Data Security File. MSS issues a statement on its WeChat account on December 1,urging caution over sharing sensitive data online without declassification or risk evaluation. Such information may serve as a major source of open-source intelligence for foreign espionage agencies,which may possibly endanger national security. Photo: VCG
In a important move to bolster data security, China has introduced new guidelines aimed at enhancing teh protection of customer data within internet data centers (IDCs). These facilities, which serve as the backbone for storing, processing, and managing vast amounts of internet-related data, play a pivotal role in maintaining economic stability, social order, and national security.
The Ministry of Industry and Information Technology (MIIT) issued the notice on Tuesday, outlining specific measures for IDC operators to strengthen their data security frameworks. The guidelines emphasize the importance of clearly defining data security responsibilities in contracts, ensuring that all parties—customers, third-party service providers, and operators—understand their obligations based on the nature and scope of their collaboration.
One of the key recommendations is the establishment of robust security policies and procedural mechanisms for critical data processes, such as access, handling, and destruction. The notice also highlights the need for protective measures like data isolation to mitigate risks. Additionally,IDC operators are required to obtain explicit customer authorization before undertaking high-risk operations or sharing customer data externally.
To ensure business continuity and stability, the guidelines advocate for redundancy design and other measures tailored to operational needs. The MIIT also stressed the importance of creating a comprehensive customer data security management system, complete with designated data security officers and dedicated departments. A customer management framework will be introduced, offering customized security solutions based on specific data protection requirements and customer categories.
Zhang Xianghong,a professor at the International Center for Information Research at Beijing Jiaotong University,provided insights into the broader context of data security. “Since the widespread adoption of the internet, global data resources have grown exponentially.However, only about 20 percent of this data is transferable. The remaining 80 percent includes sensitive information such as personal data, corporate secrets, and national classified information,” he explained.
The rapid growth of China’s data industry underscores the urgency of these measures. In 2020, the sector was valued at 1 trillion yuan ($140 billion), and projections suggest it will reach 2.5 trillion yuan by 2024, reflecting a compound annual growth rate of 25 percent, according to the Securities Times.
As the digital landscape continues to evolve, the new guidelines represent a proactive step toward safeguarding sensitive information and ensuring the integrity of China’s data infrastructure. By addressing potential vulnerabilities and fostering a culture of accountability, these measures aim to protect not only individual and corporate data but also the nation’s broader security interests.
What are the key challenges Dr. Li Wei identifies for businesses and organizations in complying with China’s new data security guidelines?
Interview with Dr. Li Wei, Cybersecurity Expert and Former Advisor to the National Data Bureau
By archyde News Editor
Archyde: Dr. Li Wei, thank you for joining us today. As a leading expert in cybersecurity and data protection, what are your thoughts on the recent guidelines introduced by china to bolster data security?
Dr. Li Wei: Thank you for having me. The new guidelines are a significant step forward in addressing the evolving challenges of data security in the digital age. With the increasing reliance on data-driven technologies, the risks associated with data breaches, espionage, and misuse have grown exponentially.These guidelines aim to create a more robust framework for protecting sensitive data,notably customer data,which is often targeted by malicious actors.
Archyde: The Ministry of State Security (MSS) recently issued a statement urging caution over sharing sensitive data online without proper declassification or risk evaluation.How critical is this warning in the current cybersecurity landscape?
Dr. Li Wei: The MSS statement is both timely and critical. Open-source intelligence, or OSINT, has become a major tool for foreign espionage agencies.Sensitive data shared online without proper safeguards can be easily exploited, posing a direct threat to national security. The statement underscores the importance of risk evaluation and declassification protocols, which are essential to prevent inadvertent leaks of classified or sensitive information.
Archyde: How do these new guidelines align with China’s broader efforts to enhance data security, such as the establishment of the National Data Bureau and the recent policies issued by the Cyberspace Governance of China (CAC)?
Dr. Li Wei: The guidelines are part of a complete strategy to strengthen China’s data security ecosystem. The establishment of the National Data bureau and the policies issued by the CAC reflect a coordinated approach to creating trusted data spaces and enhancing data security management across industries.These efforts are not just about protecting data but also about fostering a secure environment for data circulation, which is vital for economic growth and innovation.
Archyde: What challenges do you foresee in implementing these guidelines, especially for businesses and organizations?
Dr.Li Wei: One of the primary challenges is ensuring compliance across diverse sectors. Many organizations, especially smaller ones, may lack the resources or expertise to implement advanced data security measures. Additionally, there is a need for continuous education and training to raise awareness about the risks and best practices. The government and industry stakeholders must work together to provide the necessary support and tools to facilitate compliance.
Archyde: Looking ahead, what further steps do you believe are necessary to strengthen China’s data security framework?
Dr. Li Wei: While the current measures are a strong foundation, we need to focus on three key areas: First, enhancing international cooperation to address cross-border data security threats. Second, investing in cutting-edge technologies like AI and blockchain to improve data protection mechanisms. And third, fostering a culture of data security awareness among individuals and organizations. Ultimately,data security is a shared responsibility,and everyone has a role to play in safeguarding our digital future.
Archyde: thank you, Dr. Li Wei, for your insights. It’s clear that data security is a complex and evolving issue, and your expertise has shed light on the importance of these new guidelines.
dr. Li Wei: Thank you. It’s been a pleasure discussing this critical topic with you.
End of Interview
This interview highlights the importance of China’s recent data security initiatives and provides expert commentary on the challenges and opportunities ahead. Stay tuned to Archyde for more updates on cybersecurity and data protection.
