Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Similar documents
Cyber Security Law --- Are you ready?

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

NYDFS Cybersecurity Regulations

Distribution in the New Digital World: The EU s Digital Single Market Strategy. Peter Meyer George Morris Ajit Kainth

Cyber Crime Seminar 8 December 2015

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Cyber Risks in the Boardroom Conference

GDPR compliance: some basics & practical to do list

GDPR is coming in less than 2 months Are you ready?

The GDPR Are you ready?

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Application for Certification

Enterprise resilience and the role of Standards

POSITION DESCRIPTION

GDPR: A QUICK OVERVIEW

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Knowledge Portal User Guide (Interactive PDF)

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

China s New Cybersecurity Law

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

PRIVACY NOTICE BACKGROUND:

Hacking and Cyber Espionage

Canada Life Cyber Security Statement 2018

Cyber Threat Landscape April 2013

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Top Five Privacy and Data Security Issues for Nonprofit Organizations

The Role of the Data Protection Officer

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA

Digitalisation of Companies: What an in-house counsel needs to know

Hong Kong s Personal Data (Privacy) Ordinance

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Dealing with Security and Security Breaches

EU General Data Protection Regulation (GDPR) Achieving compliance

Key issues for digital product distribution and online sales in the EU. Charles Bankes Peter Meyer Ombline Ancelin Ajit Kainth

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

How to Prepare a Response to Cyber Attack for a Multinational Company.

Table of Contents. PCI Information Security Policy

Moving from Prevention to Detection March 2017

Cyber Security Incident Response Fighting Fire with Fire

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Public vs private cloud for regulated entities

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Cybersecurity Risk Oversight: the NIST Framework and EU approaches

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Error! No text of specified style in document.

DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA

Motorola Mobility Binding Corporate Rules (BCRs)

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

The CERT Top 10 List for Winning the Battle Against Insider Threats

Data Protection and GDPR

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

GENERAL PRIVACY POLICY

Survey - Governance, Risk and Compliance

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Regulating Cyber: the UK s plans for the NIS Directive

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

SECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011

GDPR Compliance. Clauses

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

HBW LAW LTD T/A HESELTINE BRAY & WELSH

The Impact of Cybersecurity, Data Privacy and Social Media

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Responsible Officer Approved by

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

Registration guide for VW rating clients

Cyber security and awareness for non-financial services. 24/25 May 2017

Third-Party Cyber Risk Management Webinar May 23, 2017

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

M&A Cyber Security Due Diligence

TERMS AND CONDITIONS FOR THE USE OF THE WEBSITE AND PRIVACY POLICY

WORKSHARE SECURITY OVERVIEW

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

Best Practices for Campus Security. January 26, 2017

KSi Malta Privacy Policy

How Secure is Blockchain? June 6 th, 2017

Security Takes Center Stage

Cyber Security Strategy

PRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Privacy Policy. (GDPR compliance)

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Level 4 Diploma in Computing

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

GDPR and the Privacy Shield

ISACA Cincinnati Chapter March Meeting

BHConsulting. Your trusted cybersecurity partner

China s New Cybersecurity Law: Data Protection, Data Transfer and Breach Investigations in the World s Second Largest Economy

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

Minimum Requirements For The Operation of Management System Certification Bodies

University of Liverpool

Transcription:

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016

The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1

World Internet Conference (2016) 2 / L_LIVE_APAC1:5433168v1

Content Overview of Cyber Security Law Duties to maintain network security Duties to prevent cyber crimes Data protection obligations Practical suggestions in managing cyber risks 3 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law 4 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law Historical Review (1) Back to 1994 Innovativeness v.s. Protectionism Sector-specific rules 5 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law Historical Review (2) 6 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law Content (1) National Security Law Industry-specific rules Piecemeal Data Protection Rules Cyber Security Law Practice 7 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law Content (2) Development of cyber security technology Security duties of network operators Extra duties of operators of critical information infrastructure Personal data protection Obligations to cooperate with government against cyber crimes 8 / L_LIVE_APAC1:5433168v1

Overview of Cyber Security Law Looking into future MPS CAC MIIT Industry Regulators 9 / L_LIVE_APAC1:5433168v1

Duties to maintain network security 10 / L_LIVE_APAC1:5433168v1

Duties to maintain network security Definition of network operator Owner Administer Service provider 11 / L_LIVE_APAC1:5433168v1

Duties to maintain network security Burdens applicable to a network operator Managerial measures Risk management policy Contingency plan Retention of network operation records Technical Measures To prevent hacks and viruses, and to monitor network operations To address known risks Report and communications To report cyber security incident to the government and affected customers To report cyber crimes 12 / L_LIVE_APAC1:5433168v1

