China Monthly Data Protection Update
要点提示 Developments Highlights
Two Companies in Zhengzhou Administratively Penalized by the Cybersapce Administration (“CA”)for Violating theData Security Law
2024年12月10日,郑州市网信办发现,郑州市两家公司未履行网络安全保护义务,未采取必要的安全防护,导致大量敏
感数据被窃取。
郑州市网信办依据《数据安全法》分别对两家公司作出责令改正,给
予警告,并处人民币5万元罚款的行政处罚。
On December 10, 2024, Zhengzhou CA found in its work that two companies in Zhengzhou City failed to fulfill their network security protection obligations and failed to take the necessary security protection, resulting in the theft of a large amount of sensitivedata. Zhengzhou CA in accordance with the
Data Security Law
on the two companies were ordered to make corrections, given a warning, and imposed a fine of RMB 50,000 administrative penalty.
浙江台州公安机关对某软件科技公司及其负责人未履行数据安全保护义务进行行政处罚
Taizhou Public Security Imposes Administrative Penalties on Software Technology Company and Its Responsible Person for Failure to Fulfill Data Security Protection
Obligations
12月25日,浙江台州公安机关工作中发现,浙江某软件科技公司受托搭建的数据库存在安全漏洞,数据库中承载的大量电子政务数据存在泄露风险。经查,该公司主要为政府部门提供软件开发、信息系统建设和运维等服务。在与台州当地部分政府部门合作期间,该公司未对受托维护、处理的电子政务数据履行应尽的数据安全保护义务,未依法建立全流程数据安全管理制度,导致电子政务数据存在严重泄露风险,相关行为违反了《中华人民共和国数据安全法》。台州公安机关依法对该公司和该公司负责人进行了行政罚款,并责令其依法依规履行数据安全保护义务。同时,依法约谈涉事政府部门相关负责人,通报委托处理电子政务数据活动中存在的安全问题,责令进一步加强数据安全管理和保护,严防数据泄露。
On December 25, Zhejiang Taizhou public security organs found in the work that
a database built by a local software technology company on commission contained security
vulnerabilities, posing a risk of leakage for a large amount of electronic government data stored
within. The Taizhou public security organs imposed an administrative fine on the company and
the person in charge of the company in accordance w
ith the law, and ordered the company to
ful
fill its data security protection obligations in accordance with the law. At th
e same time, the
relevant persons in charge of the government departments involved were interviewed in
accordance with the law, informed of the security problems in the commissioning of e-government data processing activities, and ordered to further strengthen data security
management and protection and to strictly prevent data leakage.
上海市网信办等发布“服务包”, 指引企业合规做好个人信息保护
Shanghai CA Issued “Service Package”, Guidance for Enterprises to Comply with
Personal Information Protection
12 月 4 日,“亮剑
浦江· 2024”消费领域个人信息权益保护专项执法行动总结暨交流研讨活动在上海举
办。
为进一步提升公民个人信息保护意识、促进行业自律、引导企业合规,活动当
日,上海市网信办面向社会、企业、市民共同发布个人信息处理者应知手册(工具
包)、企业个人信息保护合规自检清单(体检包)、上海个人信息保护场景规范指引
(服务包)、上海市民个人信息保护要点问答(护身包),概述为上海个人信息保护惠
企为民“大礼包”,展现专项行动执法为民、优化营商环境、助力建设美好人民城市
的工作成果。
On December 4, “Sword Pujiang-2024” special
enforcement action to protect personal information rights and interests in the field of consumer
summary and exchange seminar activities were held in Shanghai. In order to further enhance
the awareness of the protection of citizens’ personal information, promote industry selfregulation, and guide corporate compliance, on the day of the event, the Shanghai CA and the
Shanghai AMR jointly released the Handbook of Personal Information Handlers for Society,
Enterprises, and Citizens (Toolkit), the Self-inspection Checklist for Corporate Compliance on
Personal Information Protection (Medical Checkup Kit), the Guidelines for the
Standardization of Personal Information Protection Scenarios in Shanghai (Service Kit), and
the Q&A on Key Points for Personal Information Protection (Body Protection Kit). Personal
Information Protection Q&A (Body Protection Pack), outlining the “Gift Pack” of personal
information protection in Shanghai for the benefit of enterprises and the public, and showing
the results of the special action to enforce the law for the people, optimize the business
environment, and help build a better city for the people.
国家发改委等六部门联合印发《关于促进数据产业高质量发展的指导意见》
NDRC and Six Other Departments Jointly Issues the
Guiding Opinions on Promoting the
High-Quality Development of the Data Industry
国家金融监督管理总局发布《银行保险机构数据安全管理办法》
NFRA Issued the
Measures for the Management of Data Security of Banking and Insurance
Institutions
国家数据局等部门发布《关于促进企业数据资源开发利用的意见》
NDB and Other Departments Release
Opinions on Promoting the Development and
Utilization of Enterprise Data Resources
福建发布首个省级个人信息出境标准合同备案实施办法
Fujian Issues the First Provincial
Standard Contract Filing Implementation Measures
for Cross-border Transfer of Personal Information
全国网安标委发布《网络安全标准实践指南——一键停止收集车外数据指引》
TC260 Issues
Cybersecurity Standard Practice Guide - Guidance on One-Click Stop
Collection of Data Outside the Vehicle
国务院发布《公共安全视频图像信息系统管理条例(草案)》
State Council Issues
Regulations on the Management of Public Security Video Image
Information Systems (Draft)
海南省发布自由贸易港国际数据中心发展规定
Hainan Province Issues
Regulations on the Development of International Data Centers in
Free Trade Ports
执法机构 Enforcement Authority
国家数据局官方网站开通试运行
The Official Website of NDB Launched.
审计署通报“利用政务数据牟利”整改情况
The Audit Commission Informed the “Use of Government Data for Profit” Rectification
Situation
工信部决定成立部人工智能标准化技术委员会
MIIT Establishes AI Standardization Technical Committee
上海市网信办等发布“服务包”:指引企业合规做好个人信息保护
Shanghai CA Issued “Service Package”: Guidance for Enterprises to Comply with Personal
Information Protection
窃取 2 亿条个人信息,公安部督办的“黑客大案”告破
200 Million Personal Information Records Stolen: Major Cybercrime Case Under the
Supervision of the MPS Resolved
浙江台州公安机关对某软件科技公司及其负责人未履行数据安全保护义务进行行政
处罚
Taizhou Public Security Imposes Administrative Penalties on Software Technology
Company and Its Responsible Person for Failure to Fulfill Data Security Protection
Obligations
重庆涪陵大
数据
应用发展管理局数据资产
转让
项目被叫停
Chongqing Fuling’s Data Asset Transfer Project by BDADA Halted
因网站停用后未采取网络安全防护措施,郑州两公司被网信办行政处罚
Two Companies in Zhengzhou Administratively Penalized by the CA for Failing to Take
Network Security Measures
因违反《数据安全法》,郑州两公司被网信办行政处罚
Two Companies in Zhengzhou Administratively Penalized by the CA for Violating the
Data Security Law
