The Lighter Side Of The Cloud – Status Update
The Lighter Side Of The Cloud – Wearable Infection
The Lighter Side Of The Cloud – Progress
The Lighter Side Of The Cloud – The Wish List
The Lighter Side Of The Cloud – Forecasting

Making Cloud Adoption In China A Reality (In Spite of Data Privacy and State “Secret” Laws)

Making Cloud Adoption in China a Reality (In Spite of Data Privacy and State “Secret” Laws)

Cloud computing has become a hot growth area in China, driven by both large-scale government initiatives and private investment. However, as alluring as the cloud is in China, for foreign firms trying to do business there, the uncertain legal environment can create a number of serious challenges.

Comprehensive, national regulations on data privacy remain in the draft stage, so for now, data privacy rules are “vague” and are often at the mercy of government interpretation. The legal framework for cloud services is flexible to the point of being unpredictable, especially since the Chinese government may claim national security as a rationale for almost any measure pertaining to data security and the internet/cloud. Sound intimidating? It can be, but “forewarned is forearmed,” so here are two key areas we all need to consider before jumping into the cloud in China.

Data Privacy Laws

No single national data privacy law exists in China, but working group recommendations are making their way through the national process. For example, the Ministry of Industry and Information Technology has issued a draft Information Security Technology – Guide of Personal Information Protection. But, until any recommendations become national law (and to some degree thereafter), there are over 200 local/provincial laws and sector-based regulations for businesses to navigate.

For example, take the Banking Law. Last year, People’s Bank of China (PBOC) issued the “Notice to Urge Banking Financial Institutions to Protect Personal Financial Information,” forbidding banks from storing or processing financial information obtained in China outside of the country. And financial information is defined as/includes: personal identity information, personal property information, personal account information, personal credit information, personal financial transaction information, derivative information; and other personal information acquired or stored in the process of developing business relationships with individuals. Basically, everything!

The good news at least is we’re getting closer to a national law. There is a convergence of new and revised privacy law provisions around the APEC privacy principles, a step in the right direction. But one area where significant differences still exist is in cross-border requirements. This issue, in particular, has proven to be a thorny challenge in other regions around the globe and it will undoubtedly continue to be a hot topic in China. When sensitive data flows across borders (as in the case of a China-based organization using a Western cloud service provider), questions such as “Where is my data located, both in production and in disaster recovery scenarios?” “Individuals with what citizenship have access to my data for hygiene and maintenance?” “Whose jurisdiction and laws apply to data traversing Chinese borders?” etc., complicate any cloud adoption strategy.

Dealing With “State Secrets”

Another key issue to consider is China’s focus on protecting “state secrets.” Chinese authorities are extremely concerned by the types of data transferred via the internet/cloud and the potential threats such transfers may cause to State security.

The Chinese State framework was revised by two important pieces of regulation:

  • Production, reproduction, access, dissemination and transfer of data out of China that may disclose state secrets are strictly forbidden.
  • Chinese authorities have broad discretion to determine the scope of State secrets

And consequences of violations can be significant: individuals employed by foreign companies in China have been known to actually be imprisoned. To further complicate secrecy matters, if data is suddenly considered a secret, that ruling is retroactive to all existing data: information currently stored in the cloud is now potentially in violation of the law.

So where does this leave us? Up a global business “creek” without a single, compliant paddle? Actually, there are in fact lifelines. Tokenization lets enterprises take advantage of the cloud and remain within jurisdictional/regulatory guidelines by ensuring that specified data stays resident, within control of a company’s home-based infrastructure. With tokenization, what travels to the cloud are random tokens as opposed to actual data – so information is undecipherable should it be hacked or improperly accessed. This allows companies to adopt cloud applications and uphold data privacy and compliance rules – even if there are 200 laws to consider. And employees accessing the protected cloud data can enjoy cloud application functionality and the same user experience on tokenized data as with the standard cloud SaaS application.

The key is to do your homework before diving into the Chinese cloud landscape. Because, while it’s clear that in order to keep pace with an ever-changing global economy, businesses have to keep pace with China, it’s also clear this is going to be a marathon – not a sprint.

By David Canellos

David Canellos is the CEO of PerspecSys, a leading provider of cloud data residency and security solutions for the enterprise.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Recent

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises – 24 Billion Networked Devices By 2019

Mobile Connectivity Rises Mobile Technologies such as BYOD, Wearable Technology and Internet of Things are the cornerstone to strong cloud computing adoption and will continue to be the case as the number of connected devices continue to climb. In May 2015, Cisco released the complete VNI Global IP Traffic Forecast, 2014 – 2019. Global highlights…

9 Pitfalls of Providing Cloud-Based Online Government Services

9 Pitfalls of Providing Cloud-Based Online Government Services

Cloud-Based Online Government Services Pitfalls When the US government designed the Affordable Care Act, a key part of the program was to encourage enrollment through the Healthcare.gov website. This online service was supposed to make it easier for citizens to learn about the ACA, compare their health insurance options, and take full advantage of this…

IOT, Intelligent Sensors, And The Change That Is Coming…

IOT, Intelligent Sensors, And The Change That Is Coming…

Intelligent Sensors And The Future What is or isn’t connected: In the end, that is the internet of things. They, the things, represent stuff that has been around for the past 30 years. It was only recently that we have developed a way to consistently connect those devices. Despite the increasing awareness of IoT, it…

Popular Archives

Cloud Infographic – The Future Of Big Data

Cloud Infographic – The Future Of Big Data

The Future Of Big Data Big Data is BIG business and will continue to be one of the more predominant areas of focus in the coming years from small startups to large scale corporations. We’ve already covered on CloudTweaks how Big Data can be utilized in a number of interesting ways from preventing world hunger to helping teams win…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Sponsors

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising