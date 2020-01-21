Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Hong Kong Looks to GDPR as it Strengthens Privacy Laws

Hong Kong is set to follow the lead of European regulators in applying tougher penalties for data protection infractions, following a serious breach at airline Cathay Pacific in 2018.

Proposed amendments to the regional government’s Personal Data (Privacy) Ordinance, which cited the GDPR, would see fines levied as a percentage of global turnover, according to reports.

The privacy commissioner may even be given powers to levy fines immediately depending on the severity of an incident, without first needing to issue an enforcement notice.

The proposals would also mandate breach notifications to the commissioner within five days, a couple of days longer than GDPR rules but still an improvement on the current situation.

The breach of Hong Kong’s national carrier two years ago, which affected over nine million customers, shone a light on the inadequacies of the Special Administrative Region (SAR)’s existing data protection regime.

It took Cathay seven months to report the incident, although it was under no legal obligation to do so at all.

The privacy commissioner was powerless to levy fines: instead, the only option was an enforcement notice citing violation of privacy laws and ordering the firm to improve its cybersecurity posture. Failure to comply with the order leads to a fine of just HK$50,000 ($6433).

Rights groups have written to Hong Kong’s Legislative Council (LegCo), arguing that the proposals still don’t go far enough.

The government’s current proposal is too narrow, and LegCo now has a critical opportunity to strengthen this outdated law and bring it closer to better models, such as Europe’s privacy laws,” said Sophie Richardson, China director at Human Rights Watch (HRW).

“Strong protections on how people’s personal data can be collected and used will help assuage fears that mass surveillance tactics used elsewhere could spread to Hong Kong.”

HRW also wants to see the definition of personal data under the ordinance broadened, and a distinction to be made between general personal data and sensitive data, with the latter subject to stricter conditions.

It also argued for stronger rights for data subjects over how their data is used: for example, mandating firms to obtain explicit consent before using personal data, and empowering individuals to have data erased if they choose.

Such elements are all key parts of the GDPR. Various parts of the EU regulation can also be found in the new California privacy law, CCPA.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Travelex Begins Reboot as VPN Bug Persists

2
News

US Could Appoint a Cybersecurity Leader for Each State

3
News

Teen Charged Over $50m SIM-Swapping Scam on Blockchain Experts

4
Opinion

Life as a Crowdsourced Hacker – Why You Won’t Become a Millionaire

5
News

Citrix Patches ADC Bug as Attacker Hoards Access

6
News

Mitsubishi Electric Discloses Information Leak

1
News

Surge in Ships Seeking Cybersecurity Classification

2
News

US Cybersecurity Firm Founder Admits Funding DDoS Attacks

3
News

Scottish Police Deploy Tech That Extracts Data from Locked Smartphones

4
Blog

Setting the Stage for Innovation at #RSAC 2020

5
News

Hong Kong Looks to GDPR as it Strengthens Privacy Laws

6
News

UK Gov Database Leak Exposes 28 Million Children

1
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

2
Webinar

New Year, New Decade, New Threats and Challenges

3
Webinar

Making a SOAR Strategy Work For You

4
Webinar

2019 Cybersecurity Headlines in Review

5
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

6
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

1
News

Mariah Carey's Twitter Account Hacked

2
Opinion

Is it Time to Resuscitate Prevention?

3
News

Data Leak Forces Password Reset at Crypto Exchange Poloniex

4
News

US Restaurant Chain Landry’s Hit by POS Malware

5
Opinion

Providing Cyber Defence Without Breaking The Bank

6
News

US Biz Wins Court Case Against Ransomware Data Thieves