DHS Warning: Data Security Risks for Insights Businesses in Dealing with China - Articles

Articles

01Feb

DHS Warning: Data Security Risks for Insights Businesses in Dealing with China

"Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located" in the People's Republic of China, "or use equipment and software developed by firms with an ownership nexus in the PRC, as well as with firms that have PRC citizens in key leadership and security-focused roles," especially for "data service providers and data infrastructure,” according to a new business advisory from the U.S. Department of Homeland Security.

Such risks to U.S. businesses and customers include:

  • “the theft of trade secrets, of intellectual property, and of other confidential business information”;
  • “violations of U.S. export control laws”;
  • “violations of U.S. privacy laws”;
  • “breaches of contractual provisions and terms of service”;
  • “security and privacy risks to customers and employees”;
  • “risk of PRC surveillance and tracking of regime critics”;
  • “and reputational harm to U.S. businesses.”

The Insights Association’s General Counsel and Privacy Officer Forum in October 2020 (open only to IA company members) discussed at length the risks involved to data and business in dealings with and in the People’s Republic of China and Chinese businesses.

The DHS advisory goes over some of the Chinese laws and rules that "compel PRC firms and entities to secretly cooperate with PRC security and intelligence services” and to “illicitly provide the PRC government with data, logical access, encryption keys, and other vital technical information, as well as to install ‘backdoors’ or ‘bugdoors’ in equipment which create security flaws easily exploitable by PRC entities."

DHS aims to help businesses "mitigate the data-related risks posed by the PRC and improve the privacy and security of their customers."

IA particularly recommends reviewing DHS' recommended actions on pages 13-14 of the advisory.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

Read more:

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Fighting for You September 2023 Legislative and Regulatory Update

Fighting for You September 2023 Legislative and Regulatory Update

While temperatures are starting to dip, concerns still simmered in September for the insights indust...

Read More >
Texas Now Requires Data Broker Registration and Security Programs - S.B. 2105

Texas Now Requires Data Broker Registration and Security Programs - S.B. 2105

​​​​​​​Texas Governor Greg Abbott signed S.B. 2105 into law on June 18, 2023, establishing a ...

Read More >
CFPB Plots Much Broader Rules for Data Privacy

CFPB Plots Much Broader Rules for Data Privacy

Rohit Chopra, director of the Consumer Financial Protection Bureau (CFPB), recently said he “will b...

Read More >
Pennsylvania Consumer Data Privacy Act - H.B. 1201

Pennsylvania Consumer Data Privacy Act - H.B. 1201

The Pennsylvania Consumer Data Privacy Act (H.B. 1201) is comprehensive privacy legislation modeled ...

Read More >
Oregon Consumer Privacy Act - OCPA - Now Law

Oregon Consumer Privacy Act - OCPA - Now Law

The Oregon Consumer Privacy Act (OCPA) was signed into law on July 18, 2023, bringing the Beaver Sta...

Read More >
Responding to Data Broker Investigation by House Committee

Responding to Data Broker Investigation by House Committee

In response to a series of investigatory letters regarding data brokers, Privacy for America reminde...

Read More >
Members only Article - Please login to view