Hello, everyone. I wish you a happy new year — 2022 is destined to be an extraordinary year. With the ongoing pandemic and promulgation of various privacy-related laws and regulations, we have entered an uncertain and complicated 2022.
That said, the topic of data security and privacy will never dry up.
In December, China’s Ministry of Industry and Information Technology suspended network security cooperation with Alibaba Cloud for six months, 21st Century Business Herald reported. MIIT alleges Alibaba Cloud failed to report software vulnerabilities in the Apache log4j2, an open-source software tool, in a timely manner. According to Bloomberg, the discovery was made 24 Nov., but MIIT did not learn of the issue until 9 Dec.
According to the “Regulations on security vulnerabilities of network products” which entered into force in September, companies are required to immediately report the vulnerabilities within two days of discovery.
As of 31 Dec., data processors in China will need to carry out data classification and gradation work in order to implement the requirements of "national establishment of data classification and gradation protection system" put forward in the data security law. The Secretariat of China's Information Security Standardization Technical Committee prepared the guidelines for classification and gradation of network data. According to the relevant requirements of laws, regulations, policies and standards, this practice guide details the principles, framework and methods of network data classification and gradation. It is also powerful reference for data processors to classify and grade their data under the Personal Information Protection Law.
On 4 Jan., the Internet Information Office, Ministry of Industry and Information Technology, Ministry of Public Security and the Municipal Administration of Supervision in China issued the joint Internet Information Service Algorithm Recommendation Management Regulations, which will be officially implemented 1 March. The promulgation of these regulations means the governance of algorithm recommendation technology has entered a new stage. It also indicates algorithm compliance is a new and integral part of data compliance and may become a separate category in the future.
I hope you enjoy this digest and have a fruitful and happy new year. See you next time!