Skip to Content
China Cybersecurity Law
Article

China's new cybersecurity law raises questions and concerns

2 min read

The new Cybersecurity Law is meant to improve data security for China and its citizens but has businesses within the country unsure about several requirements and the potential costs of compliance

 

China, the world’s second largest economy, recently implemented its new Cybersecurity Law (CSL). Designed to combat ever-growing information security threats and create a safer internet environment, the CSL calls for mandatory information security maintenance by businesses with computer systems linked to China.

The CSL, which went into effect on June 1, 2017, introduces major changes to the global cybersecurity landscape. The law is part of a new initiative to protect Chinese data from the prying eyes of foreign companies, an issue directly related to leaks from local governments in multinational organizations.
The CSL is intended to protect China and its citizens but, globally, the law has raised some real concerns. Vague provisions, broadly-defined terms, and the potential for new security risks and significant additional expense — these have a broad range of companies concerned about how the law will impact their IT systems, and therefore their operations, in China and elsewhere.

The CSL calls for mandatory information security maintenance by businesses with computer systems linked to China.

Protecting and accessing personal information

The CSL requires companies doing business in China to standardize and store their data in China and to provide the government with information about the business' network infrastructure. The law also requires controls for identifying and protecting personal and other sensitive information.

Specifically, the law focuses on how information is protected and how sensitive information about Chinese citizens is used. Such information must be stored on domestic servers, and companies using or requesting that information must undergo security checks before the data can leave the country. If companies store or retrieve the data in an unauthorized manner, they’re subject to fines and criminal charges.

Cost concerns

Many businesses also are concerned about the costs to improve the robustness of their IT systems and to implement newer technologies that better support data security. In addition, penalties for noncompliance can reach up to 1,000,000 RMB, (or nearly $150,000 USD) and, since China is trying to take precautions against foreign espionage with the law, failure to comply may also result in criminal charges.

The bottom line

The table below outlines key aspects of the new CSL in comparison to U.S. data compliance standards. Organizations should review their critical infrastructure and identify where individual private information lies. If all goes well and this new law is practiced and followed properly, sensitive data should be protected and have less risk of being exposed in the wrong hands.

Related Thinking

Business professionals discussing their retirement system cybersecurity.
September 26, 2024

Cybersecurity: Protecting your retirement system from hidden threats

Article 7 min read
Parents and their children smiling and taking a selfie.
September 9, 2024

Cybersecurity for families: 5 ways to help protect children and adults

Article 10 min read
Person searching on their computer in a dimly lit room.
August 30, 2024

Addressing the vendor threat

In The News 5 min read