Article 21 of the Chinese People's **** and State Cybersecurity Law, which came into effect on June 1, 2017, provides that "technical measures are taken to monitor and record network operation status and cybersecurity events, and relevant network logs are retained for not less than six months in accordance with the regulations. " According to this article, the relevant network logs containing personal information need to be kept for at least six months.
2. "The Electronic Commerce Law of the People's Republic of China*** and the State of China"
Article 31 of the Electronic Commerce Law of the People's Republic of China*** and the State of China, which came into effect on January 1, 2019, stipulates that, "The time for the preservation of information on commodities and services, and information on transactions shall be not less than three years from the date of completion of the transaction." According to this article, for e-commerce platform operators, transaction information containing personal information should be kept for a period of not less than three years.
3.Regulations on the Administration of the Credit Collection Industry
Article 16 of the Regulations on the Administration of the Credit Collection Industry, which came into effect on March 15, 2013, stipulates that, "The retention period of the credit collection agency's personal bad information shall be five years from the date of termination of the bad behavior or event; and if it is more than five years, it shall be deleted." According to this provision, the retention period of personal adverse information exceeding five years shall be deleted. The Cybersecurity Law of the People's Republic of China*** and the State of China is a law enacted to safeguard cybersecurity, maintain the sovereignty of cyberspace and national security, the interests of the social public***, protect the legitimate rights and interests of citizens, legal persons and other organizations, and promote the healthy development of economic and social informatization.
The law was voted by the Standing Committee of the National People's Congress on November 7, 2016, and came into force on June 1, 2017 The Cybersecurity Law of the People's Republic of China (hereinafter referred to as the "Cybersecurity Law") was formally implemented on June 1, 2017, which, at the macro level, means that cybersecurity has become an important component of national security, along with homeland security, economic security, etc.; at the micro level, it means that cybersecurity has become an important component of national security, along with homeland security and economic security. security; from the micro level, it means that network operators (referring to network owners, administrators and network service providers) must assume the responsibility of fulfilling network security.
The Cybersecurity Law is China's first basic law to comprehensively regulate the management of cyberspace security, and redefines "cyber" to mean "a network consisting of computers or other information terminals and related equipment that collects, stores and stores information in accordance with certain rules and procedures". It also redefines "Cyber" to mean "a system consisting of computers or other information terminals and related equipment that collects, stores, transmits, exchanges, and processes information in accordance with certain rules and procedures", which has a broader meaning. Since it is a basic law, it is fundamentally different from the departmental rules and regulations that we have seen before, and it clearly states that failure to fulfill the corresponding responsibilities and obligations will be punished by law. Penalties are also from different perspectives to refine and clarify, in particular, will be in charge of or directly responsible for the personnel to be punished, constituting a crime will be held criminally responsible according to law.