In response to growing concerns about data security and cyber threats within its borders, China has introduced a comprehensive four-tier classification system to effectively address and manage data security incidents. The move reflects Beijing’s increasing apprehension over large-scale data leaks and cyber attacks, especially against the backdrop of heightened geopolitical tensions with the United States and its allies.
Detailed Draft Plan Unveiled by Ministry of Industry and Information Technology
China’s Ministry of Industry and Information Technology (MIIT) recently unveiled a detailed draft plan, currently open for public input, outlining how local governments and companies should assess and respond to data security incidents. The plan introduces a four-tier, color-coded system that categorizes incidents based on the severity of harm inflicted on national security, a company’s online and information network, or the overall economy.
According to the proposed classification, incidents causing losses exceeding 1 billion yuan ($141 million) and impacting the personal information of over 100 million people, or “sensitive” information of over 10 million people, will be classified as “especially grave.” In such cases, a red warning must be issued.
Immediate Response Mandates and Stricter Reporting Protocols
The plan outlines specific mandates for responding to incidents flagged with red and orange warnings. In such cases, involved companies and relevant local regulatory authorities are required to establish a 24-hour work rota to promptly address the incident. Additionally, MIIT must be notified of the data breach within ten minutes of its occurrence, accompanied by other prescribed measures.
The MIIT emphasized the gravity of the situation, stating, “If the incident is judged to be grave, it should be immediately reported to the local industry regulatory department; no late reporting, false reporting, concealment, or omission of reporting is allowed.”
So What’s Next?
China’s proactive step in proposing this data security classification system comes in the wake of a significant incident last year, during which a hacker claimed to have obtained a vast amount of personal information on one billion Chinese citizens from the Shanghai police. The geopolitical landscape, marked by tensions with the United States and its allies, has further fueled China’s commitment to safeguarding its digital infrastructure.
As the draft plan awaits public feedback, it reflects China’s recognition of the need for a robust response mechanism to protect against cyber threats and data breaches. The stringent measures outlined in the proposed system underscore China’s determination to ensure data security and safeguard sensitive information in an era where digital vulnerabilities pose significant challenges.