China's Personal Information Protection Law (PIPL) presents challenges for CISOs

MrGuvernment

Fully [H]
Joined
Aug 3, 2004
Messages
21,770
China, wants to protect personal information? Sounds like a line from Google, sure, protect it for themselves so only they have it.....but of course then mine every citizens data at every chance they can..I mean, to be fair, every country (well most) want this type of control / data on every citizen with in their borders...

China's Personal Information Protection Law (PIPL) presents challenges for CISOs
https://www.csoonline.com/article/3...n-law-pipl-presents-challenges-for-cisos.html

First announced in August 2021, it was clear entities with a China footprint were faced with the dilemma: Comply or face the consequences.

The four stated objectives of the PIPL are:
  • Protect the rights and interests of individuals
  • Regulate personal information processing activities
  • Safeguard the lawful and "orderly flow" of data
  • Facilitate reasonable use of personal information

Protect the rights of individuals, that's funny coming out of China..
 
China, wants to protect personal information?
You're misunderstanding, it wants to protect personal information from 3rd party companies, not from the country itself. They'll happily stop Facebook, Tiktok, etc from collecting your info and they'll have regular audits to look at all their collected information to see if you're complying, but they'll still totally keep tabs on you.
 
Honestly, after reading their proposal I would more than welcome such initiatives over here.

To comply with the laws any individual must have access to all parties their data is given or sold to.
Companies are obligated to protect the data they collect from leaks and imposes pretty strict penalties on companies who fail to protect that data

The law defines “personal information” as all kinds of information relating to identified or identifiable natural persons recorded by electronic or other form, excluding anonymized information. “Processing of personal information” includes, among other things, the collection, storage, use, refining, transmission, provision, public disclosure and deletion of personal information.

I mean yeah there is a lot in there that you would expect from the Chinese government about making sure they have access to collected data and which government agencies will be organizing the blah blah blah, but there is a lot of stuff in there I could get behind.

But it is a big law, 74 Articles spread over 8 chapters.
 
Lakados def, we need actual privacy laws in North America around this stuff, but with the money big tech companies lobby around with, not likely to happen any time soon.
 
MrGuvernment , it also covers how employers must act to protect their employee's data, payroll, cellphones, student information systems for Chinese minors studying abroad. I am going to have to look into this a little as we do have some exchange students.

Interestingly though they do consider firewall logs that contain IP addresses to be personal information as an IP address can be used to trace back to an individual location.

They also cover a number of loopholes American companies have been using to avoid responsibility, such as if you store personal data on a Google Drive or an Amazon host and that data gets leaked while Google or Amazon may have their own ramifications for the leak, the company who chose to use those services is responsible to that data's safety so they are ultimately to blame. Where here its been a common argument that it's not Company X's fault because they weren't breached it was Google/Amazon.
 
Lakados It does sound great and if upheld, which we know China will against any external companies or companies it does not...prefer. To have such broad spectrum of laws to cover our personal data and make those who hold it 100% liable, I am all on board with that.
 
You're misunderstanding, it wants to protect personal information from 3rd party companies, not from the country itself. They'll happily stop Facebook, Tiktok, etc from collecting your info and they'll have regular audits to look at all their collected information to see if you're complying, but they'll still totally keep tabs on you.
How ironic it is that a Communist nation shows how malicious these megacorps are, not that they are any better.
One massive thief telling the other boss thieves to stay our of their den.
 
How ironic it is that a Communist nation shows how malicious these megacorps are, not that they are any better.
One massive thief telling the other boss thieves to stay our of their den.
It's basically the guy holding the biggest puzzle piece telling the others to play nice because they are more than willing to take it all and go home. China is still a massive growth economy and losing access there would be a hit shareholders would feel.
 
Back
Top