KEY HIGHLIGHTS
- China’s Data Security Plan: China unveils a draft contingency plan for data security incidents, emphasizing strict deadlines for breaches amid rising concerns about large-scale data leaks and hacking.
- Four-Tier Classification: A proposed color-coded system classifies incidents based on harm to national security or the economy. “Especially grave” breaches involving significant losses and sensitive information trigger a red warning.
- Geopolitical Context: The move comes amid heightened tensions with the U.S. and allies. Beijing addresses concerns following a hacker’s claim of accessing personal information on one billion Chinese citizens from Shanghai police.
- Detailed Response Guidelines: China’s Ministry of Industry and Information Technology (MIIT) outlines a detailed plan for local governments and companies to assess and respond to data security incidents, emphasizing immediate reporting and a 24-hour work rota for critical incidents.
- Strict Reporting Requirements: The plan mandates that companies notify MIIT within ten minutes of a red or orange warning, with severe consequences for late reporting, false reporting, or attempts to conceal incidents.
- Focus on National Security: The contingency plan reflects China’s emphasis on safeguarding national security, with a specific focus on addressing incidents that could impact the economy or compromise sensitive information of millions of individuals.
China’s Preliminary Plan for Data Security
China has put forward a preliminary plan to tackle big problems with data security. This plan is meant to help deal with situations where a lot of sensitive information is leaked or hacked. The Chinese government is worried about these issues happening in the country, especially with tensions between China and the United States.
The Ministry of Industry and Information Technology (MIIT) in China made this plan public on Friday. They want to know what people think about it before finalizing it. The plan suggests a four-level system that uses different colors to show how serious a data breach is. The levels depend on how much harm is done to national security, a company’s online system, or the country’s economy.
Four-Level System for Assessing Data Breach Severity
According to the plan, if a data breach causes more than 1 billion yuan (which is about $141 million) in losses and affects personal information of over 100 million people, it will be marked as “especially grave.” In this case, a red warning has to be given.
The plan also says that when a red or orange warning is issued, the companies involved and the local authorities must work around the clock to fix the problem. They have to inform MIIT within ten minutes of finding out about the data breach. MIIT emphasizes that if the problem is serious, it must be reported to the local industry regulatory department immediately. There’s no room for late reporting, lying, hiding, or leaving out information.
Source(s): Cybernews
The information above is curated from reliable sources, modified for clarity. Slash Insider is not responsible for its completeness or accuracy. Please refer to the original source for the full article. Views expressed are solely those of the original authors and not necessarily of Slash Insider. We strive to deliver reliable articles but encourage readers to verify details independently.