China: Publication of draft data security law focussing on data protection

The National People's Congress Standing Committee publishes its draft of the Data Security Law, which builds part of the nation`s growing data protection regime. It introduces a tiered system of data security protection according to the data`s economic and social importance and the data`s harm to national security if distorted, leaked, illegally utilised etc., which is in line with the multi-level protection scheme of the cybersecurity law. Chapter 4 lists the specific obligations of entities involved in data activities, such as the appointment of a data security officer, reporting incidents, risk assessments and cooperation with public and national security organs (including the disclosure of data with national agencies and their approval of disclosure of data to foreign agencies). It applies primarily to "important data", however, this term is not defined, and it is not aimed directly at personal data (governed by the Personal Data Protection Law) and does not govern state secret or military law.