Thales helps organisations address the requirements on the Personal Information Protection Law.
The Standardisation Administration of China (SAC) joined with the State Administration for Market Regulation (SAMR) to issue GB/T 35273-2020 《信息安全技术 个人信息安全规范》, or “Information Security Technology – Personal Information Security Specification,” which came into effect on October 1, 2020. This 2020 specification replaced GB/T 35273-2017, which had been in effect since 2017.
The 2020 specification updates and refines the guidelines outlined in the 2017 Personal Information Security Specification. The 2020 specification is not mandatory but is recommended guidelines that reinforce the law, which explains and reinforces China’s 2017 Cybersecurity Law. Though the 2020 specification is not enforceable by law, the Chinese government uses these standards to evaluate an entity’s compliance with China’s legal guidelines and regulations.
Thales enables organisations to align Personal Information Security Specification (PISS) while reducing risk, complexity and cost in part through:
Regulation summary
Personal Information Security Specification (PISS) – Cybersecurity Law of the People’s Republic of China focuses on the security issues of personal information and standardises information controllers’ behaviours at various stages of information processing, including the collection, storage, use, sharing, transfer and public disclosure.
Objective
To stem the illegal collection, abuse and leakage of personal information and protect the legitimate rights and interests of individuals and public interests to the greatest extent possible.
Thales CPL helps organisations comply with The Personal Information Security Specification (PISS) – Cybersecurity Law of the People’s Republic of China through:
Strong access management and authentication
Thales Access Management and Authentication Solutions provide both the security mechanisms and reporting capabilities organisations need to comply with data security regulations. Our solutions protect sensitive data by enforcing the appropriate access controls when users log into applications that store sensitive data.
Protection of sensitive data at rest
Protecting sensitive data in motion
Thales High-Speed Encryptors (HSEs) provide network-independent data-in-motion encryption (Layers 2, 3 and 4) ensuring data is secure as it moves from site-to-site, or from on-premises to the cloud and back.
This eBook details how an organization addresses compliance requirements with Thales, it covers the following: What is it? What are the details? How can organizations prepare for it?
The crucial first step in privacy and data protection regulatory compliance is to understand what constitutes sensitive data, where it is stored, and how it is used. If you don't know what sensitive data you have, where it is, and why you have it, you cannot apply effective...
Complying with the constant evolution of data privacy laws and regulations is very challenging. Knowing where all your sensitive data resides is a timely and costly ongoing task when you are relying solely on manual methods. Minimizing your risks due to the inevitable data...
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.
