Essential Data Security Red Lines: What Every Employee Must Follow

Background

The nation’s tightening regulations on network and data security raise compliance demands for operating enterprises; frequent large‑scale data leaks and black‑market attacks constantly remind us to tighten risk prevention. To protect company data assets, business safety, and meet evolving regulatory requirements while safeguarding employees, the R&D department iterates the security red lines, clearly defining non‑negotiable behaviors.

Scope

All employees.

Terminology and Definitions

Data : Company data is a critical asset, encompassing any information or documents related to work, not just numeric figures.

Data Types : From a basic requirement perspective, data is divided into Company data (B) and Business data (S).

Personal Data (P) : Information recorded electronically or otherwise that can identify a specific natural person alone or when combined with other information, or reflect that person’s activities.

Sensitive Data : Based on confidentiality requirements and authorized access, data is classified into four levels, L1–L4.

Data Security Red Lines

Prohibit bypassing company security measures and processes

Unauthorized bulk acquisition of sensitive company data;

Creating inbound tunnels or proxies between the corporate network and external networks;

Circumventing corporate network security policies;

Prohibit using data beyond authorized scope

Misusing work permissions without a legitimate business scenario;

Storing data in insecure environments, devices, or applications;

Data usage must comply with company security requirements;

External disclosure of company data requires prior approval.

Cross‑border transfer of personal or important data must undergo a compliance scenario review.

Personal information collection activities must first pass a security compliance review.

Sensitive data shared with second‑ or third‑parties must be limited to the minimum necessary, lawful, and protected with effective security measures.

Appendix

Relevant regulations: Personal Information Protection Law of the People’s Republic of China ; Data Security Law of the People’s Republic of China .