Personal data protection

The guidelines that are now in the pipeline are just the first steps towards the effective protection of personal information.

Drafted by the Ministry of Industry and Information Technology along with dozens of other government departments, the guidelines have already been submitted for approval.

However, little can realistically be expected of them since the standards are not compulsory. Such impotent standards will do little to prevent the rampant leaking of personal information and the abuse of such information.

The criminal law amended in 2009 stipulates that those working in State departments, financial institutions, telecommunications firms, transport and education departments face criminal charges if they sell personal information. But it fails to clarify whether it applies to other institutions or enterprises that can also easily obtain personal information.

That only an administrative warning was given to a software firm for its leaking of personal information points to the deficiency in this regard.

Nowadays there are firms that specialize in collecting and selling personal information. Bank clerks and people working in telecommunication companies have repeatedly been caught selling personal information to such firms. Even subsidiaries under major telecommunication firms rent their channels to illegal firms that send text messages for profits.

A recent survey found that in the last six months of 2011 alone, 121 million Internet users had their account numbers and their secret codes stolen.

It is not being alarmist to forecast that the booming trade in personal information and its illegal use will finally ruin online economic activities and disturb even the order of off-line business activities. A law is obviously needed to deter the unauthorized use of personal information. Hopefully the guidelines about to be released will help the enacting of such a law at an early date.