A Legal Analysis On Distinguishing Sensitive Personal Information And General Personal Information In China

It is necessary and feasible to distinguish sensitive personal information and general personal information in our legislation.It is suggested to list the general types of sensitive personal information in the "Personal Information Protection Law" to be published in the future,then apply the consistent standard in sensitivity assessment by the particular law in each field,and stipulate the types of sensitive personal information suitable for the specific scene,so as to form a multi-level protection system of sensitive personal information in China.It is suggested that sensitive personal information should be defined in the "Personal Information Protection Law" as "personal information that is likely to endanger personal and property safety once it is disclosed,abused or illegally provided.The specific kinds of personal sensitive information of each industry shall be determined according to the respective business characteristics and the willingness of the personal information subject receiving the service.".The specific evaluation criteria of sensitivity of personal information involves a 3-tier test:(i)disclosure,illegal provision or abuse of personal information can lead to major personal injury or property damage;and(ii)the risk of the aforementioned major personal injury or property damage is high enough;and(iii)the situation of the first two criteria is recognized by most people in the specific society.The types of general sensitive personal information preliminarily proposed are divided into following six categories:(1)identity information(ID number),(2)internet identity information(various login accounts,passwords etc.),(3)biometric information(such as gene etc.),(4)personal property information(such as bank account etc.),(5)health information(such as physical check report etc.),(6)other information(such as contacts in mobile phone or social APPs etc.).In the future,it is necessary for the legislature to organize nationwide social survey to clarify the perception of the majority of people in the society to the general sensitive personal information,and then combine with the other two sensitivity criteria to determine the final version of general sensitive personal information suitable for China.By comparing the above preliminary research conclusions with the provisions involving differentiated protection of personal information in the current norms in China,there are three general norms not in align with each other on the differentiated protection of personal information,reflecting different legislators’ distinct understanding of the assessment standards of the sensitive personal information.It is hoped that the preliminary conclusions of this paper can pave the way for unifying the definition of sensitive personal information and the types of general sensitive personal information in the future.In addition,most of the individual norm in each field involving the differentiated protection of personal information at present are sound,since they are consistent with the purpose of ensuring both personal safety and property safety.However,a few norms and regulations applicable to the same scenario appear inconsistence.Hence,it is necessary to update those by adopting the same assessment standard of sensitive personal information so as to provide clear guidance for the conducts of relevant parties.