TC260 of China recently issued the Information Security Technology-Basic Security Requirements for Pre-installed App of Smartphones for public comments ending December 6, 2022.
Continue Reading Basic Security Requirements for Smartphone Pre-installed Apps in China
China
Government Security Assessment on Cross-Border Transfer in China
On July 7, 2022, the Cyberspace Administration of China (the “CAC”) issued the Measures on Security Assessment on Cross-border Transfer (the “Measures”), which became effective on September 1, 2022, and provide a six-month grace period to the relevant data handlers. On August 31, 2022, the CAC issued the Guidelines on Application for Security Assessment on Cross-border Transfer (the “Guidelines”), which further clarify certain issues and provide specific application documents for security assessments (including templates of application forms for security assessment on cross-border transfer and self-assessments report for risks of cross-border transfer).…
Continue Reading Government Security Assessment on Cross-Border Transfer in China
China Issues Draft Provisions on Standard Contract for Cross-Border Transfer of Personal Information
On June 30, 2022, the Cyberspace Administration of China (the “CAC”) issued a draft Provision on the Standard Contract for Cross-border Transfer of Personal Information (“Draft Provisions”) and a draft of the Standard Contract for Cross-border Transfer of Personal Information (“Standard Contract”) for public comments. Per Article 38 of the Personal Information Protection Law (“PIPL”), if the data handler is not required to conduct a government security assessment, it may choose either to conduct certification by a qualified third institution or to execute the Standard Contract for cross-border transfer of personal information. Certification might be more commonly used for cross-border transfer within a group, whereas the Standard Contract may be more popular under other scenarios of cross-border transfers.…
China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea
On May 16, 2022, the U.S. Department of State, U.S. Department of Treasury, and the Federal Bureau of Investigation issued combined guidance on efforts by North Korean nationals to secure freelance engagements as remote information technology workers by posing as non-North Korea nationals.
Continue Reading U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea
China Releases Draft Regulations on Network Data Security Management
The Cyberspace Administration of China released for public comment the draft Regulations on Network Data Security Management. The Draft Regulations are intended to implement portions of three existing laws: the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. In this blog entry, we discuss several of the key areas addressed by the Draft Regulations.
Continue Reading China Releases Draft Regulations on Network Data Security Management
China Issues Draft Measures on Security Assessment of Cross-border Data Transfer
On October 29, 2021, the Cyberspace Administration of China released for public comment Draft Measures on Security Assessment of Cross-border Data Transfer. The CAC issued the Draft Measures three days before the November 1, 2021 effective date of the Personal Information Protection Law.
Continue Reading China Issues Draft Measures on Security Assessment of Cross-border Data Transfer
China Passes Personal Information Protection Law
On August 20, 2021, China passed the Personal Information Protection Law (the “PIPL”). The PIPL will become effective on November 1, 2021.
Continue Reading China Passes Personal Information Protection Law
China Issues Data Security Law
After two rounds of public comments, the Data Security Law of the People’s Republic of China was formally issued on June 10, 2021, and will become effective on September 1, 2021. This blog entry provides highlights of the new law.
Continue Reading China Issues Data Security Law
CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law
The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP has submitted its response to the Standing Committee of the National People’s Congress of the People’s Republic of China on the updated version of the Draft Personal Information Protection Law.
Continue Reading CIPL Submits Comments on China’s Updated Draft Personal Information Protection Law