Comments Sought on the Information Security Technology—Guidelines for Security Assessment of Data Cross-border Transfer and Other Five National Standards
Recently, the Secretariat of the National Information Security Standardization Technical Committee ("NISSTC") has issued six national standards, including the Information Security Technology—Guidelines for Security Assessment of Data Cross-border Transfer (Draft for Comment) (the "Draft for Comment) and the Information Security Technology—General Requirements for the Security of Network Products and Services, to solicit opinions from the entities concerned by October 13, 2017.
The Draft for Comment sets forth procedures, key points and methods for the security assessment of the cross-border transfer of personal information and important data, and applies to the assessment made by network operators on their own to look at the security of transferring personal information and important data, as well as the security assessment conducted by the national cyberspace authority and the competent authority of the cyberspace industry for the same purpose. In particular, main points in the assessment of data cross-border transfer should involve evaluations on the legality and justification of such transfer and the risk controllability. In the risk controllability assessment, applicable indicators should include key points for evaluating the nature of personal information, key points for evaluating the nature of important data, capacity of the data provider in security protection, capacity of the data receiver in security protection, and the political and legal environment of the country or region where the data receiver is located.