Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Hong Kong

Posted in International/EU Privacy

Hong Kong Privacy Regulator Issues 2015 Report, Outlines 2016 Focus

On 26 January, Hong Kong’s Privacy Commissioner for Personal Data published his annual report on 2015 complaints and enforcement activity under the Personal Data Privacy Ordinance. The report reveals that 871,000 Hong Kong individuals were affected by data breaches in 2015, compared with 47,000 in 2014. The report is noteworthy that the number of reported breaches continues to increase at a rapid pace notwithstanding the fact that Hong Kong’s data breach notification regime is at the moment a voluntary one. The report is also notable for setting out the Commissioner’s statement of priorities for 2016.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Data Users Alert: New Guidance on Data Breach Handling in Hong Kong

On 9 October 2015, the Privacy Commissioner for Personal Data published a Guidance Note on “Data Breach Handling and the Giving of Breach Notifications”, a revised version of its June 2010 edition. The Guidance Note gives guidance to data users on how to deal with data breaches. In particular, the Guidance Note provides more of a focus on the relationship between data users and data processors. A data user engaging a data processor must adopt contractual or other means to ensure personal data security.

Posted in International/EU Privacy

Recorded Seminar: Data Privacy Regulation in Asia – A Practical Way Forward to Compliance

Few areas of regulation are advancing as quickly in Asia as data privacy regulation. This year marks the tenth anniversary of the APEC Privacy Framework and we now see “European style” comprehensive data privacy regimes in a dozen jurisdictions across the Asia-Pacific region. Hogan Lovells data protection lawyers Mark Parsons and Eugene Low recently hosted in-person seminars at Hogan Lovells’ offices in Hong Kong to take stock of where Asia is in terms of data privacy regulation, and to help chart a roadmap to compliance. The focus of these discussions was on identifying “hot spots” for businesses operating across the region and pointing to practical measures and points of prioritisation. The discussions also considered steps to be taken to prepare for and react to data breach events, with a seasoned view of regulatory attitudes and approaches to enforcement and remediation.

Posted in International/EU Privacy

Hogan Lovells Hong Kong Event: Data Privacy Regulation in Asia – A Practical Way Forward to Compliance

On Thursday, 14 May, Hogan Lovells data protection lawyers Mark Parsons and Eugene Low will host an in-person discussion at Hogan Lovells’ offices in Hong Kong to take stock of where Asia is in terms of data privacy regulation, and to help chart a roadmap to compliance. The focus will be on identifying “hot spots” for businesses operating across the region and pointing to practical measures and points of prioritisation. The discussion will also consider steps to be taken to prepare for and react to breach events, with a seasoned view of regulatory attitudes and approaches to enforcement and remediation.

Posted in International/EU Privacy

Hong Kong Privacy Commissioner for Personal Data Issues Guidance on the Use of Drones

On 29 March, the Hong Kong Privacy Commissioner for Personal Data published a guidance note that supplements previous guidance on the use of closed circuit television systems and for the first time addresses the increasing use of unmanned aircraft systems. The Commissioner’s guidance is the first significant regulatory engagement on the use of UAS by a Hong Kong regulator.

Posted in International/EU Privacy

2015: The Turning Point for Data Privacy Regulation in Asia?

2014 was a very eventful year for data privacy regulation in Asia and there are reasons to believe that 2015 will represent a turning point for the region as established privacy regimes are toughened and new regimes enacted in recent years begin to mature. The past year saw a number of significant regulatory developments, in particular the implementation of new, comprehensive “European-style” privacy laws in Singapore and Malaysia, the amendment of China’s consumer protection law to include data privacy principles and increased financial penalties in South Korea.

Posted in International/EU Privacy

The Compliance Challenges That Can No Longer Be Ignored

Although Asia’s data privacy laws draw from a common set of guiding principles, each law is unique. Moreover, as freshly minted regulators come to grips with these new laws, differences in interpretation and underlying policy are becoming apparent. As a consequence, there is now a ‘patchwork’ of compliance requirements across the region. Depending on the country, sector specific laws, consumer protection laws, employment laws and laws in emerging areas such as cybersecurity, also complicate the compliance picture for Asia, and there is no common framework for any of these laws.

Posted in International/EU Privacy

Hong Kong Privacy Commissioner Issues Guidance on Cross-Border Data Transfers

On 29 December, 2014, Hong Kong’s Privacy Commissioner for Personal Data published a guidance note concerning the potential implementation of section 33 of the Personal Data (Privacy) Ordinance, which would restrict the export of personal data from Hong Kong. In a recent client alert, partner Mark Parsons and associate Peter Colegate from the Hogan Lovells Hong Kong office explore the Commissioner’s understanding of how section 33 would be implemented, including some important nuances that are particularly relevant to multi-national businesses operating in Hong Kong and the wider region.

Posted in International/EU Privacy

Privacy Complaints Up 48% in Hong Kong in 2013: Are Businesses Prepared?

The privacy enforcement in Hong Kong under its data protection law, the Personal Data (Privacy) Ordinance, ramped up significantly last year. Hong Kong’s Privacy Commissioner for Personal Data received 1,792 complaints in 2013, a record high. The figures show a 48% increase in complaints filed and more than a doubling of the number of enforcement notices issued by the Commissioner, with 25 enforcement notices issued in 2013 against 11 in 2012. 78% of all complaints were made against the private sector and in particular the financial, telecommunications and property sectors. The Commissioner has confirmed that a key focus for 2014 will be to increase its enforcement efforts.

Posted in Consumer Privacy, International/EU Privacy, Privacy & Security Litigation

In Hong Kong, When Is Public Data Actually Private Data?

