Dior punished for data law breach
Chinese police have imposed an administrative penalty on Christian Dior's company in Shanghai for violating rules on data transmission, according to a government statement issued on Tuesday.
Cybersecurity departments launched an investigation after news reports in May said Dior customers in China had received text messages about a data leak.
Investigators found that the Shanghai unit transmitted customers' personal information to the luxury brand's headquarters in France without passing the safety assessment of the outbound transfer, signing a standard contract for the transfer and obtaining certification for personal information protection, the statement said.
The company also failed to fully inform customers about how their information would be processed overseas and obtain their individual consent before sending the data abroad, it said. In addition, it did not encrypt or de-identify the personal information it collected.
According to news reports, Dior sent Chinese customers text messages in May warning of a data breach. Online pictures of the messages show that on May 7, Dior discovered that part of its customer data had been accessed by unauthorized personnel outside the company.
Dior said in the message that it was investigating the breach, taking measures in response to it and reporting it to regulators.
The government statement urged personal information handlers to learn from the case and comply with the country's Personal Information Protection Law on processing and cross-border transfers of personal information.
- Consumer rights protection disputes in new business models surge in Guangzhou
- French vloggers explore highland scenery and Tibetan culture in Yunnan
- Village in Jiangxi gives 100,000 yuan bonus to residents turning 100
- World's leading lab service provider opens China headquarters in Wuxi
- 'Ride to spring' becomes a major tourist attraction in Chongqing
- Lawmakers with disabilities advocate AI and robotics to improve lives
