PROTECTING INFORMATION: Anti-virus software scans for trojans, a form of malicious software that might transmit personal data, on April 18, 2012 (WANG ZHEN)

"The identity management policy enables people to protect their lawful rights by providing real names while building an environment of free exchange under anonymity," said Li Yuxiao.

Public resentment against the deluge of spam and telemarketing calls is answered by an opt-in policy. The decision forbids organizations and individuals from commercial solicitation by telephone or digital networks without prior consent.

Companies infringing upon citizen rights or violating privacy with commercial harassment must comply with cease-and-desist demands or face lawsuits.

The decision also empowers regulators to supervise Internet activities and requires network service providers to offer technical support.

Much-needed law

Although the Internet undoubtedly makes shopping, banking and socializing easier for China's roughly half a billion netizens, the trail of data left by such activities makes them vulnerable to fraud and identity theft.

"Mobile Internet, the Internet of Things and cloud computing have posed severe challenges to information security," Li Yuxiao said.

Recently, China Youth Daily conducted an online survey on 11,163 people across the country. Of all respondents, 93.8 percent said they believed their personal information had been leaked, and 86 percent were looking forward to a law to protect such data.

"Legal loopholes, ineffective regulation, weak technology, online service provider neglect of information security and low awareness of personal data protection are important factors leading to leakage," Li Yuxiao said.

Some result from cyber attacks. For instance, in December 2011 the account names and passwords of more than 6 million users of IT programmer community CSDN were made public by hackers. Social networking sites such as Tianya.cn were also reportedly breached.

"Some online service providers, not attaching enough importance to protecting user data, once stored unencrypted passwords, which are vulnerable to information theft," said Shi Xiaohong, Vice President of Qihoo 360, a leading Internet security provider.

A report released by Qihoo 360 last February said that more than half of Chinese websites have gaps in their security and as many as 36 percent carry "high-risk vulnerabilities."

Identity theft is a profitable enterprise for otherwise legitimate Internet businesses and some unscrupulous employees. Approximately 70 to 80 percent of personal information thefts in China are committed by insiders, according to the China Software Testing Center, an institution affiliated with the Ministry of Industry and Information Technology.

Many Internet users have not realized the importance of protecting their personal data, according to Shi. For example, some netizens set very simple passwords for their online accounts, such as using repetitive numbers or their own birthdays, and they seldom change these.

The number of phishing websites, fake sites aimed at acquiring personal information, is on the rise in China. Data from the China Internet Network Information Center show nearly 14,000 phishing websites were detected in the first half of 2012, 80 percent of which masqueraded as sites of financial institutions and media.