A few major cybersecurity lapses in China led the government to pass China’s Cybersecurity Law (CSL) back in 2017. It now regulates the operations, construction, security, use and maintenance of networks in mainland China. It is supervised and enforced primarily by the
Cyberspace Administration of China (CAC).
Following are the 4 main components of the law.
Network Operations Security
All
network operators are expected to protect networks from damage, interference, and unauthorized visits with the following precautionary measures:
-
Internal operating policies and management systems with the help of specialized network security personnel.
-
Installation of technological shields against viruses, network intrusions, cyber-attacks and other digitally harmful activities.
-
Monitoring and recording of network performance data for at least the last 6 months.
-
Ensuring classification of data and encryption and backing up of highly sensitive data.
Network Information Security
Once collected and stored by a network operator, personal data also requires proper long-term protection. The Cybersecurity law requires network operators to take the following steps for the said purpose.
-
Maintenance of strict confidentiality regarding the obtained data.
-
Data is to be collected only to the extent necessary, and used only in a legal manner.
-
Consent is to be gained from the person from whom data is collected and the extent of data collection is also to be made clear.
-
The collected data is not to be disclosed, destroyed or altered later.
-
In the case of a breach, the relevant government authorities are to be informed promptly.
-
In the case of misuse, the subject can ask the network operator to delete the data. In addition, deletion can be requested if incorrect information is collected.
Geographical limitations
Foreign companies involved in data collection for business purposes cannot transfer the collected data abroad. Doing so will require stringent security checks, without which any transfer whatsoever shall be deemed illegal.
Conclusion
Multinationals and foreign investors have no easy way forward. Foreign investors must do their best to comply with the law. This brings with it its own set of challenges.
Business Services in China
Business China provides business services to foreign investors in China like
company registration services, accounting and taxation services, copyright protection, account management services, etc. We have successfully served more than 3000 clients in the last decade.
