Advertisement
Cathay Pacific
Hong KongTransport

Worried after Cathay Pacific’s data breach? Here’s all you need to know about privacy protection in Hong Kong

  • In aftermath of revelation that personal details of 9.4 million airline passengers were compromised, a look at what is regulated and how the law is enforced
  • Top official says it may take time for rules to get tougher

Reading Time:3 minutes
Why you can trust SCMP
Cathay Pacific Airways is based in Hong Kong. Photo: Edward Wong
Karen ZhangandAlvin Lum
Cathay Pacific Airways sent ripples of alarm across Hong Kong on Wednesday night when it revealed that the data of 9.4 million passengers was compromised in March. The belated disclosure has raised concerns about how personal data is safeguarded in the city. Here’s all you need to know about privacy protection in Hong Kong.
Advertisement

What does the privacy law regulate?

The Personal Data (Privacy) Ordinance protects the privacy rights of a person in relation to personal data. But non-compliance by a data holder does not automatically constitute a criminal offence. The privacy commissioner first issues an enforcement notice asking the data holder to rectify any breaches, and those who do not do so could be fined up to HK$50,000 (US$6,410) and jailed two years. There is no statutory requirement that data breaches be reported.

Data users in Hong Kong who do not properly handle a breach could be fined up to HK$50,000 and jailed two years. Photo: Shutterstock
Data users in Hong Kong who do not properly handle a breach could be fined up to HK$50,000 and jailed two years. Photo: Shutterstock

How often is the law enforced?

Advertisement
The Post reported earlier that the number of formal investigations launched by the privacy commissioner for personal data has dropped from more than 100 in 2014 to just one last year. Instead, it has mostly turned its attention to checking individuals and companies for compliance.
Advertisement