Chinese firms to face data restrictions

Entities regulated by the China Securities Regulatory Commission could face new rules on how they store and transmit data.

China’s latest cyber security law is expected to affect private equity firms’ data storage protocols.

As part of the law, China Securities Regulatory Commission has proposed Measures for the Information Technology Management of Securities and Funds Operators. These, if adopted, would ban regulated entities from transferring certain data out of China.

The data within the scope of the proposals includes: systems supporting an entity’s key business functions which, if breached, significantly impact the securities market and investors; ‘important data’, which is currently undefined; and customer information including investors’ names and transaction or investment history.

The law will be enforced on June 1, according to a note from global law firm DLA Piper.
Other data security regulations are being considered by the Chinese government, so more are expected, the firm added.