Don't Forget Your Employees

SME´s obligations related to network security
imposed by the CSL
Despite being man datory, these
measures could be s een as guidanc e
for IP protect ion. To protect co ndential
information like tra de secrets you must
take protec tive measures t o avoid the
information being acc essible for third
parties. You can d emonstrate t o the
courts t hat you’ve taken ap propriate
cybersec urity measur es in case of
cyberatt ack by complying wit h the
CSL. Net work Operators can follow the
minimum duties, for e xample, having
an anti-virus soware in place, should
be enough, however CI I Operators need
to follow higher stan dards. Compliance
with local lega l cyber securi ty
standards is sucient for e njoying
legal trade secr et protect ion in China.
Network operators
The CSL stipulates certain obligations regarding network security which you as
a network operator must comply with. All these provisions are dispersed over
the entire legal text but can be summarized in three main categories:
Administration: Network operators are required to clarify responsibilities
within their organisations, and ensure network security by implementing
rules and regulations and operational processes.
For example, you have to formulate internal security management
systems and operating rules; determine persons responsible for
New security technologies: Network operators shall adopt various
technologies to prevent, combat and investigate cyber-attacks to mitigate
network risks.
For example, you have to adopt technical measures for monitoring
and recording network operational statuses and cybersecurity
incidents, and adopt technical measures to prevent computer viruses,
cyberattacks or network intrusions.
Data storage: Network operators shall ensure data availability and
condentiality by backing up and encrypting data.
For example, you are also requested to adopt data encryption and
back-up measures, and store network logs for a minimum of 6
To summarise, Network Operators should build an eective security
administration system, nding rational technical solutions and improving data
protection capabilities, which are expected to be key priorities for network
operators. The Chinese authorities may check whether you are compliant with
the CSL measures, especially in case of a security breach.
In case of breach of such cybersecurity obligations, Chinese authorities can
order corrections, issue warnings and order an external cybersecurity expert
to carry out certication. When corrections are refused, CSL provides for a ne

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT