Articles

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

As part of the country’s growing scrutiny over the tech sector, China enacted on August 21 a sprawling and comprehensive data privacy law, the Personal Information Protection Law (PIPL), which goes into effect on November 1, 2021. In combination with China’s newly enacted and still little-understood Data Protection Law, which goes into effect on September 1, 2021, this law promises to impose a host of new data privacy, security, and protective obligations on all US and global companies doing business in China.

These significant laws fit into China’s broad “informatization policy,” which Chinese President Xi Jinping has described as the modern equivalent of industrialization. However, the data protection law comes closer to serving more as a cybersecurity law than the PIPL. In his efforts to boost China to” cyber superpower” status, President Xi has famously said that “cybersecurity and informatization are two wings of one body, and two wheels of one engine.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New AI privacy, security regulations likely coming with pending…

CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

Regulation surrounding artificial intelligence technologies will likely have a growing impact on how companies store, secure, and share data in the years ahead. The ethics of artificial intelligence (AI), particularly facial recognition, by law enforcement authorities, have received a lot of attention. Still, the US is just at the beginning of what will likely be a surge in federal and state legislation regarding what companies can and cannot do regarding algorithmically derived information.

“It’s really the wild west right now in terms of regulation of artificial intelligence,” Peter Stockburger, partner in the Data, Privacy, and Cybersecurity practice at global law firm Dentons, tells CSO. Much like the California Consumer Protection Act (CCPA), which spelled out notice requirements that companies must send to consumers regarding their privacy protections, “a lot of people think that’s where the AI legislation is going to go, that you should be getting giving users notification that there’s automated decision making happening and get the consent.”

AI encompasses a wide range of technical activities, from the creation of deepfakes to automated decision-making regarding credit scores, rental applications, job worthiness, and much more. On a day-to-day basis, many, if not most, companies now use formulas for business decision-making that could fall into the category of artificial intelligence.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Markus Winkler on Unsplash

 

Articles

Passage of California privacy act could spur similar new…

lead centered=”no”
Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.
/lead

On November 3, California citizens approved the California Privacy Rights and Enforcement Act (the CPRA), a comprehensive privacy law that amends another privacy law that went into effect in the state on January 1, the California Consumer Privacy Act (CCPA). The CPRA is intended to strengthen privacy regulations in California by creating new requirements for companies that collect and share sensitive personal information. It also creates a new agency, the California Privacy Protection Agency, that will be responsible for enforcing CPRA violations.

Most privacy attorneys agree that the CPRA was created with the European Union’s General Data Protection Regulation (GDPR) in mind, adding teeth to the stipulations that existed in the CCPA. Consumers will be able to correct inaccurate personal information that business hold, and fines are steep for violating the children’s data protection requirements under the CPRA. Most of the law’s provisions will go into effect on January 1, 2023, with some provisions requiring a look-back to 2022.

The CPRA defines “sensitive personal information” to include an expansive range of data elements, including government-issued identifiers such as drivers licenses, passports, and Social Security numbers as well as financial account information, geolocation, race, ethnicity, religion, union membership, personal communications, genetic and biometric data, health information, and information about sex life or sexual orientation.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nathan Guisande on Unsplash

 

Articles

11 new state privacy and security laws explained: Is…

lead centered=”no”
States from Maine to California have recently enacted privacy, data security, cybersecurity, and data breach notification laws. We break down what each of these laws entails.
/lead

While at the federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays, states have been moving ahead to push through an impressive number of important bills that help fill in the gaps. A search of the Legiscan database reveals that hundreds of bills that address privacy, cybersecurity and data breaches are pending across the 50 states, territories and the District of Columbia.

The most comprehensive piece of state-level legislation across these often-intertwined categories that has been enacted over the past two years is the sweeping California Consumer Privacy Act (CCPA), enacted and signed into law on June 28, 2018. Inspired by the EU’s groundbreaking General Privacy Data Protection Regulation (GDPR), the legislation aims to give the state’s consumers greater control over how businesses collect and use their personal data.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

How Facebook’s privacy woes might change the rules of…

lead centered=”no”Following a string of data privacy and protection missteps, Facebook faces potential backlash from legislators and consumers that could affect all companies that process consumer data./lead

The past year has been nightmare for Facebook, breaking a decade-long streak of seemingly boundless growth that placed the internet giant at the center of social, political and commercial activities of billions of people around the globe. Facebook began its precipitous downhill turn in March when a whistleblower uncovered Facebook’s role in helping political consultancy Cambridge Analytica harvest and use the personal data of tens of millions of users without their permission.

The company was rocked by a scandal or controversy every month thereafter, not all of which were privacy related. Emerging from these scandals was a portrait of a company with a voracious appetite for monetizing users’ detailed data and sloppy management in protecting the privacy and security of that data. How the company and its regulators react to these events could have a lasting impact on how all companies manage and protect consumer data.

This article appeared in CSO Online. To read the rest of the article please visit here.