Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Gartner on doing business in China: Privacy? What’s that?

Tim Greene | June 17, 2016
If you want to use encryption, the government needs the keys

jie zhang
Tim Greene Jie Zhang

Jie Zhang says that as a child in China she played a game picking up marbles with chopsticks and performing the delicate task of carrying them to another room without dropping them. That’s what doing business in China is like for Westerners, she told a breakfast gathering today at Gartner’s Security and Risk Management Summit.

They have to get used to long-standing customs and practices that violate some basic business principles respected outside of China and some new ones that deal specifically with technology.

For example, a January 2016 cybersecurity law says that companies operating in China that want to use encryption technology in their infrastructure must pick it from a government-approved list. Other laws dictate that if the gear isn’t on the list, encryption keys must be turned over to the government.

The given reason is to fight terrorism, and the law settles a debate there that is still raging in the West about whether encryption backdoors should be mandatory so law enforcement can gain access to private communication.

Zhang says a Gartner client setting up shop there had been working on its private cloud for six months when the project stalled because it hadn’t gotten this type of approval. “You might find yourself in that position,” she says. “Do your due diligence."

The acceptance of this practice may have something to do with the country’s sense of privacy. “When I translate ‘privacy,’ I have issues,” she says. “There is no direct word in Chinese that means privacy.” The closest term is yin si, which means “hidden personal secret.” “In China people identify with a group and privacy is a non-existent concept.”

This sensibility may carry over into a tolerated but officially unsanctioned banking practice. A colleague told her that someone he knew who worked at a bank routinely sold lists of customer information. Zhang says she later had this practice confirmed by a bank executive who said, “Yes, we know our employees do that.”

Banks are changing, though, with economic policies put forth in the government’s 2015 five-year plan, she says. As part of reforms for more transparency in financial entities, IBM, Oracle and EMC (known as IOE) are losing their seat as the go-to tech firms to supply banking infrastructure.

The push is to encourage use of local suppliers, which has led to a jump in business for the China-based tech giant Huawei. IBM has responded by partnering with local companies, she says. Foreign businesses couldn’t build data centers of their own under the new rules. Microsoft partnered locally; Google left the country.

There are big differences in other areas. The well-established and effective Western practice of meeting governance, risk and compliance (GRC) objectives to boost corporate productivity is a concept just getting a foothold in China, she says.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.