Page 6 - THE SOUTH CHINA BUSINESS JOURNAL
P. 6
PTH
China Fleshes out Regulation
on Industrial and Telecoms
Data Security
By Zoey Zhang, China Briefing, Dezan Shira & Associates
Following the Data Security Law, of industrial sectors, since the Data Security Law
China has drawn up a new regulation became effective on September 1, 2021.
clarifying how firms should handle
sensitive industrial and telecoms data. Definition and classification of industrial
The draft regulation classifies data into and telecoms data
“core”, “important”, and “ordinary”
categories, and requires firms to In the document, “industrial data” is defined as
take different degrees of protection information collected and generated in sectors
measures when collecting, processing, such as raw materials, machinery, consumer
transferring, and disposing data. goods, electronics manufacturing, and software
and information technology. “Telecoms data”
On September 30, 2021, the Ministry of refers to information produced or gathered from
Industry and Information Technology (MIIT) the broad communications network market.
published the Measures for the Administration
of Data Security in the Field of Industrial and According to Article 11 of the Measures, businesses
Information Technology sectors (Trial) (Draft) are obliged to sort and classify these industrial and
(hereafter “Measures”) and is soliciting public telecoms data into core, important, and ordinary
opinions until October 30, 2021. categories, and submit the catalogue of important
and core data to the local branch of the MIIT.
The draft Measures apply to all kinds of
enterprises, especially software and information The document lists respective principles for
technology (IT) service providers and telecom identifying core, important, and ordinary data
business license holders. (please refer to the following table).
It aims to regulate the industrial and telecoms data Generally, information that can pose a threat
processing activities carried out in China. Notably, to national security, economic stability, and
it clearly bans enterprises from moving “core data” technological advancement, or significantly
out of China. And it requires companies to get impact China’s industrial and telecommunication
a government security review before providing sectors can be labeled as important data or core
“important data” abroad. data. However, the Measures does not provide
any specific examples, leading many to find the
The document sets out detailed requirements definition still quite subjective.
regarding data storage, processing, disclosure,
disposal, and cross-border transmission. Data Classification of Industrial
processors may be obliged to record and report to Data and Telecom Data
the government on their activities in processing under the Measures for
important and core data. the Administration of Data
Security in the Field of
The Measures have become the first data security Industrial and IT Sectors
regulation formulated by a state agency in charge
3 AMCHAM SOUTH CHINA
China Fleshes out Regulation
on Industrial and Telecoms
Data Security
By Zoey Zhang, China Briefing, Dezan Shira & Associates
Following the Data Security Law, of industrial sectors, since the Data Security Law
China has drawn up a new regulation became effective on September 1, 2021.
clarifying how firms should handle
sensitive industrial and telecoms data. Definition and classification of industrial
The draft regulation classifies data into and telecoms data
“core”, “important”, and “ordinary”
categories, and requires firms to In the document, “industrial data” is defined as
take different degrees of protection information collected and generated in sectors
measures when collecting, processing, such as raw materials, machinery, consumer
transferring, and disposing data. goods, electronics manufacturing, and software
and information technology. “Telecoms data”
On September 30, 2021, the Ministry of refers to information produced or gathered from
Industry and Information Technology (MIIT) the broad communications network market.
published the Measures for the Administration
of Data Security in the Field of Industrial and According to Article 11 of the Measures, businesses
Information Technology sectors (Trial) (Draft) are obliged to sort and classify these industrial and
(hereafter “Measures”) and is soliciting public telecoms data into core, important, and ordinary
opinions until October 30, 2021. categories, and submit the catalogue of important
and core data to the local branch of the MIIT.
The draft Measures apply to all kinds of
enterprises, especially software and information The document lists respective principles for
technology (IT) service providers and telecom identifying core, important, and ordinary data
business license holders. (please refer to the following table).
It aims to regulate the industrial and telecoms data Generally, information that can pose a threat
processing activities carried out in China. Notably, to national security, economic stability, and
it clearly bans enterprises from moving “core data” technological advancement, or significantly
out of China. And it requires companies to get impact China’s industrial and telecommunication
a government security review before providing sectors can be labeled as important data or core
“important data” abroad. data. However, the Measures does not provide
any specific examples, leading many to find the
The document sets out detailed requirements definition still quite subjective.
regarding data storage, processing, disclosure,
disposal, and cross-border transmission. Data Classification of Industrial
processors may be obliged to record and report to Data and Telecom Data
the government on their activities in processing under the Measures for
important and core data. the Administration of Data
Security in the Field of
The Measures have become the first data security Industrial and IT Sectors
regulation formulated by a state agency in charge
3 AMCHAM SOUTH CHINA
