Making Cloud Adoption In China A Reality (In Spite of Data Privacy and State “Secret” Laws)

Making Cloud Adoption in China a Reality (In Spite of Data Privacy and State “Secret” Laws)

Cloud computing has become a hot growth area in China, driven by both large-scale government initiatives and private investment. However, as alluring as the cloud is in China, for foreign firms trying to do business there, the uncertain legal environment can create a number of serious challenges.

Comprehensive, national regulations on data privacy remain in the draft stage, so for now, data privacy rules are “vague” and are often at the mercy of government interpretation. The legal framework for cloud services is flexible to the point of being unpredictable, especially since the Chinese government may claim national security as a rationale for almost any measure pertaining to data security and the internet/cloud. Sound intimidating? It can be, but “forewarned is forearmed,” so here are two key areas we all need to consider before jumping into the cloud in China.

Data Privacy Laws

No single national data privacy law exists in China, but working group recommendations are making their way through the national process. For example, the Ministry of Industry and Information Technology has issued a draft Information Security Technology – Guide of Personal Information Protection. But, until any recommendations become national law (and to some degree thereafter), there are over 200 local/provincial laws and sector-based regulations for businesses to navigate.

For example, take the Banking Law. Last year, People’s Bank of China (PBOC) issued the “Notice to Urge Banking Financial Institutions to Protect Personal Financial Information,” forbidding banks from storing or processing financial information obtained in China outside of the country. And financial information is defined as/includes: personal identity information, personal property information, personal account information, personal credit information, personal financial transaction information, derivative information; and other personal information acquired or stored in the process of developing business relationships with individuals. Basically, everything!

The good news at least is we’re getting closer to a national law. There is a convergence of new and revised privacy law provisions around the APEC privacy principles, a step in the right direction. But one area where significant differences still exist is in cross-border requirements. This issue, in particular, has proven to be a thorny challenge in other regions around the globe and it will undoubtedly continue to be a hot topic in China. When sensitive data flows across borders (as in the case of a China-based organization using a Western cloud service provider), questions such as “Where is my data located, both in production and in disaster recovery scenarios?” “Individuals with what citizenship have access to my data for hygiene and maintenance?” “Whose jurisdiction and laws apply to data traversing Chinese borders?” etc., complicate any cloud adoption strategy.

Dealing With “State Secrets”

Another key issue to consider is China’s focus on protecting “state secrets.” Chinese authorities are extremely concerned by the types of data transferred via the internet/cloud and the potential threats such transfers may cause to State security.

The Chinese State framework was revised by two important pieces of regulation:

  • Production, reproduction, access, dissemination and transfer of data out of China that may disclose state secrets are strictly forbidden.
  • Chinese authorities have broad discretion to determine the scope of State secrets

And consequences of violations can be significant: individuals employed by foreign companies in China have been known to actually be imprisoned. To further complicate secrecy matters, if data is suddenly considered a secret, that ruling is retroactive to all existing data: information currently stored in the cloud is now potentially in violation of the law.

So where does this leave us? Up a global business “creek” without a single, compliant paddle? Actually, there are in fact lifelines. Tokenization lets enterprises take advantage of the cloud and remain within jurisdictional/regulatory guidelines by ensuring that specified data stays resident, within control of a company’s home-based infrastructure. With tokenization, what travels to the cloud are random tokens as opposed to actual data – so information is undecipherable should it be hacked or improperly accessed. This allows companies to adopt cloud applications and uphold data privacy and compliance rules – even if there are 200 laws to consider. And employees accessing the protected cloud data can enjoy cloud application functionality and the same user experience on tokenized data as with the standard cloud SaaS application.

The key is to do your homework before diving into the Chinese cloud landscape. Because, while it’s clear that in order to keep pace with an ever-changing global economy, businesses have to keep pace with China, it’s also clear this is going to be a marathon – not a sprint.

By David Canellos

David Canellos is the CEO of PerspecSys, a leading provider of cloud data residency and security solutions for the enterprise.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

The Cloud Above Our Home

The Cloud Above Our Home

Our Home – Moving All Things Into The Cloud The promise of a smart home had excited the imagination of the movie makers long ago. If you have seen any TV shows in the nineties or before, the interpretation presented itself to us as a computerized personal assistant or a robot housekeeper. It was smart,…

Who’s Who In The Booming World Of Data Science

Who’s Who In The Booming World Of Data Science

The World of Data Science The nature of work and business in today’s super-connected world means that every second of every day, the world produces an astonishing amount of data. Consider some of these statistics; every minute, Facebook users share nearly 2.5 million pieces of content, YouTube users upload over 72 hours of content, Apple…

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think

Cloud Computing Is Greener Than You Think Last week we touched upon how a project in Finland had blended two of the world’s most important industries, cloud computing and green technology, to produce a data centre that used nearby sea water to both cool their servers and heat local homes.  Despite such positive environmental projects, there…

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services – Security Threat or Massive Opportunity?

Big Data and Financial Services Cloud Banking Insights Series focuses on big data in the financial services industry and whether it is a security threat or actually a massive opportunity. How does big data fit into an overall cloud strategy? Most FI’s have a positive mind-set towards cloud IT consumption as it not only enables…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

Surprising Facts and Stats About The Big Data Industry

Surprising Facts and Stats About The Big Data Industry

Facts and Stats About The Big Data Industry If you start talking about big data to someone who is not in the industry, they immediately conjure up images of giant warehouses full of servers, staff poring over page after page of numbers and statistics, and some big brother-esque official sat in a huge government building…

Fintech Investments Are Seeing Consistent Growth

Fintech Investments Are Seeing Consistent Growth

The Financial Services Cloud Fintech investment has been seeing consistent growth in 2015, with some large moves being made this year. The infographic (Courtesy of Venturescanner) below shows the top Fintech investors and the amount of companies they’re currently funding: Just this week, a financial data startup known as Orchard Platform raised $30 million in…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most

The Industries That The Cloud Will Change The Most Cloud computing is rapidly revolutionizing the way we do business. Instead of being a blurry buzzword, it has become a facet of everyday life. Most people may not quite understand how the cloud works, but electricity is quite difficult to fathom as well. Anyway, regardless of…