Making Cloud Adoption In China A Reality (In Spite of Data Privacy and State “Secret” Laws)

Making Cloud Adoption in China a Reality (In Spite of Data Privacy and State “Secret” Laws)

Cloud computing has become a hot growth area in China, driven by both large-scale government initiatives and private investment. However, as alluring as the cloud is in China, for foreign firms trying to do business there, the uncertain legal environment can create a number of serious challenges.

Comprehensive, national regulations on data privacy remain in the draft stage, so for now, data privacy rules are “vague” and are often at the mercy of government interpretation. The legal framework for cloud services is flexible to the point of being unpredictable, especially since the Chinese government may claim national security as a rationale for almost any measure pertaining to data security and the internet/cloud. Sound intimidating? It can be, but “forewarned is forearmed,” so here are two key areas we all need to consider before jumping into the cloud in China.

Data Privacy Laws

No single national data privacy law exists in China, but working group recommendations are making their way through the national process. For example, the Ministry of Industry and Information Technology has issued a draft Information Security Technology – Guide of Personal Information Protection. But, until any recommendations become national law (and to some degree thereafter), there are over 200 local/provincial laws and sector-based regulations for businesses to navigate.

For example, take the Banking Law. Last year, People’s Bank of China (PBOC) issued the “Notice to Urge Banking Financial Institutions to Protect Personal Financial Information,” forbidding banks from storing or processing financial information obtained in China outside of the country. And financial information is defined as/includes: personal identity information, personal property information, personal account information, personal credit information, personal financial transaction information, derivative information; and other personal information acquired or stored in the process of developing business relationships with individuals. Basically, everything!

The good news at least is we’re getting closer to a national law. There is a convergence of new and revised privacy law provisions around the APEC privacy principles, a step in the right direction. But one area where significant differences still exist is in cross-border requirements. This issue, in particular, has proven to be a thorny challenge in other regions around the globe and it will undoubtedly continue to be a hot topic in China. When sensitive data flows across borders (as in the case of a China-based organization using a Western cloud service provider), questions such as “Where is my data located, both in production and in disaster recovery scenarios?” “Individuals with what citizenship have access to my data for hygiene and maintenance?” “Whose jurisdiction and laws apply to data traversing Chinese borders?” etc., complicate any cloud adoption strategy.

Dealing With “State Secrets”

Another key issue to consider is China’s focus on protecting “state secrets.” Chinese authorities are extremely concerned by the types of data transferred via the internet/cloud and the potential threats such transfers may cause to State security.

The Chinese State framework was revised by two important pieces of regulation:

  • Production, reproduction, access, dissemination and transfer of data out of China that may disclose state secrets are strictly forbidden.
  • Chinese authorities have broad discretion to determine the scope of State secrets

And consequences of violations can be significant: individuals employed by foreign companies in China have been known to actually be imprisoned. To further complicate secrecy matters, if data is suddenly considered a secret, that ruling is retroactive to all existing data: information currently stored in the cloud is now potentially in violation of the law.

So where does this leave us? Up a global business “creek” without a single, compliant paddle? Actually, there are in fact lifelines. Tokenization lets enterprises take advantage of the cloud and remain within jurisdictional/regulatory guidelines by ensuring that specified data stays resident, within control of a company’s home-based infrastructure. With tokenization, what travels to the cloud are random tokens as opposed to actual data – so information is undecipherable should it be hacked or improperly accessed. This allows companies to adopt cloud applications and uphold data privacy and compliance rules – even if there are 200 laws to consider. And employees accessing the protected cloud data can enjoy cloud application functionality and the same user experience on tokenized data as with the standard cloud SaaS application.

The key is to do your homework before diving into the Chinese cloud landscape. Because, while it’s clear that in order to keep pace with an ever-changing global economy, businesses have to keep pace with China, it’s also clear this is going to be a marathon – not a sprint.

By David Canellos

David Canellos is the CEO of PerspecSys, a leading provider of cloud data residency and security solutions for the enterprise.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014

BYOD Will Continue To Define Workplaces In 2014 The bring-your-own-device trend has been the subject of scrutiny ever since its initial formation. Given how quickly personal smartphones and tablets became a fixture in everyday life, it makes perfect sense that these mobile machines would slip into workplaces. While BYOD has caused headaches for many businesses,…

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to…

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues

Cloud Computing Adoption Continues Nowadays, many companies are changing their overall information technology strategies to embrace cloud computing in order to open up business opportunities.  There are numerous definitions of cloud computing. Simply speaking, the term “cloud computing” comes from network diagrams in which cloud shapes are  used to describe certain types of networks. All…

Cloud Infographic: Cloud Computing Growth

Cloud Infographic: Cloud Computing Growth

An excellent infographic provided by AwesomeCloud which predicts a continued high level of growth in the cloud computing industry. Potentially staggering numbers for Public Cloud IT Services of $100 Billion by 2016. Infographic Source: AwesomeCloud About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

Sponsors

What Is A Hybrid Cloud?

What Is A Hybrid Cloud?

What Is A Hybrid Cloud? With the emergence of cloud-computing technology comes the addition of new terminology. The terms public cloud and private cloud are reasonably well understood. However, a hybrid cloud can mean different things to different people. Under The Engine Perhaps the best way to define or explain a hybrid cloud is to…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter