Follow us on
Member Login
sign out
[ICT] - SEP 30, 2021, Data Security on Industry and Information Technology To Face Scrutiny Supervising
Uploading Date: 2021-11-12 10:40:54



Background:


1.       China has launched a series of scrutiny measures on data security and cyber security after a booming ICT development in recent years. Several laws and regulations have been issued or implemented within the past 12 months.

2.       The Data Security Law of People’s Republic of China came into force on September 1, 2021, forming a general framework and principle for China’s administration on data security.

 

Current Status and Facts:


1.    On September 30, 2021, the Ministry of Industry and Information Technology (MIIT) published their draft of the Administrative Measures for Data Security in Industry and Information Technology Sectors (hereinafter referred to as “the Measures”) and called for public comments until October 30, 2021.

2.       A detailed official document aiming at ensuring data security in the industry and information technology sectors.

3.       Main content of the document include:

a)   Coverage of all data processing and security supervision for the industry and information technology sectors (data from material, equipment, consumer goods, software, as well as data generated by telecommunication operation or mobile phone using).

b)   Essentially categorizes data into three levels (general, important and critical) based on the following factors:

 i.      Number of users

 ii.     Covering region/industry

 iii.    Impact level on national/public/industrial security

 iv.    Recovery difficulty

c)         MIIT, along with all levels of industry and information technology administrations (provincial, municipal etc.) will serve as overseers of the Measures. Supervising actions and penalties include:

 i.     Necessary security review on critical data

 ii.    Questioning taking place if enterprises fail to follow the filing or security requirements

 iii.   Severe breach of the Measures’ requirements may result in entering a dishonest blacklist, business suspension, website/service shut down or even criminal liability.

 

Possible Impact and Suggestions:


1.       More similar data security administration documents may be released in other critical sectors.

2.       Follow-up documents for the Measures (data security risk management platform, and detail data categorizing regulations.) are very likely to be released as a next step.

3.       A clear ‘stop sign’ on excessive data collecting and using in relevant sectors.

4.       Potential but necessary preparation work is suggested for compliance teams in relevant MNCs and foreign enterprises:

a)         Follow-up on further updates of the document.

b)         Evaluate and review current data management systems compared with the draft, paying special attention to system structures.

5.       MNCs and foreign stakeholders may face an increase in cost and time for cross-border data transfer, or the solution to setup local databases in China.


If you have any question or need any help on the information, please contact:

assistant@bestao-consulting.com



Follow us on:
Email: