What does this cover?

Hong Kong's Privacy Commissioner for Personal Data has published updated guidance on 'Data Breach Handling and the Giving of Breach Notifications' (the Guidance). The Guidance provides advice on managing data breaches, with a focus on data controller and data processor arrangements and the requirements for having contractual safeguards in place to ensure security of personal data.

The Guidance advises that the following actions should be taken when facing a security breach:

  • Identify the breach;
  • Immediately begin collecting information about the breach;
  • Mitigate the impact of the breach;
  • Make an assessment of the risk;
  • Provide data breach notifications to affected data subjects;
  • Submit a Data Breach Notification Form to the Privacy Commissioner; and
  • Review the response to improve strategic actions in the future.

The Guidance is available here

What action could be taken to manage risks that may arise from this development?

Financial services companies should analyse their data breach response procedures in Hong Kong to ensure they align with the Guidance.

Submitted by Nick O'Connell of Al Tamimi & Company – Dubai, UAE in partnership with DAC Beachcroft.