China Proposes A Four Level System To Respond To Data Security Incidents

China proposes a four-level classification to help respond to data security incidents. (photo: dock. pexels)

JAKARTA - On Friday, December 15, the Chinese government proposed a four-tier classification to help respond to data security incidents. This highlights Beijing's concerns about massive data leaks and hacking within its territory.

The emergency plan comes amid increasing geopolitical tensions, with the United States and its allies, and following last year's incident when a hacker claimed to have a large amount of personal information from a billion Chinese nationals from the Shanghai police.

China's Ministry of Industry and Information Technology (MIIT) published a detailed draft plan explaining how local governments and companies should assess and respond to incidents.

The plan, which is currently gathering opinions from the public, proposes a four-level color coded system depending on the level of damage caused to national security, online networks and company information, or the running of the economy.

According to the plan, incidents involving losses of more than 1 billion yuan (Rp2.1 trillion) and affecting personal information from more than 100 million people, or "sensitive" information from more than 10 million people, will be classified as "very serious," requiring red alert notice.

The plan demands that in response to red and orange warnings, the companies involved and the relevant local regulatory authorities must create a 24-hour shift system to address incidents and MIIT should be notified of data breaches within ten minutes of the incident, among other measures.

"If the incident is taken seriously... it should be immediately reported to the local industry's regulatory department, there is no delay in reporting, false reporting, concealment, or removal of permitted reporting," MIIT said.