A director of a Hong Kong company has been convicted of an offence under the Personal Data (Privacy) Ordinance (“PDPO”). This is the first conviction of its type under the PDPO since the law came into effect in 1996, confirming the potential for directors’ liability under the law.
PDPO
Hong Kong Regulators Step up Enforcement on Personal Data Protection
Over the past month, Hong Kong Courts and the Securities and Futures Commission (“SFC”) have taken action under the Personal Data (Privacy) Ordinance (“PDPO”) against an insurance agent, a marketing company and a licensed individual for improper handling of personal data, resulting in a Community Service Order, a fine, and an SFC disciplinary action. These cases demonstrate increased citizen awareness of privacy rights, industry focus on the PDPO, and foreshadow further enforcement activity.
Major cybersecurity breach hits Hong Kong company
The Office of the Privacy Commissioner for Personal Data (PCPD) announced on 1 December 2015 that it has commenced an investigation on a data breach incident of VTech Holdings Limited (VTech), a Hong Kong stock exchange listed supplier of children’s learning products that is based in Hong Kong. The scope of the data breach is unclear, but it is likely that data subjects other than Hong Kong residents are affected. It was reported that the attorneys-general in the US states of Connecticut and Illinois have also announced plans to conduct their own investigation into this security breach.