Hong Kong: Adopted Guideline to Strengthen Data Security

On 22 September 2023, the Office of the Privacy Commissioner for Personal Data (PCPD) issued a guideline to strengthen organisational data security measures in response to recent cyber attacks resulting in personal data leaks. These guidelines emphasise the necessity of regular data security assessments and the implementation of comprehensive security measures including secure network systems, consistent vulnerability assessments, effective patch management, data encryption, and diligent database management. The PCPD also highlighted the importance of compliance with the Personal Data (Privacy) Ordinance, particularly Data Protection Principle 4. For small and medium enterprises (SMEs), the PCPD has established a specialised hotline and email service offering guidance on PDPO compliance.