根据我们与贵司相关负责人员的沟通，贵司拟对我国对于信息保护的相关法律规定做以了解及分析，以进一步规避贵司在日常运营中可能遇到的合规风险。鉴于贵司关注的合规要点在于个人信息的保护以及公司商业秘密的保护，我们在本法律意见书中将从个人信息保护及商业秘密保护两个角度对我国目前在相关领域的立法及监管现状作以阐述，并分别从个人信息与商业秘密两个方面为贵司提出信息保护方面的合规建议。

According to our communications with relevant person in charge of your company, you are supposed to be familiar with and analyze the relevant laws and regulations with respect to the information protection in China so as to further avoid the compliance risks that may be occurred in your daily operation. In consideration of the fact that the compliance essentials of your company lie in the protection of personal information and trade secrets, we will elaborate the current legislation and regulation of relevant fields from the perspectives of the protection of personal information and that of the trade secrets, and provide you with suggestions for compliance concerning the information protection from the aforesaid two aspects.

         二、我国个人信息保护的相关法律制度、法律监管及合规建议  

 1.  Legal System for, Regulation of and Compliance Suggestion for Personal Information Protection in China

（一）个人信息的定义

(1) Definition of Personal Information

我国目前的法律法规对个人信息并没有统一的定义，基于各部门法律、法规的规范的重点不同，其对个人信息的定义也不尽相同：

There is no unified definition of personal information in the current laws or regulations of China, and as the emphases of department laws and regulations are different, the definitions of personal information thereof are varied accordingly:

从上述不同法律、法规对于个人信息定义来看，虽然表述各有不同，但其认定个人信息的核心原则可归结为：单独或者与其他信息结合能够识别用户身份和个人活动的信息,包括但不限于用户姓名、出生日期、身份证件号码、住址、电话号码、账号和密码、个人生物识别信息等。

Judging from the  definitions of personal information in various laws and regulation, even though the definition are different from each other, the core principle for the determination of personal information may be summarized as: any information which can be used, individually or in combination with other information, to identify the identity and personal activities of the users, including but without limitation to user’s name, date of birth, number of ID documents, address, telephone, account and password, personal biological  identification information and etc.

 （二） 我国个人信息保护的法律体系

  (2) Legal System for Personal Information Protection in China

我国目前没有统一的个人信息保护法，与个人信息保护的规定散见于法律、法规、规章和司法解释中。

Currently, there is no unified personal information protection law in China, and the provisions therefor are scattered in laws, regulations, rules and judicial interpretations.

        1.个人信息保护的法律规定
        2.Legal provisions for personal information protection
      （1）专门的法律法规
       (1) Special legal provisions

我国目前专门对“个人信息”的保护加以规定的法律法规主要有《全国人民代表大会常务委员会关于加强网络信息保护的决定》、《最高人民法院、最高人民检察院、公安部关于依法惩处侵害公民个人信息犯罪活动的通知》、《电信和互联网用户个人信息保护规定》以及《信息安全技术、公共及商用服务信息系统个人信息保护指南》、《中华人民共和国网络安全法（草案）》等。

At present, the following special laws and regulations stipulate the protection of “personal information”: Decision of the Standing Committee of the National People’s Congress on Strengthening the Protection of Network Information, The Joint Notice of the Supreme People’s Court, the Supreme People’s Procuratorate and the Ministry of Public Security on Cracking down Criminal Activities Infringing Citizen’s Personal Information, Provisions Concerning the Protection of the Personal Information of the Users of Telecom and Internet, Information Security Technology and the Guidelines for Personal Information Protection in Public and Business Service Information System, the Internet Security Law of the People’s Republic of China (Draft)and etc.

这些专门性法律法规的颁布及实施，主要是针对实践中不断出现的个人信息被泄露的问题，填补在如今互联网和大数据时代我国法律法规对个人电子信息保护的空白。尤其是《全国人民代表大会常务委员会关于加强网络信息保护的决定》、《最高人民法院、最高人民检察院、公安部关于依法惩处侵害公民个人信息犯罪活动的通知》专门针对个人信息及网络安全问题，规定了公民个人信息的范围，实施侵权及犯罪行为的主体，以及相应的民事责任、行政处罚和刑事制裁。此外，2015年7月6日，经第十二届全国人大常委会第十五次会议审议公布了《中华人民共和国网络安全法（草案）》，该草案系我国关于网络安全管理的首部统一性、专门性立法，从立法原则、概念定义、网络运行安全、数据安全及信息安全的管理和维护以及预警应急机制和法律责任等方面分别进行了细化规定。该法案虽并未正式颁布执行，但其对于个人信息、数据安全等方面的定义及规定具有很大的参考及借鉴意义。

The promulgation and implementation of these special laws and regulations are mainly targeted for the continual occurrence of the disclosure of the personal information in practice, and fill in the gap of the laws and regulation of China in the protection of electronical information of individuals in the era of the Internet and big data. As for the personal information security and cyber security, the Decision of the Standing Committee of the National People’s Congress on Strengthening the Protection of Network Information, The Joint Notice of the Supreme People’s Court, the Supreme People’s Procuratorate and the Ministry of Public Security on Cracking down Criminal Activities Infringing Citizen’s Personal Information specially define the scope of personal information of a citizen, the subject the infringement and criminal activities and corresponding civil liabilities, administrative punishments and criminal sanctions. In addition, the Internet Security Law of the People’s Republic of China (Draft) was deliberated and publicized at the Fifteenth Session of the Twelfth Standing Committee of the National People’s Congress on July 6, 2015. As the first unified and specialized law of China concerning the management of the Internet security, this Draft details the legislative principle, the concept definitions, the management and maintenance of network operation security, data security and information security, the early warning and emergency mechanism and liabilities. Even though the Draft is not officially promulgated, it may be referred to for the definition and provisions of the personal information and data security.