Build a strong data security line of defense and promote the improvement of the review system
——Interpretation of the highlights of the newly revised “Measures for Cybersecurity Review”
Guangming.com reporter Li Zhengwei
Recently, thirteen departments including the Cyberspace Administration of China jointly issued the revised “Measures for Cybersecurity Review” (hereinafter referred to as the “Measures”). As an important revision after its implementation in June 2020, the “Measures” both implement the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China, and the Security Protection of Critical Information Infrastructures. The effective practice of a series of laws and regulations such as the Regulations is also an important measure to continuously improve the national cybersecurity review system and adapt to the new international and domestic cybersecurity situation. .
Focus on new risk situations and revise detailed rules to keep pace with the times
The latest report of the National Internet Emergency Response Center pointed out that in recent years, the security situation of the supply chain of network products and services has become more and more severe, and malicious activities such as information theft, attack and destruction of key information infrastructure have continued to increase, and network attacks on data and data abuse have become increasingly serious problems. , data security risks will become more prominent.
“In order to adapt to the new situation of international and domestic network security and promote the stable and healthy development of the platform economy, timely revision and adjustment of the system reflects the trend of continuous development of the system, and the continuous improvement of the network security review system will help safeguard the country. make greater contributions to security,” said Qi Yue, an engineer at the China Cybersecurity Review Technology and Certification Center.
The reporter noticed that while expanding the scope of the review, the revision of the Measures also made appropriate adjustments to the working mechanism and workflow of the review. Adjustments include: adding the CSRC as a member of the cybersecurity review working mechanism, clarifying that the time when the cybersecurity review office receives qualified application materials is the review start time, adding listing application documents as part of the listing review application materials, increasing listing activities brought The data security risk is one of the factors considered as national security risk, and the working time limit of special review is extended to 90 working days. Qi Yue believes that, on the whole, the review mechanism and process continue to use the original review system framework, and targeted optimization has been carried out for the change of the new inclusion in the foreign listing review, and the review system has been continuously improved in practice.
Include significant data processing activities in the review
As a major Internet application country, my country has many Internet platforms of various types, including Internet platforms that provide the society with basic services such as financial payment and communication, as well as domain-based Internet platforms that focus on audio-visual, job hunting, taxi-hailing, freight, and shopping.
Tang Wang, a senior engineer at the China Cybersecurity Review Technology and Certification Center, said that these platforms may hold a large amount of personal data of citizens, or hold monopolistic user information in one field. Once the data held by the Internet platform is leaked, it will seriously endanger the security of citizens’ personal information and provide convenience for criminals to conduct fraud, illegal marketing and other activities. Even a targeted analysis of personal information in some specific fields can obtain sensitive information about my country’s social and economic operations, and once it is leaked, it will affect national security.
According to Liu Jinfang, an engineer at the China Cybersecurity Review Technology and Certification Center, two aspects have been added to the national security risk factors that cybersecurity review focuses on assessing. The risk of use and illegal exit; the second is to focus on assessing the risk of key information infrastructure, core data, important data or a large amount of personal information being influenced, controlled and maliciously used by foreign governments.
More standardize the review of online platforms going abroad for listing
Listing is of special significance to Internet platforms. With the accelerated pace of economic globalization, the number of Chinese enterprises that choose to go abroad for listing and financing has gradually increased. “Enterprises that go public abroad mainly come from the fields of e-commerce, travel, recruitment, education, logistics and other data-heavy assets, and often have a large amount of domestic user data.” Qi Yue believes that one of the highlights of the revision of the “Measures” is that the network platform The operator’s listing abroad is included in the cybersecurity review.
The revision of the “Measures for Cybersecurity Review” this time focuses on the requirement that “online platform operators who have the personal information of more than 1 million users to go public abroad must report to the Cybersecurity Review Office for cybersecurity review”. Tang Wang believes that this point has carried out a sufficient risk assessment at the national security level for Internet platforms that plan to go public abroad. Once it is found that the platform violates the national network security and data security requirements, and there is a risk at the national security level, it will be prohibited to go abroad. Listing, this will also effectively resolve the national security risks brought by Internet platforms going abroad for listing, and increase the attention of the whole society to network security and data security.
“Guangming Daily” (February 19, 2022 03 edition)