While data users in Hong Kong are required by law to take all practicable steps to ensure that personal data held by a data user are protected against unauthorised or accidental access, processing, erasure, loss or use, there are no specific requirements in relation to “data breaches”. However, the Privacy Commissioner has recently issued a Guidance Note on Data Breach which, together with recent Privacy Commissioner’s cases, have provided guidance as to suggested good practice in relation to data breaches. Here we discuss some of the things data users can do to ensure that any data breaches are handled appropriately and to minimize risk of prosecution.

See all Data Privacy Asia conference videos