China’s Ministry of Trade and Info Know-how (MIIT) on Friday unveiled draft proposals detailing its plans to sort out knowledge safety occasions within the nation utilizing a color-coded system.
The hassle is designed to “enhance the excellent response capability for knowledge safety incidents, to make sure well timed and efficient management, mitigation and elimination of hazards and losses attributable to knowledge safety incidents, to guard the lawful rights and pursuits of people and organizations, and to safeguard nationwide safety and public pursuits, the division mentioned.
The 25-page doc encompasses all incidents through which knowledge has been illegally accessed, leaked, destroyed, or tampered with, categorized them into 4 hierarchical tiers primarily based on the scope and the diploma of hurt triggered –
- Crimson: Stage I (“particularly important”), which applies to widespread shutdowns, substantial lack of enterprise processing functionality, interruptions arising as a consequence of critical anomalies lasting greater than 24 hours, prevalence of main radio interference for greater than 24 hours, financial losses 1 billion yuan, or impacts the non-public info of over 100 million individuals or delicate private info of greater than 10 million individuals
- Orange: Stage II (“important”), which applies to shutdowns and operational interruptions lasting greater than 12 hours, prevalence of main radio interference for greater than 12 hours,, financial losses between 100 million yuan and 1 billion yuan, or impacts the non-public info of over 10 million individuals or delicate private info of greater than 1 million individuals
- Yellow: Stage III (“giant”), which applies to operational interruptions lasting greater than eight hours, prevalence of main radio interference for greater than eight hours, financial losses between 50 million yuan and 100 million yuan, or impacts the non-public info of over 1 million individuals or delicate private info of greater than 100,000 individuals
- Blue: Stage IV (“basic”), which applies to minor occasions that trigger operational interruptions lasting lower than eight hours, financial losses of lower than 50 million yuan, or impacts the non-public info of lower than 1 million individuals or delicate private info of lower than 100,000 individuals
The brand new guidelines additionally require affected corporations to make an evaluation to find out the severity of the incident, and if deemed critical, report it instantly to the native trade supervision division with out omitting or concealing any information, or offering any false info.
“If the native trade regulatory division initially determines that it’s a notably main or main knowledge safety incident, it ought to report it to the Mechanism Workplace in accordance with the necessities of ’10 minutes by cellphone and half-hour in writing’ after discovering the incident,” the draft guidelines state.
Primarily based on the response degree activated – Crimson or Orange – the Mechanism Workplace is predicted to report the matter to the MIIT. The draft guidelines are open for public feedback till January 15, 2024.