The cyber authority of China has released a draft that mandates every firm that exports to undergo an annual security assessment. The step is undertaken to safeguard data from different types of cyber threats and even cyber terrorism.
According to the new draft from the Cyberspace Administration of China (CAC), any business or organization transferring data of over 1 terabyte or has information affecting more than 500,000 users will be assessed on its security measures. It would also assess information on its potentiality to harm national interest of the country.
The draft which is open for public comment until May 11, also mandates organizations to obtain consent from users before transmitting data beyond borders. This is extension of the legislation passed in November, 2016, which formalized a range of controls on firms that handle data in industries, the government deemed critical to national interests.
The business associations had criticized the law, calling it ‘vague’ and stringent for foreign companies who seek expansion.
This also follows the proposed law which rewards citizens with $1,500 to $73,000 on information on suspected spies.
Under the rules released, sensitive geographic data such as information on marine environments would also be subject to scrutiny. Destination countries and the likelihood of oversees tampering would also be factored in to any assessments.