Not a Member? Get access to HR news and resources that you can trust.
HR professionals share their advice for minimizing worker stress and boosting retention.
Is your employee handbook ready for the changing world of work? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Virtual SHRM-CP/SHRM-SCP Certification Prep Seminars kick off September 12 and fill up fast!
Expand your influence and learn how to become an effective leader. Join us in Phoenix, AZ | OCTOBER 2 - 4, 2017
China will enforce a new cybersecurity law beginning June 1, that may pose several problems for HR professionals charged with keeping data secure in that country, experts tell SHRM Online.
One big problem with the Cybersecurity Law of China—which passed in October 2016 and is designed to fight hackers worldwide—is that it requires foreign companies to give the Chinese government sensitive and proprietary information about their software and network equipment, experts say.
It also prohibits companies that obtain personal information obtained from Chinese citizens from leaving China's cyberspace, which makes it impossible for foreign companies to centralize data on customers and employees in China.
Major Headaches for HR
"Personal information obtained by companies within the territory of the People's Republic of China must be stored only within mainland China," the new law states. Kaitlin Fox Hinkle, an attorney at Atlanta-based law firm Fisher Phillips, said this will mean major headaches for foreign HR departments.
"This could present logistical challenges, in particular for companies with employees in China and HR operations in another country," Hinkle told SHRM Online. Under the law, the Fisher Phillips website points out, "critical information infrastructure" operators must:
Hinkle added, "To the extent responsibility for developing compliance programs and employee training falls on HR departments, this law contains requirements to [also] conduct network-security education and training and to formulate emergency response plans and conduct periodic drills to deal with network security incidents." Another big problem with the new law is its ambiguity. Experts say that generic phrases like "critical infrastructure operators," which could describe any IT network operations, and "tiered system of Internet security protections" could be interpreted in various ways."The vague and ambiguous nature of this law will make it difficult for [HR and their IT departments] to develop effective compliance programs," Hinkle added. [SHRM members-only toolkit: Managing Human Resources in Mergers and Acquisitions]"Additionally, this law contains stringent data localization requirements, and there is a legitimate concern that Chinese officials could require companies to provide [network access] to a wide range of data, including personnel, confidential and proprietary information in certain circumstances," she said.
Trademarked Data at Risk
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
HR Education in a City Near You
SHRM’s HR Vendor Directory contains over 3,200 companies
[/_catalogs/masterpage/SHRMCore/Main.master][Title][SHRM Online - Society for Human Resource Management]