Warning: China's Cybersecurity Law goes into effect June 2017

This PRC law condemned by numerous foreign businesses and human rights groups, provides the government sweeping authority to regulate and monitor electronically stored information (ESI). In regard to ediscovery, Article 37 mandates that “personal information and other important data” collected in China must be stored on servers physically located within mainland China (i.e., not Hong Kong). When the new Cybersecurity Law takes effect on June 1, internet companies operating in China will be subject to a broad ill-defined array of regulations and potential civil and criminal punishments. Organisations that conduct business in the PRC are encouraged to start reviewing their data privacy and cybersecurity policies to ensure compliance with the incoming law.