Dior punished for data law breach
Chinese police have imposed an administrative penalty on Christian Dior's company in Shanghai for violating rules on data transmission, according to a government statement issued on Tuesday.
Cybersecurity departments launched an investigation after news reports in May said Dior customers in China had received text messages about a data leak.
Investigators found that the Shanghai unit transmitted customers' personal information to the luxury brand's headquarters in France without passing the safety assessment of the outbound transfer, signing a standard contract for the transfer and obtaining certification for personal information protection, the statement said.
The company also failed to fully inform customers about how their information would be processed overseas and obtain their individual consent before sending the data abroad, it said. In addition, it did not encrypt or de-identify the personal information it collected.
According to news reports, Dior sent Chinese customers text messages in May warning of a data breach. Online pictures of the messages show that on May 7, Dior discovered that part of its customer data had been accessed by unauthorized personnel outside the company.
Dior said in the message that it was investigating the breach, taking measures in response to it and reporting it to regulators.
The government statement urged personal information handlers to learn from the case and comply with the country's Personal Information Protection Law on processing and cross-border transfers of personal information.
- China's Global Governance Initiative receives positive feedback at forum
- China's Xizang sees steady tourism growth in 2025
- First-of-its-kind pearl auction held utilizing Hainan FTP
- Agarwood exhibition steeps Shanghai museum in fragrance
- The Fujian Coast Guard conducts regular law enforcement patrol in the waters near Jinmen
- IP protection for new fields to improve
