China’s Got a Brand New Law: Mark June 1, Cybersecurity Pros!


The words “China” and “cybersecurity” are often paired in media reports about hackers, cyberattacks, and ransomware attacks. However, not all news about China and cybersecurity is about criminal or prohibited activities. On June 1, the world’s most populous country will have a new cybersecurity law that could tighten what is already one of the world’s most restricted technology regimes, according to Bloomberg News.

The law will affect a wide range of businesses and industries, Dian Wang, counsel at Moore & Van Allen LLP's China Business Group in Charlotte, N.C., previously told Bloomberg BNA. These industries include transportation, travel, network software and equipment suppliers, telecommunications, finance, health care, online shopping platforms, information technology services, education, energy, marketing and advertising, social media, gaming, applications, and public service, she said. 

The cybersecurity law will increase government control of data collection and data transfers, and require companies to store information in mainland China. Jake Parker, vice president of the U.S.-China Business Council in Beijing, told Bloomberg BNA that most member companies are “making moves to ensure that the majority of the data they collect in China is stored on servers located in China.” According to the Associated Press, regulation of cross-border data transfers will start June 1, but enforcement will be postponed until Dec. 31, 2018. 

China isn’t the only East Asian nation with updated cybersecurity law. Japan’s amended privacy law took effect May 30, with new rules for cross-border transfers of personal data and using anonymized data. Japanese regulators said there would be no grace period--enforcement kicked in immediately. On. Jan. 1, South Korea’s amended privacy law took effect. The amendments to the nation’s overarching legal framework on personal information protection, the Personal Information Protection Act, require that data processors holding less than 1 million Resident Registration Numbers (RRN)—similar to Social Security numbers in the U.S.—had to encrypt all such numbers by Jan. 1, 2017. Data processors holding 1 million or more RRNs must finish encryption by Jan. 1, 2018.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.