Authored by: Ning Xuanfeng (Susan) , Wu Han and Gao Tongyue
Data misuse and data breaches are the two core risks of data security. Data misuse can be prevented through strict legal regulations that ensure standardized data processing. However, data breaches are not entirely avoidable: they arise not only from internal risks but also frequently due to external attacks. Data breaches have always been a prominent topic in the field of data governance, akin to the Sword of Damocles hanging over enterprises. In China, as early as 2012, laws and regulations regarding data breaches were established. Important laws such as the “Cybersecurity Law”, “Data Security Law”, “Personal Information Protection Law”, and “Regulations on Network Data Security Management” all involve the issue of data breaches. The recently published draft amendments to the “Cybersecurity Law” also propose strict legal liabilities for large-scale data breach scenarios. However, data breaches have not ceased and continue to make headlines, setting new records in various statistical reviews and exacerbating data anxiety while remaining difficult to eradicate.