Duties to maintain network security Extra burdens applicable to critical network operator What are critical networks? public communications, information services, energy, public transportation, water conservancy, finance, public services, and electronic services from government Others Extra burdens Background check Training and drills Back-up Restrictions on procurement Requirements for outsourcing Location of data storage 13 / L_LIVE_APAC1:5433168v1

Duties to prevent cyber crime 14 / L_LIVE_APAC1:5433168v1

Duties to prevent cyber crime Cooperation with government on crime investigation Verification and record of real identity Record of network usage behaviours Technical support to government 15 / L_LIVE_APAC1:5433168v1

Duties to prevent cyber crime Take-down on knowledge; safe-habour 16 / L_LIVE_APAC1:5433168v1

Data protection obligations 17 / L_LIVE_APAC1:5433168v1

Data Protection Scope of protection Data collected by network operators Electronic data User data in telecoms services Consumer data Employee data 18 / L_LIVE_APAC1:5433168v1

Data Protection Data protection requirements Information Consent Necessity Security Verification of real identity Communication 19 / L_LIVE_APAC1:5433168v1

Data Protection To apply the data protection requirements to practice Data collection Collection through Apps Collection through distributors Data transfer Data transfer to third party processors Data transfer outside of China Data transfer as a result of business disposal Data retention Deletion of personal information Data retention after cessation of services 20 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks 21 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Hints IT risk management plan Management of distributor/supplier/contractor Legitimate IT infrastructure Incident management 22 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks IT risk management plan (1) External service provider Directors and senior management IT Business Legal HR 23 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks IT risk management plan (2) Understand the business process Data classification Information flow Human inference Risk identification Technical risks Behavioural risks Risk mitigating measures Proactive measures Remedial measures Policy implementation Consultation and publication Policy management Training Policy Documentation To be consistent with global policy Translation Policy Review To address business concerns To meet statutory requirements 24 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Management of distributors/suppliers/contractors Due diligence Technical Commercial Legal Compliance with statutory requirements Management of service levels Responding time Resolution time Switch of IT platform / service provider 25 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Legitimate IT infrastructure (1) Software and Hardware Network structure Network access permission Administration on encryption technology Procurement restrictions China gateway Certified ISP 26 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Legitimate IT infrastructure (2) Typical network structure Personal Terminal Company Server Access Network Internet 27 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Legitimate IT infrastructure (3) Alternative network structure --- legitimate? Personal Terminal Company server Offshore server Access Network Internet 28 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Incident management (1) Incident appraisal Communication management Adoption of remedial measures Allocation of resulting liabilities Team formation 29 / L_LIVE_APAC1:5433168v1

Practical suggestions in managing cyber risks Incident management (2) IT Risk Planning Team Incident Management Team 30 / L_LIVE_APAC1:5433168v1

Q&A Xun Yang Of Counsel, Shanghai T: +86 86 21 6171 9313 M: +86 186 21001091 E: xun.yang@simmons-simmons.com Xun advises on commercial, regulatory and intellectual property matters with a particular focus on life science, financial services and telecoms sectors. He has significant experience in advising on technology transactions, IT services, outsourcing, IP protections, data privacy, and investment in sensitive sectors. 31 / L_LIVE_APAC1:5433168v1

32 / L_LIVE_APAC1:5433168v1

simmons-simmons.com elexica.com This document is for general guidance only. It does not contain definitive advice. SIMMONS & SIMMONS and S&S are registered trade marks of Simmons & Simmons LLP. Simmons & Simmons is an international legal practice carried on by Simmons & Simmons LLP and its affiliated practices. Accordingly, references to Simmons & Simmons mean Simmons & Simmons LLP and the other partnerships and other entities or practices authorised to use the name Simmons & Simmons or one or more of those practices as the context requires. The word partner refers to a member of Simmons & Simmons LLP or an employee or consultant with equivalent standing and qualifications or to an individual with equivalent status in one of Simmons & Simmons LLP s affiliated practices. For further information on the international entities and practices, refer to simmonssimmons.com/legalresp. Simmons & Simmons LLP is a limited liability partnership registered in England & Wales with number OC352713 and with its registered office at CityPoint, One Ropemaker Street, London EC2Y 9SS. It is authorised and regulated by the Solicitors Regulation Authority. A list of members and other partners together with their professional qualifications is available for inspection at the above address. 33 / L_LIVE_APAC1:5433168v1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback