Apple Releases Critical Security Updates – Patch Your Devices Now
December 13, 2023New Instagram Phishing Attack Steals Backup Codes, Bypassing 2FA
December 21, 2023China's Ministry of Industry and Information Technology (MIIT) has unveiled a new color-coded action plan to tackle data security incidents, marking a significant move towards stricter data protection in the country.
This comprehensive system aims to ensure swift and effective responses to data breaches, safeguarding both individual privacy and national interests.
Four Tiers of Alarm:
The plan categorizes data security incidents into four levels based on their severity and impact:
- Red (Level I): Widespread disruptions, major business losses, critical infrastructure outages, economic losses exceeding 1 billion yuan, or affecting over 100 million individuals' personal information.
- Orange (Level II): Significant shutdowns, operational interruptions lasting over 12 hours, major radio interference, economic losses between 100 million and 1 billion yuan, or affecting personal information of over 10 million individuals.
- Yellow (Level III): Operational interruptions lasting over 8 hours, economic losses between 50 million and 100 million yuan, or affecting personal information of over 1 million individuals.
- Blue (Level IV): Minor events with limited impact, economic losses under 50 million yuan, or affecting personal information of under 1 million individuals.
Clear Reporting Guidelines:
The new rules mandate affected companies to promptly assess incident severity and report serious breaches to local authorities without delay. Importantly, immediate reporting via phone (within 10 minutes) and written report (within 30 minutes) is required for "particularly major" or "major" incidents.
Prompt Escalation:
Based on the incident's severity level (Red or Orange), the local authorities are expected to escalate the matter to the MIIT central office for further action and coordination.
Public Input and Transparency:
The draft rules remain open for public comment until January 15, 2024, reflecting the government's commitment to transparency and collaboration in strengthening data security.
This new system aligns with global efforts to combat data breaches and protect user privacy. It signals China's growing focus on data security and its commitment to establishing a robust regulatory framework for the digital age.