Data Security Insights from CIS 2022: Balancing Compliance and Business Growth

Recently, the CIS Cybersecurity Innovation Conference, organized by the leading security portal FreeBuf, was held in Shanghai, featuring a multi‑dimensional format with upcoming sessions in Shenzhen, Beijing, and an online "metaverse" venue.

The event showcased numerous industry experts discussing hot technologies, client‑side constructions, and forward‑looking concepts.

ZTO Express’s Information Security Director Ma Chen delivered a keynote titled "Data Security Reflections in the New Era," and the company’s emergency response booth attracted many visitors.

In his speech, Ma examined the massive data challenges brought by digital transformation, exploring from a client perspective the management models and technical measures enterprises should adopt for effective data security, and shared ZTO’s security framework experience.

China has recently enacted the Data Security Law, Personal Information Protection Law, and Cybersecurity Law, establishing a comprehensive regulatory system that raises compliance demands and penalties. However, enforceable standards and widely accepted technical solutions remain immature, placing data security in a transitional phase and creating unprecedented compliance pressure for enterprises.

ZTO, as the world’s largest courier company, faces significant compliance challenges while needing to sustain business operations. Its security team, based on a data‑life‑cycle methodology, has devised a tailored approach that separates data security governance into management compliance (user‑app permissions, external APIs, privacy and registration agreements, partnership contracts) and technical compliance (data integration, transformation, and stripping business attributes). The current focus is on strengthening management compliance first.

Looking ahead, the team emphasizes that building trust in data usage and ensuring lawful, compliant data practices are essential. Privacy computing is expected to become a key solution for enabling compliant data application and flow, while enterprises must continuously improve data security awareness, control, and operational capabilities.