Operational data not focus of Hong Kong cybersecurity bill, Chris Tang tells US companies
- City’s security chief addresses concerns from local American Chamber of Commerce over bill regulating cybersecurity for key infrastructures
Hong Kong’s security chief has sought to reassure US businesses that a bill seeking to improve cybersecurity around critical infrastructures will not infringe on their privacy, arguing authorities “were not interested” in such companies’ operational or personal data.
Secretary for Security Chris Tang Ping-keung said that all but one of the 53 submissions received for the Protection of Critical Infrastructure (Computer System) Bill’s one-month consultation period, which wrapped up earlier this week, had been in support of the proposed legislation.
The one submission that had opposed the bill came from a UK-based human rights organisation, he told a radio programme on Saturday.
Under the proposal, operators of essential infrastructures spanning eight sectors face a HK$5 million (US$640,200) fine if they fail to keep the security of their critical computer systems up to date.
The eight sectors are energy, information technology, banking, communications, maritime, healthcare services, and land and air transport.
Operators in those industries must formulate a computer system security management plan and submit it to a commissioner’s office that will be created under the Security Bureau.