Hong Kong: Adopted PCPD updated guidance on cloud computing clarifying relevant requirements of Personal Data (Privacy) Ordinance

On 9 January 2025, the Office of the Privacy Commissioner for Personal Data (PCPD) issued an updated guidance on cloud computing to help organisations protect personal data privacy. The guidance covers technological developments and provides recommendations on service and deployment models, standard services and contracts, and outsourcing arrangements. Additionally, the guidance advises implementing robust logging, appropriate user configuration, encryption for data in transit and at rest, multi-factor authentication, and ensuring contractual provisions for data erasure or return. These recommendations aim to support organisations in safeguarding personal data in cloud computing environments and complying with the Personal Data (Privacy) Ordinance.