LCD Display Inverter

On September 30, 2021, the “Administrative Measures for Data Security in the Field of Industry and Information Technology (Trial)” (hereinafter referred to as the “Administrative Measures”) was open to the public for comments. As an important measure to implement the national “Data Security Law” in the field of industry and informatization, the “Administrative Measures” focus on the industry and telecommunications industry, actively respond to the important instructions of the Party Central Committee and the State Council on fully releasing the economic value of data production factors, and closely fit the industry Based on the characteristics of the data security situation and management needs of the telecommunications industry, establish and improve the industry data security management system and mechanism, clarify data protection requirements, and provide rules and guidelines for industrial and telecommunications companies to improve data security management and technical protection measures. Basic compliance.

1. The “Administrative Measures” will provide key directions for the industry and telecommunications industry to respond to internal and external challenges

(1) Industry and telecommunications are the leading areas of my country’s digital transformation

In the telecommunications industry, telecommunications and Internet companies generally have a high degree of digitization, and the data transmission networks and data processing technologies they provide empower thousands of industries; in the industrial field, the digital transformation of industrial enterprises is the key driving force and main position of my country’s industrial digitization. In the process of promoting digital industrialization and digitalization of traditional industries, data plays an extremely important role. The formulation of the “Administrative Measures” to strengthen the data security management of the industrial and telecommunications industries is conducive to accelerating the digital development of the industrial and telecommunications industries and leading the implementation of the national digitalization strategy. has a vital role. The “Administrative Measures” will draw a red line and mark the bottom line for the accelerated large-scale flow of data elements, promote the development of the data security industry, and escort my country’s digital transformation.

(2) The industrial and telecommunications industries face dynamic, complex and multi-source data security challenges

From the perspective of the telecommunications industry, my country has the world’s largest network information facilities and user groups, gathering a large amount of personal information and important data closely related to the national economy and people’s livelihood. In addition, the new generation of information technologies such as cloud computing, big data, and artificial intelligence accelerate innovative applications, and continue to derive New data forms and processing methods are created, which brings continuous accumulation and dynamic changes of data security risks. From the industrial perspective, industrial data has the characteristics of rich data forms and formats, multi-dimensional heterogeneity, and strong real-time performance. It is difficult to apply traditional encryption transmission and other security technologies. Security risks cover the entire life cycle of data, and security protection is difficult. The industry and telecommunications industry urgently needs to accelerate the construction of a data security management system that adapts to the characteristics of industry security challenges from the basic institutional level. The “Administrative Measures” intends to implement key protection of important data and core data by establishing and improving data classification and grading, monitoring, early warning and emergency management, data life cycle security management and other institutional mechanisms, improve data security risk perception and post-event handling capabilities, and strengthen Process security management of data processing activities.

(3) Industry and telecommunications are key areas of global data security management

In recent years, major countries have continuously improved their awareness of the importance of data security, and have formulated and improved relevant legislation based on their own national conditions to strengthen data security management. According to statistics, more than 100 countries and regions around the world have formulated special legislation for data security protection, among which many legislations in typical regions focus on data security protection and effective utilization in the industrial and telecommunications industries. For example, the EU revised the “Electronic Privacy Regulations”, focusing on strengthening the protection of data security in the communications industry, while promoting the release of data value; formulating the “Framework Regulations on the Free Flow of Non-Personal Data in the EU”, focusing on promoting the free flow of machine data such as industrial production and operation and maintenance and exploitation. The industrial and telecommunications industries urgently need to learn from international advanced experience, formulate data security rules that meet the needs of industry development, and serve the healthy and long-term development of my country’s digital economy. Based on the dual goals of ensuring data security and promoting data development and utilization, the “Administrative Measures” intends to lay a solid foundation for strengthening industrial and telecommunications industry data security management by clearly defining the scope of industrial data and telecommunications data and the regulatory mechanism.

