China’s cyberspace regulator issued on Thursday draft rules requiring service providers that hold data on more than 1 million people to undergo at least one compliance audit a year, another step in efforts to control data and information, reports Reuters. Infrastructure information providers or services that process data of more than one million users must undergo a security review conducted by an agency appointed by the regulator if they are supplying data overseas, the Cyberspace Administration of China (CAC) said in its draft.
The appointed compliance agency must also evaluate services that own the data of more than 100,000 users, or those with sensitive data of more than 10,000 users, the CAC said.
Services that hold data of fewer than 1 million users must undergo a personal information compliance check at least once every two years, the CAC said. China has in recent years tightened controls on data and information, especially data and information that flows abroad.