The Executive Council announced Tuesday that the government has drafted a bill on cyber security which proposes the mandatory implementation of real-name registration for the provision of telecom services – i.e., customers will be required to provide their real identification data to telecom service operators, including for the purchase of a pre-paid SIM card.
Concerning the pre-paid SIM cards purchased before the new cyber security law comes into force in the future, the cards’ users will also have to provide their identification data after the new law comes into force, according to the bill.
Leong Heng Teng, spokesman for the government’s top advisory body, made the announcement during a press conference at Government Headquarters yesterday.
In order to ensure the sound operation of the city’s network systems and the full protection of network data, there is a need for the Macao government to draft legislation on cyber security with the aim of preventing threats to the safety of the city’s network, Leong said.
Leong said that various countries and regions around the world have drafted legislation on cyber security, in the wake of the diverse cyber attacks seen of late.
According to Leong, while there is a cybercrime law in Macao that was enacted in 2009, there is still no law regulating the administration of cyber security.
Leong said that the government had drafted the cyber security bill after referencing the relevant laws in the mainland and a number of countries and regions and studying opinions from the city’s telecom sector and residents’ views collected during a public consultation, which started in December last year and ended in January this year.
Leong also said that the government has drafted the bill in accordance with the principle of ensuring residents’ safety while respecting personal privacy.
The bill will be submitted to the Legislative Assembly (AL) for debate and vote.
The bill proposes that the new cyber security law will take effect 180 days after its promulgation in the Official Gazette (BO), Leong said.
According to Leong, the bill proposes that when a telecom service operator signs a contract with a customer for the provision of telecom services, the operator shall record and verify the customer’s identification data.
According to Leong, the proposed implementation of real-name registration would also include prepaid SIM cards.
Concerning the pre-paid SIM cards purchased before the new cyber security law comes into force, telecom service operators will have to request the card users to provide their identification data within 60 days of the new law coming into force, according to the bill.
The bill proposes that the telecom service operators which fail to comply with this rule would face a fine, Leong said.
According to Leong, the bill proposes that the pre-paid SIM cards’ users will have to provide the telecom service operators with their identification data within 60 days after the operators’ request.
Leong said that if the pre-paid SIM cards’ users do not provide their identification data after the 60 days, they would not face a fine. In this situation, Leong said that according to the bill, the telecom service operators will then have to deactivate the cards. The operators failing to comply with this rule would also be fined, Leong said.
Also addressing the press conference, Chan Hin Chi, an advisor to the Secretariat for Security, said that the proposed implementation of real-name registration for pre-paid SIM cards would only be applicable to the cards issued by local telecom service operators, meaning that it would not be applicable to the SIM cards – that are to be used in Macao – issued by non-Macao telecom service operators.
In addition to telecom service operators, the bill also covers private entities operating the city’s “critical infrastructure” which also use network systems, such as tap water supplies, banks, hospitals, electricity supplies, natural gas supplies, land public transport service, maritime passenger transport service, aviation passenger transport service, broadcasters and gaming operators, according to Leong. The bill specifies the duties and responsibilities of such entities when they are using network systems.