Hong Kong urged to fast-track privacy law reforms amid surge in data breaches

Hong Kong should speed up privacy law reforms aimed at penalising companies over data breaches, a cybersecurity expert and a lawmaker have said after hundreds of thousands of residents had their personal information exposed amid a spate of leaks.

The calls were made on Thursday, a day after the city’s privacy watchdog launched an investigation into a possible breach at the local branch of international charity Oxfam, which potentially affected more than 470,000 people.

“I think the privacy law is under amendments. I hope it can be rolled out as soon as possible,” Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation, told a radio programme.

“Without a penalty, the companies will only suffer from damage to their reputation … Companies will invest more in cybersecurity, if fines are very high.”

Privacy Commissioner Ada Chung Lai-ling said in February she was discussing with the government amending the Personal Data (Privacy) Ordinance, including empowering authorities to impose administrative fines.

She added that the Office of the Privacy Commissioner for Personal Data was considering making reporting data leak incidents mandatory and requiring data users to formulate a data retention policy.