“Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located” in the People’s Republic of China, “or use equipment and software developed by firms with an ownership nexus in the PRC, as well as with firms that have PRC citizens in key leadership and security-focused roles,” especially for “data service providers and data infrastructure,” according to a new business advisory from the U.S. Department of Homeland Security.
Such risks to U.S. businesses and customers include:
- “the theft of trade secrets, of intellectual property, and of other confidential business information”;
- “violations of U.S. export control laws”;
- “violations of U.S. privacy laws”;
- “breaches of contractual provisions and terms of service”;
- “security and privacy risks to customers and employees”;
- “risk of PRC surveillance and tracking of regime critics”;
- “and reputational harm to U.S. businesses.”
The Insights Association’s General Counsel and Privacy Officer Forum in October 2020 (open only to IA company members) discussed at length the risks involved to data and business in dealings with and in the People’s Republic of China and Chinese businesses.
The DHS advisory goes over some of the Chinese laws and rules that “compel PRC firms and entities to secretly cooperate with PRC security and intelligence services” and to “illicitly provide the PRC government with data, logical access, encryption keys, and other vital technical information, as well as to install ‘backdoors’ or ‘bugdoors’ in equipment which create security flaws easily exploitable by PRC entities.”
DHS aims to help businesses “mitigate the data-related risks posed by the PRC and improve the privacy and security of their customers.”
IA particularly recommends reviewing DHS’ recommended actions on pages 13-14 of the advisory.
This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.
NewsData Security Business Advisory: Risks and Considerations for Businesses Using Data Services and Equipment from Firms Linked to the People’s Republic of ChinaGovernment AffairsHoward Fienberg, CAE – The Insights Association