On 21 December 2016, China’s National Information Security Standardization Technical Committee (NISSTC) released a set of draft information security standards (the “Standards”) for public comment. The Standards include several individual documents covering: i) personal information, ii) cybersecurity, iii) big data, iv) certain devices, and vi) industrial control systems. Even though the Standards are voluntary and not legally binding, if passed they will provide useful guidance for organisations on how to fulfil their security obligations imposed by various laws including the Cybersecurity Law released last month.

Continue reading.