DHS Warning: Data Security Risks for Insights Businesses in Dealing with China - Articles

Articles

01Feb

DHS Warning: Data Security Risks for Insights Businesses in Dealing with China

"Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located" in the People's Republic of China, "or use equipment and software developed by firms with an ownership nexus in the PRC, as well as with firms that have PRC citizens in key leadership and security-focused roles," especially for "data service providers and data infrastructure,” according to a new business advisory from the U.S. Department of Homeland Security.

Such risks to U.S. businesses and customers include:

  • “the theft of trade secrets, of intellectual property, and of other confidential business information”;
  • “violations of U.S. export control laws”;
  • “violations of U.S. privacy laws”;
  • “breaches of contractual provisions and terms of service”;
  • “security and privacy risks to customers and employees”;
  • “risk of PRC surveillance and tracking of regime critics”;
  • “and reputational harm to U.S. businesses.”

The Insights Association’s General Counsel and Privacy Officer Forum in October 2020 (open only to IA company members) discussed at length the risks involved to data and business in dealings with and in the People’s Republic of China and Chinese businesses.

The DHS advisory goes over some of the Chinese laws and rules that "compel PRC firms and entities to secretly cooperate with PRC security and intelligence services” and to “illicitly provide the PRC government with data, logical access, encryption keys, and other vital technical information, as well as to install ‘backdoors’ or ‘bugdoors’ in equipment which create security flaws easily exploitable by PRC entities."

DHS aims to help businesses "mitigate the data-related risks posed by the PRC and improve the privacy and security of their customers."

IA particularly recommends reviewing DHS' recommended actions on pages 13-14 of the advisory.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

Read more:

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

IA Reacts to New Comprehensive U.S. Privacy Legislation - the American Privacy Rights Act

IA Reacts to New Comprehensive U.S. Privacy Legislation - the American Privacy Rights Act

​​​​​​​The Insights Association (IA), the leading nonprofit trade association for the market ...

Read More >
California A.B. 3124 Would Require Customer Data Retention by Sellers of Consumer Information

California A.B. 3124 Would Require Customer Data Retention by Sellers of Consumer Information

California A.B. 3124 would prohibit certain covered personal data from being make publicly available...

Read More >
Fighting for You: March 2024 Legislative and Regulatory Update

Fighting for You: March 2024 Legislative and Regulatory Update

The insights industry’s public policy concerns entered March roaring like a lion, but they are not ...

Read More >
Protecting Americans from Foreign Adversary Controlled Applications Act - H.R. 7521

Protecting Americans from Foreign Adversary Controlled Applications Act - H.R. 7521

The U.S. House of Representatives passed the Protecting Americans from Foreign Adversary Controlled ...

Read More >
Protecting Americans Data from Foreign Adversaries Act - H.R. 7520

Protecting Americans Data from Foreign Adversaries Act - H.R. 7520

The House Energy & Commerce Committee passed the Protecting Americans’ Data from Foreign Adversarie...

Read More >
Fighting for You: February 2024 Legislative and Regulatory Update

Fighting for You: February 2024 Legislative and Regulatory Update

This month, the Insights Association focused on extensive artificial intelligence legislation at the...

Read More >
Members only Article - Please login to view