On 21 Dec 2019, the Macau Cybersecurity Law ("MCSL") will come into force. With this law, public and private critical infrastructure operators of different industries will have to meet obligations that aims to protect the information network and computer systems of critical infrastructure.
How does Macau Cybersecurity Law affect business?
The MCSL, similar to the China Cybersecurity Law, introduce the concept of critical infrastructure. Critical infrastructure under MCSL important system and network that may dangerous to social well-being, public safety, order and interests if disrupted. MCSL applies to:
Public critical infrastructure operators;
Private critical infrastructure operators (e.g. Utilities, Transportation, Banking, finance and insurance, Casino, Medical); and
Internet service providers.
Penalties for private operators' non-compliance with the MCSL could result in a fine up to Mop 5 million. Other sanctions cover suspension of operation, termination of public servant employment, etc. Not to forget reputational damage which could leave the business a very deep scar on the business.
What are the key Macau Cybersecurity Law requirements?
The MCSL emphasize and specify on cyber security requirement on top of the existing security regulations issued by the Government Departments (e.g. AMCM, DICJ) on different industries. The key obligations set out are:
Establish cyber security governance, including appointing competent officer/ setting up a security office, developing policies and procedures;
Monitor, respond and report on the security incident and breaches, including the mandatory regulatory entity notification;
Conducting and submit the security assessment on annual basis; and
Review the performance of cybersecurity service providers for public operators.
MCSL introduction brochure
We drafted a MCSL introduction brochure, which provides you a high-level overview of the law and the obligation under the law. Also in the deck we included information how we/Deloitte could help you in the compliance journey.
Feel free to let us know if you would like to engage us in a further discussion and we will link you up with the corresponding colleagues in this area.
Thanks a lot in advance for supporting this initiative!
Please click "Read more" below to download the "Macau Cybersecurity Law: General Introduction and Impact Analysis"
Reminder: Due to constraints associated with Wechat interface, if you are unable to download the report after opening Deloitte's web page, please tap "Option" in the upper right hand corner and open it in a browser to download.
