Separate from GDPR, New Laws Affecting E-Discovery Are Launching in Asia in 2017

    May 22, 2017

    For several months the General Data Protection Regulation (GDPR) has soaked up a lot of ink, but it won’t be in effect until May 2018. Meanwhile, too many e-discovery professionals are uninformed about similar changes in Asia that will take place this month, according to an article on

    In Japan, for instance, the Act on the Protection of Personal Information (APPI) will be amended to address such common factors as the explosion in the volume of data, the risk in data breaches, and the illegal sale of private data.

    The amendments take effect May 30 of this year; Japanese authorities expect all companies to be prepared for them.

    In part, the new provisions of the APPI create a Personal Information Protection Commission that will be independent and have enforcement power. Also new are the information classifications of sensitive and anonymized. Sensitive information (about a person’s race, creed, social status, medical history, and so on) merits enhanced regulatory protection; anonymized data can be transmitted with restrictions but without the individual’s consent. And, for the first time, any company transferring personal records beyond Japan will need the user’s consent.

    In June, the People’s Republic of China will enact its controversial Cybersecurity Law. Whereas Japan focuses on protecting data, China focuses more so on the network operators who manage data, according to the article.

    In part, the new law insists that Chinese citizens’ personal information and important data must be stored on servers within its borders. It also strengthens existing data privacy guidelines by saying network operators must obtain their customers’ consent before collecting and disclosing personal information. Further, all network providers must pass a network security exam, which includes specific requirements that they must follow when buying new network systems.

    © 2017, ARMA International