Securiti announces a $75M Series C Funding Round
ViewChina’s Cybersecurity Law (the “CSL”), which went into effect on June 1st, 2017, applies to the construction, operation, maintenance, and use of information networks, and the supervision and administration of cybersecurity in China. The CSL provides guidelines on cybersecurity requirements for safeguarding Chinese cyberspace. The law protects the legal interests and rights of organizations as well as individuals in China. It also promotes the secure development of technology and the digitization of the economy in China. Following entities come under the application scope of the CSL:
Compliance with the CSL is not straightforward since CSL has several ambiguities and complicated obligations for network operators and CIIOs. Additional laws and guidelines will also be considered concerning the CSL compliance, including guidelines concerning the security assessment of cross-border transfers of personal information and important data, Data Security Law (DSL), and recently promulgated Personal Information Protection Law (PIPL).
We have prepared the following compliance checklist for the covered entities to ensure compliance with the CSL. Please note that this is not an exhaustive compliance list. For a detailed overview of the CSL, please refer to our article on What is China’s Cybersecurity Law?
Network operators must adopt the following security measures to prevent network interference, damage, or unauthorized access, and prevent network data from leakage, theft, or alteration:
Under the CSL, CIIOs must also adopt the following security measures (in addition to security requirements for network operators stated above):
The CSL provides several data protection obligations which are similar to the PIPL. The CSL defines “personal data” as “data recorded electronically or by other means, which alone or in combination with other data enables a natural person to be identified, including but not limited to his name, date of birth, identification document number, biometric data, address and the telephone number”. Network products and services providers must follow the following data protection obligations:
Network operators and CIIOs must formulate cybersecurity emergency response plans and handle security breaches and impact assessments on a timely basis. In the event of a data breach, notify the affected individuals, report the breach to the relevant government departments and take remedial actions.
Under the CSL, CIIOs collecting and generating personal data and important data during their operations in China must store such data within China. CIIOs can only transfer data out of China when:
Measures for Personal Data Cross-Border Transfer Security Assessments issued by the Cybersecurity Administration of China in 2019 have introduced a broad jurisdictional scope for regulating cross-border transfers of personal information: all network operators are obliged to undergo the security assessment process before they may transfer personal information collected in the course of their operation in China to recipients outside the country.
Organizations should review measures issued by the Chinese government on how critical information infrastructure and important data are classified to determine whether they need to comply with data localization requirements of the CSL.
Cybersecurity product manufacturers, security service suppliers, and other organizations that provide services through networks should oblige with the following requirements:
CIIOs must, when procuring network products and services that may impact national security, submit the products and services to CAC and the State Council departments for a review for national security purposes.
Critical network equipment and special cybersecurity products can only be sold or provided after being certified by a qualified establishment, and are in compliance with national standards.
According to Article 47 of the CSL, network operators are required to monitor the information released by their users for information that is “prohibited from being published or transmitted by laws or administrative regulations. If such information is discovered, network operators must cease the transmission of information, remove the information, keep records, and report any unlawful content to relevant authorities.
Securiti helps organizations automate their privacy management operations using artificial intelligence and robotic automation. Request a demo and start your CSL compliance process today.
Get all the latest information, law updates and more delivered to your inbox
March 16, 2023
On March 2, 2023, the Biden-Harris administration announced its National Cybersecurity Strategy1 to secure the full benefits of a safe and secure digital ecosystem...
March 15, 2023
With the proliferation of data protection regulations globally over the last decade, organizations have been under unprecedented scrutiny regarding their resolve to ensure their...
March 13, 2023
The California Privacy Rights Act (CPRA) came into effect on January 1, 2023, formally amending and expanding the erstwhile California Consumer Privacy Act (CCPA)....
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128