Serviceteam IT Security News

A new system of social and corporate control in China raises serious new data security risks for multi-national foreign firms operating in the country, according to a new report from the EU Chamber of Commerce in China.

The new study, The Digital Hand: How China’s Corporate Social Credit System Conditions Market Actors, is meant to serve as a wake-up call to EU firms which may not have got their compliance plans in place.

The Corporate Social Credit System (SCS) will require all firms operating in China to provide the government with data feeds covering a wide sweep of operations — in areas as diverse as environmental regulations and health and safety.

They will then be given an algorithmically calculated score which will change over time: those with low scores face more frequent audit inspections, customs delays, public shaming, and even blacklisting by the government.

However, the European Chamber warned that the data transfers themselves could be problematic for companies.

“Taken individually, most of the transferred data points are not highly sensitive information,” the report explained. “However, the integration and systematically cross-cutting use of data on the government’s side can become a challenge. It provides the government with a full picture of the detailed performance and capability of a company.”

There may also be concerns over sharing sensitive IP and information on personnel, the report claimed.

It urged foreign MNCs to engage with Beijing now “with the goal of modifying data transfer requirements and excluding such information.”

“Ensuring the security of this data is one of the key promises of the government,” it added. “Companies need to hold the government authorities to this promise and make sure that no detrimental use of this comprehensive data occurs.”

It remains to be seen how flexible the Chinese government will be in allowing firms to exclude certain sensitive data points, and how prepared it will be to ensure the security and integrity of the data.

The European Chamber warned that SMEs could be particularly at risk from non-compliance given the onerous, resource-intensive data collection requirements. A complicating factor is that the scores given to third-party suppliers may drag down a company’s overall score, so a great deal of work will need to be done to vet partner organizations.

“It is no exaggeration to say that the Corporate SCS will be the most comprehensive system created by any government to impose a self-regulating marketplace, nor is it inconceivable that the Corporate SCS could mean life or death for individual companies,” warned European Chamber President, Jörg Wuttke.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!