In June 2023, the Office of the Privacy Commissioner for Personal Data issued an updated Guidance on Data Breach Handling and Data Breach Notifications (“Guidance”). The Guidance updates a non-binding, end-to-end framework for data users to tackle data breaches, including recommended elements that go into a data breach response plan, questions that need to be addressed in the course of investigating a data breach incident, how to make a data breach notification and tips for preventing recurrence of data breaches.

While Hong Kong has yet to enact specific legislation on cybercrime or cybersecurity, this will soon change with the announcement of the proposal to enact a new cybersecurity law during the Chief Executive’s 2021 Policy Address and the issuance of a consultation paper on “Cyber-dependent crimes and jurisdictional issues” by the Hong Kong Law Reform Commission.

Explore Data PULSE, a platform which helps you to navigate the complex landscape of data, regulatory and IP protection concerns at each stage of the medical product life cycle. As you navigate through each key issue, Data PULSE will help you to identify and mitigate risks across multiple jurisdictions and optimize your strategy through research, market authorization and post-market study phases.

Hong Kong’s data privacy law, the Personal Data (Privacy) Ordinance (Cap. 486) (PDPO), has been amended to introduce “anti-doxxing” provisions. The new regime creates offences to curb doxxing acts, and empowers the Privacy Commissioner for Personal Data (“Commissioner”) to carry out criminal investigations, institute prosecutions and issue cessation notices. The changes came into effect on 8 October 2021.

Hong Kong’s data privacy law, the Personal Data (Privacy) Ordinance, has been amended to introduce “anti-doxxing” provisions. The new regime creates offences to curb doxxing acts, and empowers the Privacy Commissioner for Personal Data to carry out criminal investigations, institute prosecutions and issue cessation notices. The changes came into effect on 8 October 2021. The Commissioner made its first arrest under the doxxing regime on 13 December 2021.

As the COVID-19 pandemic continues to have a profound impact on businesses, companies have started to focus on navigating the medium- to long-term implications of this crisis. While disruption may pose challenges, we have also seen how various sectors are embracing and accelerating digital transformation as a way to achieve…

Read publication 6 Takeaways: What’s happened and what does it mean for businesses in Hong Kong? 1. Formal review and study of possible amendments to Personal Data (Privacy) Ordinance (PDPO) As anticipated for some time, the Hong Kong Government is now formally reviewing and studying possible amendments to the PDPO…