SLIDE 13
Commissioner's Office, the Geospatial Commission is part of the UK Government and sits within the Cabinet Office, the governmental body responsible for coordinating government policy. The following Jones Day lawyers contributed to this section: Laurent De Muyter, Undine von Diemar, Olivier Haas, Jörg Hladjk, Levent Herguner, Bastiaan Kout, Jonathon Little, Martin Lotz, Hatziri Minaudier, Selma Olthof, Audrey Paquet, Sara Rizzon, Irene Robledo, Elizabeth Robertson, Lucia Stoican, Rhys Thomas, and Kerianne Tobitsch. [Return to Top]
Asia
Hong Kong
Privacy Commissioner Receives Notification of Data Breach On November 28, 2018, Hong Kong's Privacy Commissioner for Personal Data ("Privacy Commissioner") received a data breach notification from a consumer credit reporting agency regarding suspected security loopholes in its application procedures for credit reports. The Privacy Commissioner initiated a compliance check, and the company took immediate remedial actions to mitigate any possible losses, including freezing the affected online accounts and notifying affected individuals. Privacy Commissioner Releases Inspection Report on Private Tutorial Services Industry On December 28, 2018, the Privacy Commissioner released a report with the results of its inspections of the personal data systems of companies in the private tutorial services industry. While the Commissioner found that personal data protection measures are generally acceptable in the industry, there are still some inadequacies, such as unnecessary or excessive collection of personal data, indefinite data retention, improper use of personal data, and inadequate personal data security.
Japan
European Commission Adopts Adequacy Decision on Japan On January 23, the European Commission adopted its adequacy decision on Japan, which allows personal data to flow freely under adequate data protection guarantees between the two regions. The decision includes a set of rules that will bridge several differences between the two data protection systems and a complaint mechanism for Europeans regarding access to their data by Japanese public authorities. The decision went into effect on the day of adoption.
People's Republic of China
Committee Releases National Standard for Health Information On December 26, 2018, the National Information Security Standardization Technical Committee released a national standard for the handling of health information called "Information Security Technology Health and Medical Information Security Guide" ("Standard") (source document in Chinese). The Standard defines "personal health information" and requires controllers to obtain authorization from the individuals when using or disclosing their personal health information. The Standard provides measures that controllers can implement to protect personal health information, including employee training and assessment, data system management, data categorization, access control, user restrictions, and encryption. Cyberspace Administration Approves New Rules for Blockchain Service Providers On January 10, the Cyberspace Administration of China approved new rules for blockchain service providers called the "Provisions on the Administration of Blockchain Information Services," which will take effect on February 15 (source document in Chinese). The Provisions require blockchain service providers to register with the Cyberspace Administration of China and be subject to regular monitoring. Blockchain service providers must implement comprehensive measures, such as user registration and identity verification, and report to the government any new products, applications, or functions before launching them. Government to Inspect Data Collection through Mobile Applications On January 25, four government agencies announced a campaign to inspect mobile applications that
