Articles

01Feb

DHS Warning: Data Security Risks for Insights Businesses in Dealing with China

"Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located" in the People's Republic of China, "or use equipment and software developed by firms with an ownership nexus in the PRC, as well as with firms that have PRC citizens in key leadership and security-focused roles," especially for "data service providers and data infrastructure,” according to a new business advisory from the U.S. Department of Homeland Security.

Such risks to U.S. businesses and customers include:

“the theft of trade secrets, of intellectual property, and of other confidential business information”;
“violations of U.S. export control laws”;
“violations of U.S. privacy laws”;
“breaches of contractual provisions and terms of service”;
“security and privacy risks to customers and employees”;
“risk of PRC surveillance and tracking of regime critics”;
“and reputational harm to U.S. businesses.”

The Insights Association’s General Counsel and Privacy Officer Forum in October 2020 (open only to IA company members) discussed at length the risks involved to data and business in dealings with and in the People’s Republic of China and Chinese businesses.

The DHS advisory goes over some of the Chinese laws and rules that "compel PRC firms and entities to secretly cooperate with PRC security and intelligence services” and to “illicitly provide the PRC government with data, logical access, encryption keys, and other vital technical information, as well as to install ‘backdoors’ or ‘bugdoors’ in equipment which create security flaws easily exploitable by PRC entities."

DHS aims to help businesses "mitigate the data-related risks posed by the PRC and improve the privacy and security of their customers."

IA particularly recommends reviewing DHS' recommended actions on pages 13-14 of the advisory.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

Data Security Business Advisory: Risks and Considerations for Businesses Using Data Services and Equipment from Firms Linked to the People’s Republic of China

About the Author

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.