Somewhat of a furor has been caused in Hong Kong by the decision of the Office of the Privacy Commissioner for Personal Data to issue an enforcement notice to stop a company from supplying data on individuals obtained from publicly available litigation and bankruptcy records via a smartphone application, claiming that the company “seriously invaded” the privacy of those individuals.

Posted in Consumer Privacy, International/EU Privacy

Hong Kong Issues Clearer Guidance on Privacy Notices

On July 29, the Hong Kong Office of the Privacy Commissioner for Personal Data has issued a new guidance note on preparing Personal Information Collection Statements and Privacy Policy Statements. The guidance note is intended to help organizations prepare clear and informative privacy notices in order to comply with the requirements under the Personal Data (Privacy) Ordinance and the Data Protection Principles.

Posted in Consumer Privacy, International/EU Privacy

Hong Kong Privacy Commissioner for Personal Data Publishes “New Guidance on Direct Marketing”

On January 25, 2013 the Hong Kong Privacy Commissioner for Personal Data published its “New Guidance on Direct Marketing” to help organizations comply with the direct marketing provisions of the Personal Data Amendment Ordinance. The “Amendment Ordinance” was passed on June 27, 2012; while most of its provisions have already been implemented, the provisions relating […]

Posted in International/EU Privacy

Hong Kong Privacy Commissioner Publishes Guidance on the Handling of Data Access Requests and the Charging of Access Fees

In Hong Kong, an individual’s right to make an Access Request is expressly conferred by section 18of the Personal Data (Privacy) Ordinance which enables individuals to ascertain whether data users hold any personal data relating to them, and if so, to obtain a copy of such data. Individuals also have the right to request the correction of any inaccuracies contained in such data. Data users are required under the Ordinance to notify individuals of such access/correction rights, on or before the first use of their personal data. As described in this blog entry, the Hong Kong Privacy Commissioner for Personal Data recently issued a guidance note titled “Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users” to provide data users with guidance on how to comply with data access requests as well as how to calculate the fees to be charged in connection with such Access Requests.

Posted in International/EU Privacy

Hong Kong’s Privacy Commissioner Publishes Guidance Note on Personal Data Erasure and Anonymisation

Organisations in Hong Kong are required under the Personal Data (Privacy) Ordinance to erase personal data when the data is no longer required for the purpose for which it was collected.
The Hong Kong Privacy Commissioner for Personal Data recently has published a Guidance Note, entitled “Guidance on Personal Data Erasure and Anonymisation,” which is relevant to compliance under the Ordinance.

Posted in Cybersecurity & Data Breaches

Hong Kong Guidance on the Use of Portable Storage Devices

Late last year, the Hong Kong Privacy Commissioner for Personal Data published a Guidance Note to assist data users with properly handling and protecting personal data contained in portable storage devices, including USB memory sticks, tablet/notebook computers, mobile/smart phones, personal digital assistants, portable hard drives and optical discs such as DVDs. This post reviews practical recommendations set forth by the Privacy Commissioner to help data users manage the security risks associated with the use of portable storage devices.

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Investigation Into Car Park Management Company’s Collection of Vehicle Owners’ Registration Particulars for Direct Marketing

On 14 February 2012, the Hong Kong Privacy Commissioner published a report on an investigation into a car park management firm that owns 50 car parks in Hong Kong, regarding its collection of motorists’ registration particulars from the Transport Department’s Register of Vehicles, and the subsequent use of this information for direct marketing purposes. Imperial’s actions were found to contravene Data Protection Principles (“DPPs”) 1(2) (relating to manner of collection of personal data) and 3 (relating to use of personal data) of Schedule 1 to the Personal Data (Privacy) Ordinance (Cap. 486).

Posted in International/EU Privacy

Hong Kong Introduces a New Personal Data (Privacy) Amendment Bill

The Hong Kong Personal Data (Privacy) Amendment Bill (the “Bill”) was introduced into the Legislative Council on 13 July 2011. The Bill, which is the culmination of a lengthy consultation process into the reform of the Personal Data (Privacy) Ordinance, aims to bring the Ordinance in line with technological and other advancements that have occurred since the Ordinance was enacted 15 years ago, and is in part a response to the mounting public concern in relation to a number of high profile instances of misuse of personal data in Hong Kong.

Posted in International/EU Privacy

Hong Kong Set to Implement Data User Return Scheme by 2013

On July 7, the Hong Kong Privacy Commissioner for Personal Data issued a consultation document setting out the mechanism for a Data User Return Scheme that require certain business sectors to publicize information about their data practices to create greater accountability and transparency of data protection practices of corporations as well as an enhancement of their data privacy protection standards. Gabriela Kennedy and Zuzana Hecko, of the Intellectual Property, Media and Technology group of Hogan Lovells’ Hong Kong office, provide their synopsis.

Posted in International/EU Privacy

News from Hong Kong: Major Credit Agency Passes Test of Privacy Commissioner But Deficiencies Noted

In Hong Kong, the Privacy Commissioner for Personal Data recently exercised his rights under Section 36 of the Personal Data Ordinance and conducted an inspection of the data system of TransUnion Limited, Hong Kong’s major credit reference agency. While the inspection did not reveal any major data breaches or issues, the Commissioner has reported deficiencies in TransUnion’s personal data system and made a number of recommendations for improvement.

Posted in International/EU Privacy

Hong Kong Considers Sharing of Consumer Mortgage Data with Credit Providers

The Hong Kong financial services industry (as represented by the Consumer Credit Forum) with support from Hong Kong’s financial regulator, the Hong Kong Monetary Authority, has recently issued proposals to widen the scope of the current credit data sharing scheme in Hong Kong, in order to allow additional mortgage data of consumers to be shared among credit providers. This blog entry describes the proposals.