Start reading the news feed of Lexis Insights right away by subscribing our social media channels
Legal news, views and insight from LexisNexis Hong Kong
Hong Kong Broadband Network revealed that the personal data of 380,000 of their customers were compromised earlier. On 16 April 2018, HKBN discovered unauthorised access to their inactive customer database back from 2012 which contained information such as names, identity card numbers, and credit card details. Following the incident, HKBN promptly notified all affected customers through email and text messages and claimed to have implemented measures to prevent similar cyberattacks in the future.
This incident puts the limelight on the data protection regime in Hong Kong, which is particularly pertinent due to the anticipated implementation of the General Data Protection Regulations (GDPR) on 25 May 2018. The GDPR is an EU Regulation that will introduce new standards for data protection, such as a more onerous standard of consent to be satisfied before businesses may process their customers’ personal data and extending the types of personal data under protection in response to new technology, bringing the law in line with the current age. The implication is that businesses will need to take more steps to safeguard protection for a wider range of data.
Hong Kong businesses should not dismiss the authority of the GDPR simply because it originates from the EU jurisdiction, as non-EU organisations are subject to the Regulations so long as they process data relating to EU individuals whom they offer goods and services to or monitor the behavior of. The global reach of the GDPR means that Hong Kong businesses must implement new measures to comply with obligations set forth by the Regulation, including but not limited to appointing of Data Protection Officers, retaining detailed records of data processes, as well as notifying customers of any data breach which are likely to result in a high risk to their rights and freedoms. Non-compliance with GDPR obligations could be punishable by a fine of up to €10,000,000.
In an interview with MLex in September 2017, Hong Kong’s Privacy Commissioner Stephen Wong expressed concern over the inadequacies of Hong Kong data protection law and the need for legal reform to ensure effective local enforcement of the GDPR. The effects of the GDPR however, remains to be seen.
For more information on the topic of data protection, please see:
For enquiries about the above publications, please contact your Account Manager via email@example.com