Are there any data breach notification requirements?
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Local data protection regulations have required data controllers to report such breaches in certain circumstances.
Hong Kong does not legally require businesses to notify the Privacy Commissioner for Personal Data (PCPD) or the affected individuals in the event of a breach. That said, it is recommended as good practice. In cases where a breach has occurred, employers (i.e. data users) are responsible for taking remedial actions to lessen the damage to data subjects.
Employers can notify the PCPD through a Data Breach Notification Form, available on the Commissioner’s site (https://www.pcpd.org.hk). In the event that data subjects may experience a reasonably foreseeable risk of harm as a result of a breach, employers should consider notifying the data subjects. Before making a decision, consider the potential consequences for failing to give notification.
HR Best Practices: While there is no legal requirement to notify impacted individuals or the PCPD in the event of a breach, providing a notification can reduce the risk of litigation. Employers should regularly assess how personal data is being handled, and in the event of a breach, strategize how similar breaches could be prevented in the future. It’s recommended to develop and implement a data breach action plan with notification, incident documentation and response procedures.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.