Chapter V Obligations of Personal Information Processors
Article 57
Translation Notice
This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.
本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。
Chinese Original
第五十七条 发生或者可能发生个人信息泄露、篡改、丢失的,个人信息处理者应当立即采取补救措施,并通知履行个人信息保护职责的部门和个人。通知应当包括下列事项: (一)发生或者可能发生个人信息泄露、篡改、丢失的信息种类、原因和可能造成的危害; (二)个人信息处理者采取的补救措施和个人可以采取的减轻危害的措施; (三)个人信息处理者的联系方式。 个人信息处理者采取措施能够有效避免信息泄露、篡改、丢失造成危害的,个人信息处理者可以不通知个人;履行个人信息保护职责的部门认为可能造成危害的,有权要求个人信息处理者通知个人。
English Translation
Where leakage, tampering, or loss of personal information occurs or may occur, a personal information processor shall immediately take remedial measures and notify the departments performing personal information protection duties and the individuals. The notification shall include the following matters: (1) the categories of information that has been or may be leaked, tampered with, or lost, the reasons, and the possible harm; (2) remedial measures taken by the personal information processor and measures that individuals may take to mitigate harm; and (3) the contact information of the personal information processor. Where measures taken by the personal information processor can effectively avoid harm caused by leakage, tampering, or loss of information, the personal information processor may refrain from notifying individuals. If a department performing personal information protection duties considers that harm may be caused, it has the right to require the personal information processor to notify individuals.
Plain English Note
Site explanation only. Not part of the translation.
Article 57 is the personal information incident response rule, including remedial measures and notification to regulators and affected individuals.