The Ministry of Natural Resources (MNR) has released the Administrative Measures for Data Security in the Field of Natural Resources (the "Measures"), effective as of the date of release.
According to the Measures, the MNR shall organize the formulation of the standards and specifications in the field of natural resources, such as those concerning data classification and grading, important data and core data identification, and data security protection, prepare a catalog of industry-wide important data and core data, and carry out dynamic management. Regarding security management in the full life cycle of data, the Measures clarify that data processors shall assume the primary responsibility for the security of data processing activities, implement hierarchical protection for various types of data; where data at different levels are processed simultaneously and it is difficult to take protective measures separately, protection shall be implemented according to the requirements for the highest level thereof. The Measures call for establishing data security management systems and formulate specific hierarchical protection requirements and operating procedures for each link in the full life cycle of data at different levels. When processing data in their full life cycle, logs of data processing, permission management, personnel operations, and other information shall be recorded, and commercial cryptography technologies shall be used to protect the integrity of the logs.