China’s Cyber Security Law: The Impossibility Of Compliance?
[et_pb_section admin_label=”Section” fullwidth=”on” specialty=”off” background_image=”https://www.newsoncompliance.com/wp-content/uploads/2017/11/unnamed-file.jpg” transparent_background=”off” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” module_class=”blog-header”][et_pb_fullwidth_post_title admin_label=”Fullwidth Post Title” title=”on” meta=”off” author=”on” date=”on” categories=”on” comments=”on” featured_image=”off” featured_placement=”below” parallax_effect=”on” parallax_method=”on” text_orientation=”center” text_color=”light” text_background=”off” text_bg_color=”rgba(255,255,255,0.9)” module_bg_color=”rgba(255,255,255,0)” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_padding=”100px||80px|” title_line_height=”1.6em”] [/et_pb_fullwidth_post_title][/et_pb_section][et_pb_section admin_label=”section” transparent_background=”off” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” custom_padding=”20px||20px|” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” module_class=”blog-content-wrapper”][et_pb_row admin_label=”Row”][et_pb_column type=”2_3″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid” module_class=”blog-text”]
China’s much-anticipated Cyber Security Law (CSL) will come into effect on 1 June 2017. The new law is the first comprehensive law to address cyber security concerns at the national level and to some extent consolidates cyber activities captured in other laws and regulations. The move by China to beef up its laws and regulations governing cyber activity is not dissimilar to what is happening around the globe. However deciphering exactly who is captured and what is covered is leaving companies unsure as to how they will comply with this vague and potentially onerous law.
Who will be captured by the law?
It is very likely that many multinational companies (MNCs) will feel the heat. The brunt of the CSL currently falls on “critical information infrastructure” (CII) operators. The broad definition of CII encompasses not only traditional critical industries such as power, transport and finance, but also other infrastructure that could, as outlined in the law, harm the “people’s livelihoods”. This means that any foreign company that is a key supplier to a ‘critical’ sector, as well as any company that holds significant amounts of information on Chinese citizens, could become a prime target for regulators seeking to enforce the CSL.
The lack of clarity in the definition of CII is significant because of the potential obligations for these companies, for example, localizing data to China and undergoing intrusive onsite inspections of cyber security systems and procedures. Certain technologies must pass a “national security review” to ensure they cannot be illegally controlled or interfered with before CII operators are able to use them. The CSL gives broad authority to the Cyberspace Administration of China, China’s powerful cyberspace watchdog, and other industry regulators to conduct these reviews.
What is covered by the law?
There is a particular focus on “personal information” and “important data”, both of which are vaguely defined. This is significant as network and CII operators will be required to localize this information to China, and a security self-assessment or approval from the relevant regulator will be required before transferring this data abroad.
Under the CSL, personal information is defined as information that, taken alone or with other data, is sufficient to ascertain an individual’s identity, including birth dates, phone numbers, addresses and identity card numbers. Other personal information guidelines indicate that regulators consider political, religious and genetic information to be sensitive. Similar to the State Secrets Law, the definition of important data is extremely vague; it is described as data closely related to national security, economic development and social public interests. Regulators will likely focus on whether companies have any data that could contradict official numbers, such as industry or population health statistics.
Source: Forbes
[/et_pb_text][et_pb_text admin_label=”Link/Source” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_text][/et_pb_column][et_pb_column type=”1_3″][et_pb_code admin_label=”Right Sidebar” saved_tabs=”all” global_module=”48″]Coming Soon[/et_pb_code][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” module_class=”blog-more-articles-wrapper”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]
Latest Articles
[/et_pb_text][et_pb_blog admin_label=”Latest Articles” fullwidth=”off” posts_number=”3″ show_thumbnail=”on” show_content=”off” show_more=”off” show_author=”off” show_date=”on” show_categories=”on” show_comments=”off” show_pagination=”off” offset_number=”0″ use_overlay=”off” background_layout=”light” use_dropshadow=”off” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_blog][/et_pb_column][/et_pb_row][/et_pb_section]