2. The “Administrative Measures” will provide important practical compliance for industrial and telecommunications enterprises to implement data security baseline requirements

(1) Further refinement of data classification and hierarchical management rules

Data classification and grading are the foundation and core of data security management for enterprises, and practical guidance is urgently needed. The Cybersecurity Law and the Measures for the Administration of Data Security (Draft for Comment) both involve but have not implemented the requirements for enterprise data classification. The “Data Security Law” establishes a national data classification and grading protection system, but the specific reference standards for data classification and classification, the identification and classification of important data and core data, and the development of important data catalogs still need to be further clarified and refined. The “Administrative Measures” undertake to refine the data classification and grading protection requirements of the “Data Security Law”, and plan to clarify the reference factors for industrial and telecommunications enterprises’ data classification and the specific conditions for data classification, and establish a “minister-local-enterprise” three-level linkage working mechanism. Set up important data and core data filing management system to more clearly outline the overall picture of industry data classification and hierarchical management. In terms of data classification and classification, it is proposed to require industrial and telecommunications enterprises to classify and identify data in accordance with the principle of “classification first and classification later”, fully considering factors such as industry requirements, business needs, data sources and uses, and classify data according to classification conditions. , to form an enterprise data classification list and a catalog of important data and core data, as the basis for the formulation of specific catalogs of important industry data. It can be expected that after the promulgation of the “Administrative Measures”, supporting policy standards such as guidelines for the identification of important data in the industrial and telecommunications industries will be further formulated and improved to provide more practical and clear guidelines for enterprise data classification and classification.

(2) The basic requirements for data life cycle security management are further clarified

Delineating the baseline requirements for data life-cycle security management is crucial for enterprises in the industrial and telecommunications industries to fully balance data security protection and effective utilization. In the era of digital economy, data has become an important production factor and strategic resource for enterprises, and it is necessary to accelerate the flow to promote the full release of economic value under the premise of safety. The “Data Security Law” provides generalized data security management for the whole process, and it is difficult for enterprises to grasp the security baseline requirements for data collection, storage, use, processing, transmission, provision, disclosure, and destruction. The “Administrative Measures” intends to set up a special chapter on data life cycle security management, on the basis of clarifying general data security protection requirements, and further set key requirements for important data and core data, which will strengthen the data life cycle for enterprises in the industrial and telecommunications industries. Security management provides basic security guidelines and promotes data development and utilization.

(3) There are further rules to follow for data security testing and evaluation activities

Implementing data security testing and evaluation is an important measure to improve data security products, service quality and security assurance capabilities in the industrial and telecommunications industries. The “Administrative Measures” intend to implement the relevant requirements of the “Data Security Law” to promote testing and assessment, and regularly carry out risk assessment of important data processing activities, and solidify and upgrade the practical experience of “data security compliance assessment” in the telecommunications industry into rules and regulations. Data security testing and evaluation management system, formulate data security evaluation specifications, clarify specific requirements for risk evaluation and compliance evaluation, further standardize, guide, and encourage industry data security testing and evaluation activities, and support the consolidation and improvement of data security levels in the service industry and telecommunications industry.

3. The “Administrative Measures” will comprehensively improve the level of data security in the industrial and telecommunications industries

In general, the formulation of the “Administrative Measures” fully implements the basic ideas and overall requirements of the national “Data Security Law”, lays the institutional foundation for the industry to respond to the security risks of accelerated large-scale flow of data elements, and makes up the data security foundation for the industrial and telecommunications industries. There are still deficiencies in the sex management system. The “Administrative Measures” will be released in the future, which will guide the industrial and telecommunications industries to accelerate the construction of security assurance systems and security capabilities that are compatible with data production factors, and comprehensively improve the data security level of the industrial and telecommunications industries. We look forward to fully mobilizing industry enterprises, third-party institutions, scientific research institutions, colleges and universities, associations, industry experts and other forces to participate in industry data security management under the guidance of the “Administrative Measures” to create a good ecosystem of multi-party collaborative governance in the industry.