The Cyberspace Administration of China published draft rules requiring service providers that maintain data on more than 1 million people to perform annual compliance audits, Reuters reports. These reviews, to be conducted by a CAC-appointed agency, must also evaluate services with data of more than 100,000 users or sensitive data of more than 10,000 users. The CAC said services with data of less than 1 million users should undergo a "personal information compliance check" at least biennially.
CAC publishes draft data rules for service providers
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act
