The latest draft of Personal Information Protection Law
The 22nd Meeting of the Standing Committee of the 13th National People's Congress was held on October 13, 2020. Focusing on the current outstanding issues of personal information protection, the draft of the Personal Information Protection Law was reviewed for the first time.
What is the scope of application of draft bills? Do you have any contact with me?
Private data refers to all kinds of data recorded electronically or in other ways related to confirmed or confirmed natural persons, excluding those processed anonymously. Private data processing includes collection, storage, use, processing, transmission, provision, publication of private data and other activities.
Scope of application: the activities of domestic enterprises in China to process personal information outside China (overseas enterprises provide products or services to China, and analyze the behavior of domestic individuals within China).
How to handle personal information for compliance?
For the processing of sensitive personal information, more strict restrictions should be implemented with "notification and consent" as the core. The processing of personal information should be subject to the individual's independent consent or written consent. Individuals have the right to know, the right to make decisions, the right to query, the right to change, and the right to delete. Individual information processors are required to develop internal management systems and operating procedures, and take corresponding security technical measures, The person in charge shall be appointed to supervise and audit the personal information processing activities.
What punishment will be imposed for violation of regulations?
Violating the processing of personal information, or violating the processing of personal information, and failing to take necessary security protection measures as required (for example, sensitive personal information is not classified, encrypted, or stored in a non identifiable way; improper operations of personal information processors lead to data leakage, etc.), the department performing the protection responsibility shall order correction and confiscate illegal income, Give warning; If it fails to make corrections, it shall be fined not more than one million yuan; The person in charge and other persons directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan.
Huawei Cloud Data Security Center: Help enterprises comply with data processing rules
In fact, Huawei Cloud has long noticed the compliance problems and risks in data processing, and launched the Data Security Center (DSC) internally last year to provide the next-generation data governance engine for the compliance and security of enterprise data. Focusing on the whole life cycle of data, the implementation of security visualization management can effectively help enterprises manage data assets and ensure data security.
Data collection: The DSC of Huawei ECS has the functions of sensitive data identification and automatic data classification. It can help enterprises lock sensitive data in massive data, assess risk levels, and scan, classify, and grade data. Users can view the distribution of data at different risk levels to solve the "blind spot" of data for further security protection.
Data transmission: DSC can automatically identify data transmission channels and security transmission requirements, judge data transmission risks, assist enterprises in improving transmission link encryption and authentication, and prevent data leakage.
Data storage: The module lists unencrypted OBC object buckets to prevent unnecessary storage security of user assets. By clicking on the OBS interface, the user can encrypt the unencrypted object bucket to comply with the data storage rules.
From the perspective of data use: Huawei ECS DSC can audit the operation behavior of the data administrator, timely alarm for wrong operation, and hold the wrong operation accountable. The center presents abnormal events in three aspects of data access, operation and management in the database, and counts TOP access source IP, access object, TOP access account and other information to make the risk events in the use of the database clear at a glance, which helps enterprises reduce data security risks.
From the level of data exchange: DSC has the functions of data desensitization and data watermarking, which ensures the security of data exchange. Sensitive or high-risk data can be desensitized and transferred to prevent data leakage. The data asset can be watermarked to ensure the uniqueness of the asset; At the same time, users can trace the leak source through the watermark tag, and mine the leak source.
From the level of data deletion: DSC will make statistics on the number and total number of deletions of database, ECS and OBS assets on that day.
At present, the DSC of Huawei Cloud Data Security Center has been officially tested. All users can apply for free. The activity is hot. Anyone who wants to contact us can provide 7 * 24 online services. Welcome to visit Micronet. Micronet is an officially authorized priority cloud service vendor and professional cloud server provider under Huawei Cloud. With more than 30 years of industry experience, its technical support comes from Huawei Cloud. It has independent research and development, continuous investment, and continuous updating. Good industry reputation is our greatest recognition. We firmly believe that we can enable Huawei Cloud and enterprise users to make common progress and implement the win-win values. ECS, Huawei, is safe, reliable and reassuring!
