State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: CFIUS Update: Key Takeaways from the FIRRMA Implementing Regulations
It’s well-known that China’s data protection laws define sensitive personal information very differently to other jurisdictions. Instead of a closed list of data types, sensitive personal information in China has...more
The United States Data Security Program (DSP) represents a significant regulatory undertaking by the US government to control the flow of bulk sensitive data to specific foreign countries, for national security purposes....more
This monthly report outlines key developments in China’s data protection sector for June. TC260 Two Cybersecurity Practice Guidelines on Personal Information Protection Compliance Audits: On May 19, 2025, TC260 issued two...more
Life sciences companies have long been outside the scope of US national security regulations and benefited from significant exemptions under US privacy laws. ...more
The U.S. Department of Justice (“DOJ”) published its final rule (“Final Rule”) on January 8, 2025, that will prohibit or restrict transfer of certain data of U.S. persons to countries of concern, including to China. The Final...more
On September 24, 2024, the State Council released the Regulations on the Management of Network Data Security (《网络数据安全管理条例》) (“Regulations”). The Regulations focus on prominent issues related to Personal Information (PI),...more
On April 20, 2024, the House of Representatives passed H.R.8038, the 21st Century Peace through Strength Act ("supplemental"), which includes a version of H.R.7520, the Protecting Americans' Data from Foreign Adversaries Act...more
The newly promulgated measures increase the threshold of data triggering security assessments and contract requirements while leaving room for Chinese authorities to heavily restrict cross-border data transfers. In...more
In a sweeping, coordinated effort across federal agencies, the US government has taken a giant leap forward to prevent access to data that could be exploited to the detriment of national security. On February 28, 2024,...more
Outbound Data Transfer Security Review Measures - On July 7, 2022, the Cybersecurity Administration of China (“CAC”) issued the Outbound Data Transfer Security Assessment Measures (“Security Assessment Measures”) effective...more
Six months have now passed since China's Personal Information Protection Law (PIPL) became effective on November 1, 2021. As noted below, Chinese authorities have recently stepped up enforcement actions relative to PIPL....more
In Part 2 of this series, we discussed how the Personal Information Protection Law (“PIPL”), the centerpiece of China’s personal information (“PI”) protection law, needs to be read in conjunction with other relevant laws,...more
The Regulation on Management of Automobile Data Security (Trial) (Regulation) was passed on the 101st meeting of Cyberspace Administration of China (CAC), approved by four other Chinese ministries and officially published on...more
On October 21, 2020, the Standing Committee of the National People’s Congress (NPC) of the People’s Republic of China (PRC) released the draft PIP Law for public comment. With the big data industry rapidly growing in China...more