Yet another regulation? Yeap, you are right another one is coming over the horizon. This time for China.
In the past, we’ve discussed the Union’s General Data Protection Regulation (GDPR) and you may even remember the Australian first mandatory data breach notification which came into effect on February 2018.
Personal Identifiable Information (PII)
The final goal of all of them is to “protect” the individual. Who is the individual? Well, is you, me, everyone around us. Primarily, this protects our PII (Personal Identifiable Information), meaning date of birth, addresses, phone number and any information which can be used to identify an individual.
Now, China have drafted their first Administrative Measures on Data Security and it is in public consultation. One of the aspects of this that I find most interesting is that it looks like it has what it is called an “Extraterritorial Scope.”
What is an Extraterritorial Scope?
Well, similar to the GDPR, if you are holding information of a Chinese individual you will be obligated to follow the same regulation independently of where your business is located. If it sounds scary, it’s because it is. There are more and more countries trying to protect the information of their citizens and therefore creating regulations and cyber security measures to achieve that.
If you are currently doing businesses with China you may want to keep an eye on this as this could have an impact on how your business manages Chinese citizen PII. However, if you are managing PII of Australian citizens you should already be securing this information, shouldn’t you?
I believe that more and more regulations across the globe will be emerging, making a nice niche for lawyers to step in and understand how all these operate.
For now, just continue to be safe out there. Until the next Malware Monday.