China issues draft contingency plan for data security incidents

BEIJING (Reuters) -China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.

The contingency plan comes amid heightened geopolitical tensions with the United States and its allies and follows an incident last year when a hacker claimed to have procured a trove of personal information on one billion Chinese from the Shanghai police.

China’s Ministry of Industry and Information Technology (MIIT) published a detailed draft plan laying out how local governments and companies should assess and respond to incidents.

The plan, which is currently soliciting opinions from the public, proposes a four-tier, colour-coded system depending on the degree of harm inflicted upon national security, a company’s online and information network, or the running of the economy.

According to the plan, incidents that involve losses surpassing 1 billion yuan ($141 million) and affect the personal information of over 100 million people, or the “sensitive” information of over 10 million people, will be classed as “especially grave”, to which a red warning must be issued.

The plan demands that in response to red and orange warnings, the involved companies and relevant local regulatory authorities must establish a 24-hour work rota to address the incident and MIIT must be notified of the data breach within ten minutes of the incident happening, among other measures.

“If the incident is judged to be grave… it should be immediately reported to the local industry regulatory department, no late reporting, false reporting, concealment or omission of reporting is allowed,” MIIT said.

($1 = 7.1070 Chinese yuan renminbi)

(Reporting by Eduardo Baptista Editing by Elaine Hardcastle and Mark Potter)

tagreuters.com2023binary_LYNXMPEJBE0A4-VIEWIMAGE