Risk Management and China’s New Cyber Security Law

China’s new Cyber Security Law, which went into effect on June 1, 2017, will impact the way multinational organizations do business in China. As national laws with global impact (like China’s) evolve, risk evolves. You probably know that a cyber risk management “best practice” includes regularly updating your Risk Assessment. If it’s been awhile and your organization does business in China, now would be a good time to re-assess that risk.

China’s new law will likely amplify risk if an organization is doing business with or in China. While analysts have blasted the law for not being clearly defined, most generally agree that multinational corporations that have any network infrastructure in China or collect any personal identifiable information (PII) from China should pay attention to the evolution and enforcement of this law.

Do you have network infrastructure in China? You may have compliance issues.

Are you introducing network products or services in China? If so, the Cyberspace Administration of China may want to review your IT.

Do you collect PII on Chinese citizens? You may have compliance mandates similar to the European Union regulations.

Are you involved with cross-border data transfers with China? You may have some breathing room here due to a reported hold on this part of the law…but, then again, maybe not.
Be alert.

Contact us today and we can help adapt your cybersecurity program to new risks like this.

Author: Colleen H. Johnson, Sera-Brynn Senior Cyber Legal Analyst