pdf

CSO: What are the New China Cybersecurity Law Provisions? And How CISOs Should Respond

March 11, 2019

Passed in 2016, China’s CyberSecurity Law creates broad standards for how companies must approach security and privacy. It specifies controls around data storage, online activities, breach notification, and appointing a head of cybersecurity among other requirements.

These provisions have raised questions about data gathering of multinational companies by the Chinese government. However, some lawyers argue the reality is more nuanced than Chinese censorship.

“When it comes to many things involving cybersecurity in China, there are a number of different motives,” said O’Melveny partner Ronald Cheng. “There’s certainly an existing data security problem in China both in terms of crime as well as a need to improve cybersecurity practices. The provisions have included assurances that the information that’s collected is supposed to be maintained confidential and is not to be provided to others. How credible that is, I think it’s really up to others to determine and it’s certainly understandable some are skeptical about that.”

To read the full article, click here.