Important Data: More Duties for Processing

China is fleshing out its data protection rules. The Network Data Security Management Regulation (Draft for Comments), published in November 2021, provides more detailed guidance regarding the obligations of processors of important data.

Data is divided into general data, important data, and national core data. Important data refers to data that may jeopardize national security and the public interest if tampered with, corrupted, leaked, or unlawfully obtained or used. This includes data from industry, telecommunications, energy, transportation, and other key sectors. However, only a general guide is provided to companies to determine important data; industry-specific catalogs are currently being developed by the relevant government agencies.

If a data security incident involves important data or reaches the personal data threshold of 100,000 individuals, the incident must be reported to the municipal cyberspace department and relevant authorities within eight hours.  An investigation and assessment report must be completed within five working days of the incident being remediated. The report must include the cause of the incident, the consequences of the damage, responsibility for treatment, and improvement actions.

For the first time, the draft includes specific MLPS 2.0 requirements for processors of critical data: An IT system that handles important data should generally be rated higher than Level 3 and meet the requirements that MLPS 2.0 places on Critical Information Infrastructure Operators. For sharing, trading, commissioning, and annual assessment of critical data, the draft provides further obligations.

We are closely monitoring developments in the catalogs of important data in each industry. Based on this information, we can use data mapping to identify important data in companies, organize data inventories, and complete the legally compliant development of a data classification system in a timely manner.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s