the second highest year since the Identity Theft Resource Center began tracking them in 2005. [1] Between this influx of breaches and rapidly evolving and emerging privacy laws, it is no wonder enterprises are struggling to protect and effectively manage personally identifiable information (PII). The sources of PII maintained by enterprises range from internal employee information to customers and vendors, and are pervasive because PII likely impacts a significant part of the enterprise’s records retention schedule (RRS)
Companies often depend on service providers to secure, protect, and maintain access to critical company information
Scheduled to come into effect June 1, 2017, the Law introduced many new requirements concerning the handling of personally identifiable information (PII). Among the most controversial is the data localization mandate requiring “operators of key information structure” (CIIOs) to retain critical data and PII generated within the course of business in China. Specifically, the Law requires “personal information and other important data gathered or produced” during CIIO operations to be kept within the “mainland territory of the People’s Republic of China
The law expands the scope and authority of the 1978 French Data Protection Act and brings the country to the foreground of modernizing the legal framework of the information economy ahead of the 2018 implementation of the General Data Protection Regulation (GDPR). The Act includes a number of key amendments that improve individual privacy rights, increase the powers of French Data Protection Authority (CNIL), and impose new requirements on how companies and communication providers handle personal information