The People’s Bank of China (PBOC) has issued a new set of guidelines on the handling of financial sector data.
PBOC recently released the “Guidelines for Financial Industry Data Capacity Building” (金融业数据能力建设指引) (JR/T 0218 – 2021), which officially came into effect on 9 February 2021.
Officials said that the goal of the Guidelines will be to “guide financial institutions in strengthening their data strategy plans, effectively perform handling of data, strengthen data security protections, drive integrated data protections, fully unleash the value of data as a factor of production, set data foundations for financial institutions to accelerate their digital transformation, and create financial core competitiveness which is suited to growth in the era of the digital economy.”
The Guidelines cover eight capability areas in particular, including data strategy, data management, data architecture, data standards, data protection, data quality, data applications and data life-cycle management.
The Guidelines also outline five basic principles for data capacity development in the financial sector, including:
- User authorisation,
- Security and compliance,
- Category-based policy,
- The minimum sufficient for use (最小够用),
- Usable yet unseen (可用不可见).
According to the Guidelines “user authorisation” requires that users be clearly notified of the purpose, methods, scope and usage of data gathering.
The principle of “the minimum sufficient for use” is intended to prevent the excessive collection, misuse and abuse of data, and pragmatically protect the ownership and usage rights of users.
The issuance of the Guidelines follows the release of the “Financial Data Security – Guidelines for Data Security Classification” (金融数据安全数据安全分级指南) (JR/ 70197-2020) by PBOC on 23 September 2020.