China issues draft plan for data security incidents
BEIJING: China on Friday (Dec 15) proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.
The plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed to have procured a trove of personal information on one billion Chinese from the Shanghai police.
The ministry of industry and information technology published a detailed draft plan laying out how local governments should assess and respond to incidents.
The plan, which is currently soliciting opinions from the public, proposes a four-tier, colour-coded system depending on the degree of harm inflicted upon national security, a company’s online and information network, or the running of the economy.
According to the plan, incidents that involve losses surpassing 1 billion yuan (US$141 million) and affect the personal information of over 100 million people, or the “sensitive” information of over 10 million people, must be classed as “especially grave”, to which a red warning must be issued.
The plan demands that in response to red and orange warnings, the involved companies and relevant local regulatory authorities must establish a 24-hour work rota to address the incident, among other measures.
Source: CNA