The new China Cybersecurity Law (CSL) is set to take effect on 1 June 2017, putting more emphasis on personal information security, cybercrime, network product and service security, obligations of network operators and sovereignty rights.
There have been various draft regulations and papers published over the past year and organisations have had to deal with complex realities from multiple regulators, jurisdiction discrepancies, multi-layered rules, broad definitions and interpretation of various related legislations.
Although the law is set, detailed guidelines are still evolving and yet to be published. However, the consequences of non-compliance are very real including both corporate and personal liabilities such as suspension of business, civil liabilities, criminal liabilities, revocation of licenses, cease and desist. For example, in 2016, local enforcement shut down 51 websites and 423 online programmes in Guangdong. In Zhejiang, 113 websites were shut down, imposed criminal liabilities on 224 persons and 158 persons for administrative liabilities.
In response to the new legislation, PwC Hong Kong hosted a China Cybersecurity Law seminar on 21 March 2017 in Hong Kong, presented by Cybersecurity Partners of PwC Hong Kong Chun Yin Cheung and Kok-Tin Gan, Risk Assurance Partner of PwC Hong Kong Kenneth Wong, and David Tiang Partner of Tiang & Co.
The seminar covered various topics with CY and David giving an overview of the legislation journey, its goals, the regulatory bodies involved, consequences and real examples of non-compliance as well as a deeper dive into the definitions of “important business data” and scope of jurisdiction impacting most industries. After, there was a panel discussion which included the addition of Kenneth and Kok-Tin. It was an interactive discussion with audience mostly interested in the business critical impact of the law and determining the best way to operationalise the strategy to comply with the new law.
Furthermore, the team also provided some practical considerations and came up with 6 key points to help organisations minimise risks and localise policies and procedures to meet the requirements. 6 key points include:
The seminar was held successfully. Around 50 companies and over 70 clients from a range of industries attended the seminar.