For the purpose of compliance with the Personal Information Protection Law of China (the "PIPL"), we have recently notified our customers and partners of a change to the way we handle Personally Identifiable Information (PII) in China. After implementing process changes, we are introducing a new legal framework, avoiding the originally planned changes.
Cato’s Data Processing and Privacy Agreement ("DPA") is signed between Cato and its customers to govern all processing of PII anywhere in the world for each customer, including in China. Cato is processing all PII on behalf of the customer as explicitly set in the DPA and as directed by the customer. The customer retains full control of the handling and disposition of PII.
China’s PIPL recognizes a provider operating in such capacity as an “entrusted party” acting on behalf of the customer, who is defined as a “processor”, to deliver on contractually committed services. Cato and its service partners act as an “entrusted party” for our customers that has presence in China.
The terminology used in the DPA is based on GDPR, and thus, different than the one used in China’s PIPL. Cato created a special supplement to cover China’s PIPL. This supplement only applies to customers with sites and users in China. Please see the following link: https://www.catonetworks.com/cato-networks-data-processing-and-privacy-agreement/