Blog - personal information

What You Need to Know About Japan’s Amended APPI Law

On April 1, 2022, amendments to Japan’s Act on Protection of Personal Information (Amended APPI) will come online, offering new guidelines, definitions, and requirements for data incidents and breaches that impact Japanese citizens. Japan’s data laws have already placed it at the top of list of countries concerned with protecting individual data rights – it was the first country to negotiate a reciprocal “adequacy” agreement with the EU, meaning data can flow between the EU and the designated “adequate” nation without any further data measures being put in place. 

Changes to California Breach Notification Laws

California’s new privacy law, the California Privacy Rights Act﹘CPRA for short﹘doesn’t go into effect until Jan 1 2023, but its implications for the treatment of employee data and its confusing “look back” provision already have a lot of people talking. CPRA isn’t a replacement of the existing California Privacy Protection Action (CPPA), but rather serves to define, modify, and extend the laws on the books. One significant extension is that the older law exempted employee data from many of the requirements applied to “consumer” data and personal information. Learn more in the blog.

Privacy Regulatory Trends: Personal Information and Biometric Data Privacy Laws

As more states seek to regulate and protect biometric data, companies that collect, use and store biometric data should consider creating and implementing policies and procedures that incorporate the appropriate security, notice, and consent requirements, even if they are not currently required to do so by law. However, until all 50 states amend their definitions of personal information to include biometric data, privacy leaders must navigate a patchwork of laws and regulations when performing incident risk assessments.