IDC Names Securiti a Worldwide Leader in Data Privacy
ViewChina’s Cybersecurity Law (the “CSL”), which went into effect on June 1st, 2017, applies to the construction, operation, maintenance, and use of information networks, and the supervision and administration of cybersecurity in China. The CSL provides guidelines on cybersecurity requirements for safeguarding Chinese cyberspace. The law protects the legal interests and rights of organizations as well as individuals in China. It also promotes the secure development of technology and the digitization of the economy in China. Following entities come under the application scope of the CSL:
Compliance with the CSL is not straightforward since CSL has several ambiguities and complicated obligations for network operators and CIIOs. Additional laws and guidelines will also be considered concerning the CSL compliance, including guidelines concerning the security assessment of cross-border transfers of personal information and important data, Data Security Law (DSL), and recently promulgated Personal Information Protection Law (PIPL).
We have prepared the following compliance checklist for the covered entities to ensure compliance with the CSL. Please note that this is not an exhaustive compliance list. For a detailed overview of the CSL, please refer to our article on What is China’s Cybersecurity Law?
Network operators must adopt the following security measures to prevent network interference, damage, or unauthorized access, and prevent network data from leakage, theft, or alteration:
Under the CSL, CIIOs must also adopt the following security measures (in addition to security requirements for network operators stated above):
The CSL provides several data protection obligations which are similar to the PIPL. The CSL defines “personal data” as “data recorded electronically or by other means, which alone or in combination with other data enables a natural person to be identified, including but not limited to his name, date of birth, identification document number, biometric data, address and the telephone number”. Network products and services providers must follow the following data protection obligations:
Network operators and CIIOs must formulate cybersecurity emergency response plans and handle security breaches and impact assessments on a timely basis. In the event of a data breach, notify the affected individuals, report the breach to the relevant government departments and take remedial actions.
Under the CSL, CIIOs collecting and generating personal data and important data during their operations in China must store such data within China. CIIOs can only transfer data out of China when:
Measures for Personal Data Cross-Border Transfer Security Assessments issued by the Cybersecurity Administration of China in 2019 have introduced a broad jurisdictional scope for regulating cross-border transfers of personal information: all network operators are obliged to undergo the security assessment process before they may transfer personal information collected in the course of their operation in China to recipients outside the country.
Organizations should review measures issued by the Chinese government on how critical information infrastructure and important data are classified to determine whether they need to comply with data localization requirements of the CSL.
Cybersecurity product manufacturers, security service suppliers, and other organizations that provide services through networks should oblige with the following requirements:
CIIOs must, when procuring network products and services that may impact national security, submit the products and services to CAC and the State Council departments for a review for national security purposes.
Critical network equipment and special cybersecurity products can only be sold or provided after being certified by a qualified establishment, and are in compliance with national standards.
According to Article 47 of the CSL, network operators are required to monitor the information released by their users for information that is “prohibited from being published or transmitted by laws or administrative regulations. If such information is discovered, network operators must cease the transmission of information, remove the information, keep records, and report any unlawful content to relevant authorities.
Securiti helps organizations automate their privacy management operations using artificial intelligence and robotic automation. Request a demo and start your CSL compliance process today.
Get all the latest information, law updates and more delivered to your inbox
September 11, 2023
Securiti has just been recognized as a Leader in the “IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment” report. This makes us...
May 10, 2023
Privacy-by-design and privacy-by-default are two cornerstone concepts of data protection regulatory frameworks. Thus, compliance thereof is an essential legal prerequisite for any entity which...
April 5, 2023
Online advertising has permeated every aspect of our digital experiences. From search engine results to social media feeds, advertisements seem to follow us everywhere...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128