August

A new publication addresses frequently asked questions with respect to new data security regulations in Israel, including to whom they apply, the effective date of implementation, and how they affect the potential sanctions and powers of the data protection authority.
 
The publication specifically discusses how regulations adopt a risk-based approach, applying different rules to databases according to their risk profile, and explains how the regulations are set up three main risk categories.
 
In addition, the regulations set forth specific rules for databases maintained by individuals or sole proprietorships, unless the databases cross a certain risk threshold, in which case they are categorized in one of the three buckets.

The President of South Africa is expected to soon sign a proclamation declaring the Protection of Personal Information Act (POPI Act) be in full effect in South Africa.
 
Under the Act, the data subject must know and understand the precise purpose for the collection of any information, how it will be utilized, how the information is to be protected against distribution or theft by unauthorized parties, how long it will be retained, and how it will be destroyed when it's no longer required.
 
Unlawful retention, distribution, sharing or unauthorized use of personal information may result in non-compliance with the Act, which will carry penalties of penalties and possible jail time.

The Cyberspace Administration of China (the CAC) released a revised draft of its Security Assessment for Personal Information and Important Data Transmitted Outside of the People's Republic of China Measures (the Second Draft Export Review Measures).
 
There was a significant volume of industry commentary, and the Second Draft Export Review Measures relax some of the more stringent requirements stated in the First Draft Export Review Measures originally due to become law on June 1, 2017 when China's Cyber Security Law officially took effect.
 
The changes make a few technical adjustments and include a temporary reprieve from China's new data localization measures through December 31, 2018.