its Impact on Doing Business in China into effect on June 1, 2017. The new law promotes two key objectives: Chinese citizens from cyberattacks and the misuse of personal information. framework on cybersecurity but also gives privacy protection to Chinese citizens. to cybersecurity also came into effect on June 1, 2017. On April 11, 2017, the Cyberspace Administration of China (CAC) released a draft (Draft) Measures for Security Assessment of Outbound Transmission of Personal Information and Important Data (Local Data) to solicit public comments. The consultation has ended and it is expected that the finalized measure for security assessment of outbound transmission of Local Data will be issued soon. Cybersecurity Law localization rule that imposes an obligation on operators of "Critical Information Infrastructure" (CII) to store personal information and other important data collected and generated during operations within China. For outbound data transfer of Local Data, the new law requires CII operators to undertake security assessment before transferring such data abroad. The security assessment shall be conducted by the CAC and the State Council (unless permission for the transfer is already provided under another law). CII is defined broadly as "infrastructure that, in the event of damage, loss of function, or data leak, might seriously endanger national security, national welfare or the livelihoods of the people, or the public interest." It includes public communications and information services, energy, transportation, water conservancy, finance, public services and e-government. networks used for critical public services and private sector operators who operate networks which, if breached, would cause serious damage to state security, the Chinese economy or to the public at large. The new law also covers "Network Operators" (NO), which is widely defined to include any business that owns and operates IT networks in China including a computer network, website, app or other electronic platform where information collected from third party users in China is stored, transmitted, exchanged or processed. Under the new law, NOs need to: and processing personal data measures to secure against loss and destruction of personal data, data minimization, confidentiality and rights to accuracy and restriction on processing of personal data. information is defined as including all kinds of information, recorded electronically or through other means which is sufficient to identify a person's identity, including but not limited to: Independent Commission Against Corruption (ICAC). His practice focuses on advising clients on matters relating to anti-corruption, white-collar crime, law enforcement, regulatory and compliance matters in Hong Kong, including advice on anti-money laundering. He also handles cases involving corporate litigation, shareholders' disputes and insolvency matters, defamation cases, domestic and international arbitration cases, cybersecurity, data security and privacy law issues, competition law matters, e-Discovery and forensic investigation issues as well as property litigation. 19th Floor, Three Exchange Square 8 Connaught Place, Central Hong Kong, Hong Kong (SAR) onc.hk |