PBC to Release Data Security Rules in Business Area

On July 24, 2023, the People’s Bank of China (“PBC”) released the Circular on Solicitation of Public Opinions on the Measures of the People’s Bank of China for Data Security Administration in Business Area (Exposure Draft) (the “Measures”). The deadline for submitting comments is August 24, 2023.

The Measures have 57 articles in eight chapters, and provide for data classification and grading, general requirements for data security protection, management measures for data security protection, technical measures for data security protection, and risk monitoring, evaluation, auditing and event handling measures. It is emphasized that data processors should establish data classification and grading systems and procedures, sort out categorized information in data resource catalogues, uniformly classify data, specify data security responsibilities, and establish data security accountability and punishment systems, as well as the whole-process security management system for data processing. Through the Measures, data processors know what security protection management and technical measures it should take in collection, storage, use, processing, transmission, provision, disclosure and deletion of data before they can be deemed having met the bottom-line compliance requirements.