Abstract: Virtual sports are activities in which the user's body is directly involved in a virtual sports scenario for the purpose of gaining an original sports experience. There are data security risks in virtual sports systems. Virtual sports data can be categorized into 3 layers, that is, rule-layer, symbol-layer and content-layer, which are related to the security of the virtual sports system, the security of the subject's personal property, the user's privacy, personal information and other information security, respectively. There are insufficient protection or interpretation dilemmas in the provisions on the crime of computer information system that protect rule layer data, civil/criminal legal rules for the protection of person, property or order types of symbolic layer data, and privacy and personal information rules for the protection of content layer data. In order to promote the development of the industry, the rule layer data should include the object of computer information system crimes and the connotation of "data" should be expanded, so as to achieve the substantive effect of the criminal law protection of the legal benefits of data security. The criminal law system for the direct risk of the security of symbolic data, as well as the civil law system for the indirect risk, should be completed. The rules on privacy and personal information should be improved to protect the security of data at the content layer.