Articles

01Feb

DHS Warning: Data Security Risks for Insights Businesses in Dealing with China

"Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located" in the People's Republic of China, "or use equipment and software developed by firms with an ownership nexus in the PRC, as well as with firms that have PRC citizens in key leadership and security-focused roles," especially for "data service providers and data infrastructure,” according to a new business advisory from the U.S. Department of Homeland Security.

Such risks to U.S. businesses and customers include:

  • “the theft of trade secrets, of intellectual property, and of other confidential business information”;
  • “violations of U.S. export control laws”;
  • “violations of U.S. privacy laws”;
  • “breaches of contractual provisions and terms of service”;
  • “security and privacy risks to customers and employees”;
  • “risk of PRC surveillance and tracking of regime critics”;
  • “and reputational harm to U.S. businesses.”

The Insights Association’s General Counsel and Privacy Officer Forum in October 2020 (open only to IA company members) discussed at length the risks involved to data and business in dealings with and in the People’s Republic of China and Chinese businesses.

The DHS advisory goes over some of the Chinese laws and rules that "compel PRC firms and entities to secretly cooperate with PRC security and intelligence services” and to “illicitly provide the PRC government with data, logical access, encryption keys, and other vital technical information, as well as to install ‘backdoors’ or ‘bugdoors’ in equipment which create security flaws easily exploitable by PRC entities."

DHS aims to help businesses "mitigate the data-related risks posed by the PRC and improve the privacy and security of their customers."

IA particularly recommends reviewing DHS' recommended actions on pages 13-14 of the advisory.

This information is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any laws/regulation/legislation and their impact on your particular business.

Read more:

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

New York Child Data Privacy and Protection Act - S. 9563

New York Child Data Privacy and Protection Act - S. 9563

The New York Child Data Privacy and Protection Act (S. 9563) is legislation modeled on a recent Cali...

Read More >
Fighting for You: November 2022 Legislative and Regulatory Update

Fighting for You: November 2022 Legislative and Regulatory Update

With American Thanksgiving now in the rearview mirror, let’s look back at the biggest challenges th...

Read More >
Congress Should Drive Federal Privacy Regulation, Not FTC, Urge Data-Driven Industry Groups

Congress Should Drive Federal Privacy Regulation, Not FTC, Urge Data-Driven Industry Groups

The Insights Association (IA) and a dozen other data-driven industry groups called upon Congress to ...

Read More >
California 2022 Privacy Legislation Round-up: Wins, Losses and New Laws

California 2022 Privacy Legislation Round-up: Wins, Losses and New Laws

​​​​​​​As usual, we’ve had some wins in California as legislators have tried to amend the Ca...

Read More >
New Jersey A. 4811 Would Implement Data Broker Registry

New Jersey A. 4811 Would Implement Data Broker Registry

New Jersey A. 4811 would require many insights companies/organizations to publicly register as “dat...

Read More >
Fighting for You: October 2022 Legislative and Regulatory Update

Fighting for You: October 2022 Legislative and Regulatory Update

Consumer data privacy and security concerns, including progress towards a new trans-Atlantic data de...

Read More >
Members only Article - Please login to view