Draft rules to improve data security released
China's central bank released draft rules on Monday to strengthen data security management in the financial sector, a necessary move that experts said will help complete the country's financial safety net as data security emerges as a rising priority.
The People's Bank of China, the nation's central bank, said the new rules are aimed at getting financial institutions to fulfill their obligation of data protection and guiding them to process the data generated or collected via their business activities, which are regulated by the PBOC, in compliance with laws and regulations.
Activities of financial institutions that occur within the borders in areas such as interbank market trading, payment and clearing, and anti-money laundering will be subject to the draft rules, no matter whether the institutions are domestic or foreign-funded.
The draft rules, soliciting public opinions through Aug 24, require financial institutions to establish and improve their data classification system and implement data protection that is differentiated accordingly and covers all data processing activities.
Accountability procedures for non-compliant data processing should be strengthened, the rules said, and security risk monitoring and alert mechanisms for data processing should be established.
"Overall, the new rules have solidified the foundation for financial security and stability in a way that suits the accelerated development of financial digitalization," said Yang Haiping, a researcher at the Central University of Finance and Economics' Institute of Securities and Futures.
Yang said the rules will help fend off the risk of cyberattacks in the financial industry, avoid the abuse of data in innovative financial services and strengthen consumer rights protection by putting into place the requirements of relevant laws and regulations.
The central bank said the new rules are fully in line with the Data Security Law, which came into force in 2021 and requires authorities in sectors such as finance, telecommunications and transportation to shoulder the duty of data security regulation in their corresponding industries.
The new rules have specified the bottom line requirements for data security compliance of activities regulated by the central bank and therefore, filled the administrative vacuum in this respect, it said.
Cross-border data security in the financial sector is also stressed by the new rules. Data collected within the country, if required by laws and regulations, will be stored domestically, and financial institutions shall not provide their data, stored domestically, to international organizations and foreign financial authorities without the approval of the central bank and other relevant regulators.
Yang said the requirements regarding cross-border data security are in line with international practices and will help ensure China's national security by preventing foreign financial attacks.
Dong Ximiao, chief researcher at Merchants Union Consumer Finance Co, said: "The rollout of the rules is timely and necessary. The financial industry is a data-intensive sector, and data is crucial for financial development, innovation and security."
First, please LoginComment After ~