Hong Kong’s Privacy Commissioner’s Office (PCO) has recently issued new guidelines on data breach handling and data breach notifications, a pivotal move towards protecting data security . The initiative is a response to a 20% year-on-year rise in reported data breaches, emphasizing the increasing importance of data protection measures.
The guidelines offer a comprehensive roadmap for organizations to deal with data breaches promptly and efficiently, thereby reducing the impact on affected individuals and potential organizational damage. Key steps outlined include gathering vital information, containing the breach, assessing the risk of harm, considering notifications, and documenting the breach.
Also read: The Complex Web of Freedom, Censorship, and Tech: Examining HK Tech Chief’s Stance on “Glory to Hong Kong”
An additional crucial component of this update is the introduction of an e-Data Breach Notification Form, intended to streamline the reporting process of such incidents. Notifications of data breaches involving personal data are recommended to be reported to the Privacy Commissioner for Personal Data (PCPD) via this form, rejecting oral notifications and emphasizing written reports.
It is pertinent to note that these changes come in the wake of a comprehensive review of Hong Kong’s Personal Data (Privacy) Ordinance (PDPO) and proposed legislative amendments passed in 2021. The reformation includes the establishment of a data breach notification mechanism and granting the PCPD authority to impose fines.
As organizations move towards implementing these guidelines, it will be vital to ensure a prompt and effective response plan to manage data breaches. By doing so, organizations can protect not only their interests but also the rights and privacy of their data subjects.