China’s Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system.
The effort is designed to “improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused by data security incidents, to protect the lawful rights and interests of individuals and organizations, and to safeguard national security and public interests, the department said.
The 25-page document encompasses all incidents in which data has been illegally accessed, leaked, destroyed, or tampered with, categorized them into four hierarchical tiers based on the scope and the degree of harm caused –
The new rules also require affected companies to make an assessment to determine the severity of the incident, and if deemed serious, report it immediately to the local industry supervision department without omitting or concealing any facts, or providing any false information.
“If the local industry regulatory department initially determines that it is a particularly major or major data security incident, it should report it to the Mechanism Office in accordance with the requirements of ’10 minutes by phone and 30 minutes in writing’ after discovering the incident,” the draft rules state.
Based on the response level activated – Red or Orange – the Mechanism Office is expected to report the matter to the MIIT. The draft rules are open for public comments until January 15, 2024.
