December 16, 2023Ministry of Industry and Information Technology(MIIT) released a draft recommendation on Friday detailing the steps needed to implement thedata security law》《Industrial and information technology fieldsData Security Management Measures(Trial)" plan.
The Ministry of Industry and Information Technology stated:
This work aims to "increasedata security incidentcomprehensive response capabilities to ensure timely and effective control, mitigation and eliminationData Securityharm and losses caused by the incident, protect the legitimate rights and interests of individuals and organizations, and safeguard national security and public interests. "
The 25-page document covers all incidents in which data is illegally accessed, leaked, destroyed or tampered with, and is divided into four levels based on the scope and degree of harm caused:
red:Especially serious, applicable to large-scale shutdowns, serious loss of business processing capabilities, serious abnormal conditions that cause interruptions for more than 24 hours, major radio interference for more than 24 hours, economic losses of 1 billion yuan, or affecting more than 100 million peoplepersonal informationor more than 10 million peopleSensitive personal information.
orange color:Major, applicable to downtime and operation interruption for more than 12 hours, major radio interference for more than 12 hours, economic loss of 100 million to 1 billion yuan, or affecting the personal information of more than 10 million people or the sensitive personal information of more than 1 million people.
yellow:Larger, suitable for business interruption lasting more than 8 hours, major radio interference occurring for more than 8 hours, economic losses between 50 million yuan and 100 million yuan, or affecting the personal information of more than 1 million people or more than 100,000 sensitive individuals information.
blue:Generally, it applies to minor incidents that cause operational interruption of less than 8 hours, economic losses of less than 50 million yuan, or affect the personal information of less than 1 million people or the sensitive personal information of less than 100,000 people.
The new regulations also require affected companies to assess the severity of the incident and, if deemed serious, report it immediately to local industry regulators.
The local industry regulatory authorities initially determined that it was extremely important and major.Data SecurityIf an incident occurs, it should be reported to the Mechanism Office in accordance with the requirements of 10 minutes of telephone reporting and 30 minutes of written reporting after the incident is discovered. The draft rules provide.
Depending on the response level initiated (red or orange), the mechanism office shall report to the Ministry of Industry and Information Technology.
The draft rules are open for public comment until January 15, 2024.
analyze
This move by the Ministry of Industry and Information Technology shows that it is committed to strengthening data security protection. The Data Security Management Measures in the Industrial and Information Technology Sector (Trial) will enable the government to respond to data security incidents more effectively and ensure that individuals and organizationsinformation security.
The specific implementation details of this standard specification will be determined after soliciting public comments. However, judging from the current draft, the system has the following characteristics:
Classification: Dividing incidents into four levels based on the scope and degree of harm they cause will help the government formulate targeted response measures.
Timely reporting: Affected companies should immediately report data security incidents to local industry regulators, which will help the government understand the incident situation and take action as early as possible.
Government-led: The mechanism office established by the government will be responsible for coordinating all parties to respond to data security incidents, which will help ensure the smooth progress of the response work.
Overall, this move by the Ministry of Industry and Information Technology is positive and will help improve data security levels.
Official reference:
https://www.miit.gov.cn/gzcy/yjzj/art/2023/art_7c903aac87514e26b2dbbc42f5e60347.html
Original article by SnowFlake, if reproduced, please credit https://cncso.com/en/miit-releases-data-security-incident-emergency-plan-html