New Chinese Cybersecurity Law to Mean Headaches for Foreign HR Departments

By Aaron Hightower May 1, 2017
LIKE SAVE PRINT EMAIL
Reuse Permissions

​China will enforce a new cybersecurity law beginning June 1, that may pose several problems for HR professionals charged with keeping data secure in that country, experts tell SHRM Online.

One big problem with the Cybersecurity Law of China—which passed in October 2016 and is designed to fight hackers worldwide—is that it requires foreign companies to give the Chinese government sensitive and proprietary information about their software and network equipment, experts say.

It also prohibits companies that obtain personal information obtained from Chinese citizens from leaving China's cyberspace, which makes it impossible for foreign companies to centralize data on customers and employees in China.

Major Headaches for HR

"Personal information obtained by companies within the territory of the People's Republic of China must be stored only within mainland China," the new law states. Kaitlin Fox Hinkle, an attorney at Atlanta-based law firm Fisher Phillips, said this will mean major headaches for foreign HR departments.

"This could present logistical challenges, in particular for companies with employees in China and HR operations in another country," Hinkle told SHRM Online. Under the law, the Fisher Phillips website points out, "critical information infrastructure" operators must:

  • Have specific management teams responsible for managing security.
  • Conduct backups of important systems and databases.


Hinkle added, "To the extent responsibility for developing compliance programs and employee training falls on HR departments, this law contains requirements to [also] conduct network-security education and training and to formulate emergency response plans and conduct periodic drills to deal with network security incidents."

Another big problem with the new law is its ambiguity. Experts say that generic phrases like "critical infrastructure operators," which could describe any IT network operations, and "tiered system of Internet security protections" could be interpreted in various ways.

"The vague and ambiguous nature of this law will make it difficult for [HR and their IT departments] to develop effective compliance programs," Hinkle added.

[SHRM members-only toolkit: Managing Human Resources in Mergers and Acquisitions]

"Additionally, this law contains stringent data localization requirements, and there is a legitimate concern that Chinese officials could require companies to provide [network access] to a wide range of data, including personnel, confidential and proprietary information in certain circumstances," she said.

Trademarked Data at Risk

Also, China requires foreign companies to provide private information about computer software and hardware. This could potentially lead to sensitive information landing in the hands of competitors in China.

Experts agree, however, that foreign companies will probably comply with the new law—or else they risk losing business in the second-largest market in the world.

"The biggest chokehold the China government has is access to their market," said Robert Cattanach, an attorney with Dorsey & Whitney, based in Minneapolis. "If you don't play ball, then they are not the least bit hesitant to preclude you from accessing the market."

The law may stifle international business in China somewhat, Hinkle said, especially if Chinese officials start imposing harsh penalties on foreign companies or compromise companies' confidential and proprietary information—something HR departments are charged with protecting.

"But, ultimately, I think companies will continue to operate in and continue to do business with China despite this law," she said. "Businesses will likely adapt, and Chinese officials will enforce the law in a way that is not too detrimental to international business."

Aaron Hightower is a freelance writer in Detroit.

Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter. 

LIKE SAVE PRINT EMAIL
Reuse Permissions

Job Finder

Find an HR Job Near You
Post a Job

SPONSOR OFFERS

Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 3,200 companies

Search & Connect