Economic Observation: How to ensure security compliance with data outbound?

[Economic Observation] How to ensure security compliance with data outbound?

Reporter Yang Zhaokui

On July 7, the National Internet Information Office announced the "Measures for Evaluation of Data Outbound Security" (hereinafter referred to as the "Measures"), which will be implemented from September 1 this year. The relevant person in charge of the State Cyber ​​Information Office stated that the "Measures" aims to implement the provisions of the network security law, data security law, and personal information protection law, standardize data outbound activities, protect personal information rights, safeguard national security and social public interests, and promote the promotion Data cross -border security and free flow, effectively keeping the development of security and promoting security with development.

In recent years, with the booming development of my country's digital economy, data cross -border activities have become increasingly frequent, and data processor's data outbound demand has grown rapidly. At the same time, due to the differences in the legal system and protection level of different countries and regions, the risk of data outbound security is also prominent.

To this end, my country has accelerated the improvement of the data outbound security management system. Since 2016, it has successively introduced laws such as network security law, data security law, and personal information protection law, and basically established the top -level legal system for data governance. However, experts point out that the above laws do not refine the data outbound evaluation specifications, leading to lack of specific implementation rules for security assessment in the practice of data outbound.

Xin Yongfei, director of the Institute of Policy and Economic Research Institute of China Information and Communication Research, said that the introduction of the "Measures" clarifies the most important "security assessment" methods in data outbound management, and realized the implementation of regular legislation. Important supporting rules of design.

The "Measures" stipulates 4 situations that should declare data outbound security assessments, including data processors with important data, key information infrastructure operators and processing data processors with more than 1 million personal information to provide personal information to the abroad, From January 1st last year, data processors with a total of 100,000 personal information or 10,000 sensitive personal information have been provided to overseas personal information and other situations required to declare data outbound security assessment stipulated by the national network information department.

"Looking at various types of data security, it can be seen that important data such as key information infrastructure data is not only the most sensitive, but the data is the most extensive, covering all aspects of the national economy and people's livelihood. It is very important to be illegally obtained and illegally used to bring serious threats to national security. Therefore, the "Measures" clearly and define the scope of data that requires declaration and assessment is very important. Work is of great significance. "Said Sun Xiaolei, deputy director and researcher of the Institute of System Analysis and Management of the Science and Technology Strategy Consultation Research Institute of the Chinese Academy of Sciences.

The "Measures" put forward specific requirements for data outbound security assessment, stipulating that data processors shall carry out self -assessment of data outbound risk before reporting data outbound security assessment and clarify key evaluation matters. The data processor clearly stipulates the liability obligations of data security protection in the legal documents set up with an overseas receiving party, and the situation that affects data outbound security during the validity period of the data outbound security assessment shall be re -approved.

"The" Measures "adheres to the paidity of security and development, clarify the process and requirements of data outbound security assessment, and has a very important institutional value and practical significance for standardizing and promoting the orderly flow of data in accordance with the law, marking a key step in the practice of the rule of law in my country's data governance. "Xin Yongfei said that the" Measures "improved industrial expectations through the rule of law, provided standardized guidelines, which is conducive to the orderly implementation of data outbound activities, ensure data security outbound, and promote the formation of an important model and path for the formation of a digital economy cycle.

Kong Deliang, vice president of Qi Anxin Group, said that the "Measures" clarified the requirements and rules of supervision, and enterprises will be clearer for the overall construction of data security. After clarifying the regulatory rules, enterprises urgently need to make up shortcomings to give priority to ensuring the security protection of data security. Driven by the requirements of compliance and the willingness of the enterprise, the estimated data security service market space will start from 10 billion yuan.

- END -