After two years of preparation, China’s Network Security Law is ready for action. The National Law Review reports that the law is a historical development and one of the strictest worldwide.
The report gives an overview of what the new law covers as it relates to data privacy, security and cross-border transfers. For example, “ensuring consent for collection of personal information through the principles of legality, proper justification and necessity” and “requiring personal information to be stored in China under some circumstances.”
The report zeros in on the information that companies with operations in China are eager to know. The new law focuses on two categories of entities: “critical information infrastructure operators (CII Operators) and owners and managers of networks and the network service providers (Network Operators).”
CII Operators have more significant obligations than Network Operators, such as complying with the requirement to store personal information and important business data in China that has been “collected and generated in the operation.” Network Operators will have to comply with security measures that are most likely already in effect and that follow a leading data security framework.
Potential penalties for not following the new law can include “warnings, demands to make a correction, fines, public announcements of the misconduct, negative effects in national credit records, civil liability, closing of websites and even a revocation of the business license.”
Most important, the report advises that companies can best prepare by first determining which category their company is in: CII Operator or Network Operator. Second, it’s necessary to conduct data inventory or a data map in order to identify what the current system is lacking as it relates to the new requirements.
The report also advises that the new law is just one of many forthcoming new laws, regulations and enforcement actions. As always in the ever-evolving area of information security and data protections, vigilance and a proactive approach are a must.