Ministry of Industry and Information Technology: Will introduce data security management regulations and establish a data security certification system

On the morning of July 16, 2021, the State Council Information Office held a press conference. During the Q&A session, Zhao Zhiguo, spokesperson of the Ministry of Industry and Information Technology and director of the Information and Communication Administration Bureau, responded regarding data security management work, revealing that the Ministry's next steps will focus on industry data security supervision, enhancing data security regulatory capacity, and promoting the development of the data security industry.

We all know that data security has attracted attention from all sides. Could you please tell us what specific work the Ministry of Industry and Information Technology has implemented this year in data security management? Additionally, the Ministry recently stated it will establish and improve management mechanisms and technical protection systems for data security, strictly controlling all aspects of data resource collection, storage, flow, and use. Could you introduce the specific plans? Thank you.

Zhao Zhiguo (following is the response to reporters' questions)

Data is a fundamental national strategic resource and an important production factor. General Secretary Xi Jinping emphasized that "national data security must be effectively guaranteed." The Ministry of Industry and Information Technology, based on its responsibilities, has steadily advanced data security management in the information and communication industry, issued the "Guidelines for the Construction of Data Security Standard System in the Telecommunications and Internet Industry," researched and released multiple industry standards such as network data classification and grading and important data identification, carried out special actions to enhance network data security protection capabilities, issued the "Key Points for Compliance Assessment of Network Data Security for Telecommunications and Internet Enterprises (2020)," built a public service platform for network data security, strengthened industry data security supervision and inspection according to law, organized 133 companies including Tencent and Baidu to sign a data security self-discipline convention, guided enterprises to fulfill their main responsibilities, organized pilot demonstrations, and strengthened research and promotion of key data security technologies. It can be said that a series of tasks and key responsibilities have been implemented.

Next, under the framework of relevant national laws and mechanisms and based on its responsibilities, the Ministry will carry out work focusing on the following aspects: industry data security supervision, enhancing data security regulatory capacity, and promoting the development of the data security industry.

First, to introduce data security management systems. Accelerate the formulation of data security management policies in the industrial and information technology fields to better implement the "Data Security Law" in the industry. Organize work on industry data classification and grading management, formulation of important data catalogs, and build a standard system in the field of industry data security. Research and formulate important data security standards in areas such as the Internet of Vehicles and Industrial Internet.

Second, to establish a data security certification system. Organize research on data security protection certification systems and formulate evaluation specifications for industry data security protection capabilities. Establish an evaluation and certification mechanism jointly participated by industry organizations, research institutions, and key enterprises to guide related certification work.

Third, to carry out data security supervision and inspection. Combine regulatory methods such as security assessments of basic telecommunications enterprises and "double random, one public" inspections, establish and improve the industry's complaint and report acceptance mechanism, and urge enterprises to fulfill data security protection obligations. Research and establish industry data security situation monitoring and notification mechanisms, and improve capabilities for risk information analysis, judgment, and handling.

Fourth, to promote the development of the data security industry. Support key technology research in data security through key laboratories, innovation technology centers, and other measures. Rely on various channels such as single champion enterprises, specialized and innovative "little giant" enterprises, and industry-finance cooperation to cultivate backbone enterprises. Explore the development of data security-specific disciplines and encourage joint training of data security talents by schools and enterprises.