China to make holders of more than 1 million users’ data get annual audits
CHINA’S cyberspace regulator issued on Thursday (Aug 3) draft rules requiring service providers that hold data on more than 1 million people to undergo at least one compliance audit a year, another step in efforts to control data and information.
Infrastructure information providers or services that process data of more than one million users must undergo a security review conducted by an agency appointed by the regulator if they are supplying data overseas, the Cyberspace Administration of China (CAC) said in its draft.
The appointed compliance agency must also evaluate services that own the data of more than 100,000 users, or those with sensitive data of more than 10,000 users, the CAC said.
Services that hold data of fewer than 1 million users must undergo a personal information compliance check at least once every two years, the CAC said.
China has in recent years tightened controls on data and information, especially data and information that flows abroad.
Legislators in April passed a wide-ranging update to anti-espionage legislation, banning the transfer of information related to national security and broadening the definition of spying.
GET BT IN YOUR INBOX DAILY
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
The CAC last year required platform companies with data on more than 1 million users to undergo a security review before listing their shares overseas. REUTERS
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
International
Cut aid for livestock farms to help climate fight, World Bank says
PM Modi votes as India’s marathon election heats up
US, Chinese climate negotiators meeting on greenhouse gas curbs
Japan’s service activity extends gains on solid demand, PMI shows
Australia’s retail sales volumes fall 0.4% in Q1
Xi bristles at criticism of China over the war in Ukraine