and (3) Provisions on the Management of Undeliverable Express Mail Items (the “Management Provisions”). The Rules, each of which became effective on its date of promulgation, were issued in draft form in November 2013 along with a request for public comment.

The latest versions of the Rules generally retain most of what was contained in the original drafts. No material alterations were made to the personal information protection provisions, although some minor changes were made to the wording and the sequence of certain sentences was changed for conformity. Notably, the Security Provisions:

  • create a coherent framework for information security in postal and express delivery services;
  • define the “personal information of postal and delivery service users” (the “Users’ Information”); and
  • clarify the purpose and scope of application of the Security Provisions and the allocation of responsibilities in the event of information security incidents.

The Security Provisions also take a major step forward in encouraging enterprises to optimize information security management processes and use technical means to reduce the risks of disclosures of Users’ Information.

In addition to alleviating problems arising from the misappropriation of personal information used for postal and express delivery service purposes, the Rules also represent a positive development in China’s data protection legal regime and are the most recent addition to an expanding array of sector-specific regulations governing personal information in China. Companies operating in the postal delivery sector may need to modify and improve their business processes and service strategies to comply with the Rules.

Tags: China, Criminal Law, Personal Information, Personally Identifiable Information
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page