SCIO briefing on China's development of industry and information technology in H1 2021
0 Comment(s)
Print
E-mail China.org.cn, July 22, 2021
Yicai:
We all know that everybody is now concerned about data security. What specific work has the MIIT implemented in data security management this year? In addition, the MIIT recently said that it will establish a sound management mechanism and technical protection system for data security protection and strictly enforce every step from the collection and storage to flow and use of data resources. Could you tell us how exactly these tools will be implemented? Thank you.
Tian Yulong:
Thank you for your questions. Please let Mr. Zhao Zhiguo answer your questions.
Zhao Zhiguo:
Thank you for your questions. Data is one of China's basic strategic resources and features several important production factors. General Secretary Xi Jinping has emphasized that the country's data security must be effectively guaranteed. Based on its responsibilities, the MIIT has steadily promoted data security management in the information and communication industry, issued the guidelines for the construction of data security standard systems in the telecommunications and internet industries, published a number of industry standards such as the classification of online industry data and the identification of important data, launched a special campaign to improve the capabilities for protecting online industry data, issued the "Key Points of Compliance Assessment on Online Data Security of Telecom and Internet Enterprises (2020)," established a public service platform for online data security, strengthened industry data security supervision and inspection in accordance with the law, and organized 133 enterprises including Tencent and Baidu to sign data security self-discipline conventions. We have also guided enterprises to implement their main responsibilities, carried out trials and demonstrations, and strengthened the research and development, promotion, and application of key data security technologies. It is fair to say that we have undertaken a series of tasks to ensure the implementation of these key points.
Next, the MIIT will carry out work in the following areas in accordance with its responsibilities under the framework of relevant laws and mechanisms, which are: industry data security supervision, improving data security supervision capability building, and promoting the development of the data security industry.
First, we will introduce a data security management system. We will speed up the formulation of data security management policies in the industrial and information fields to better facilitate the implementation of the "Data Security Law" among industries. We will carry out related work such as the classification of industry data, the development of important data catalogs, build a standard system in the field of industry data security, and formulate important data security standards in the fields of the internet of vehicles (IoV) and the industrial internet.
Second, we will establish a data security certification system. We will organize research on the data security protection certification system and formulate assessment specifications for industry data security protection capabilities. We will establish an evaluation and certification mechanism involving industry organizations, scientific research institutions, and key enterprises to guide related certification work.
Third, we will carry out data security supervision and inspections. We will combine security assessments of basic telecommunications enterprises with "Two Randoms and One Disclose" inspections (that is, during the supervision process, the inspection objects are randomly selected, law enforcement inspectors are randomly selected, and the results of random inspections and investigation will be disclosed to the public in a timely manner) and other regulatory methods to establish and improve the industry's acceptance mechanism for complaints and reports, and urge enterprises to implement obligations of data security protection. We will establish mechanisms for monitoring and reporting industry data security situation and improve capacity building for risk information analysis, study, and handling.
Fourth, we will promote the development of the data security industry and support breakthroughs in key data security technologies through measures such as building key laboratories and innovative technology centers. We will cultivate backbone enterprises through multiple channels such as supporting the leading champion in a certain field, supporting "specialized, refined, distinctive, and innovative" small- and medium-sized enterprises, as well as integrating industry and finance. We will explore the development of disciplines related to data security and encourage colleges and enterprises to jointly cultivate data security talent.
Go to Forum >>0 Comment(s)