Beginning this month, Access is committed to providing you with quarterly updates on the latest legislation and regulatory news happening around the world. Our intent with these briefs, published chiefly for information governance and legal professionals, is to help keep you abreast of the industry’s latest regulatory updates and provisions. With this quarterly alert, it is our hope that you never miss a beat so you can do your job as efficiently as possible and with the utmost confidence.

We also include notations, where applicable, if the regulatory updates have been added to our IG and retention management software, Virgo, as a courtesy to active clients. So without further ado, following is the latest on that front.

CPRA Alert

We uncovered some interesting updates on the California Privacy Rights Act 2020 (CPRA).

These provisions do not become operative until January 1, 2023, but in order to distinguish between current requirements under CCPA and those that will become operative in 2023, the effective dates are now listed in the relevant citations, i.e.:

  • [Eff. until 12/31/22] CAL. CIV. CODE § 1798.100
  • [Eff. 1/1/23] CAL. CIV. CODE § 1798.100

The provisions from the CPRA ballot initiative included in the California Law section are now included in Virgo.

Legislation Updates from China

Our research also provided some new and noteworthy regulatory updates from China that we’d like to share. Specifically, the legislation outlines the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications, Article 5.

This Article specifically outlines what is considered necessary personal information (PI) for apps including: online payment, shopping, instant messaging, women’s health, news, live streaming, video conference, banking, investments, and more.

“Personal information” is defined as information recorded in electronic or any other form that is used either alone or in combination with other information to identify an individual, including but not limited to: the individual’s name, date of birth, ID number, personal biological information, address and telephone number.2

This legislation was just issued by China’s Ministry of Industry and Information Technology and the Ministry of Public Safety on March 21, 2021, and went into force on May 1, 2021. Following is a link to more comprehensive overview if you’d like to learn more.

And to learn more about how to help your team manage privacy compliance, Check out our eBook: Data Privacy for the Information Management Professional.