Since Beijing enacted the new national security law tailor-made for Hong Kong on June 30, the business community in the city has expressed concern over the legislation that gives authorities broad . a data user using personal data in direct marketing without the data subjects consent (s.35E(4) of the PDPO) or without giving notice to the data subject (s.35C(5) of the PDPO) is liable to a fine of up to HKD500,000 and imprisonment for up to 3 years; a data user providing personal data to a third party for direct marketing purposes in exchange for gain, without giving notice to the data subject, is liable to a fine of up to HKD1,000,000 and imprisonment for up to 5 years (s.35J of the PDPO); a data user contravening an enforcement notice is liable to (s.50A of the PDPO): on first conviction a fine of up to HKD50,000 and imprisonment for up to 2 years, and a daily penalty of HKD1,000 if the offence continues; and. It will consider similar legislation elsewhere such as in mainland China, which implemented cybersecurity laws in 2017, and Macau, which brought in a law in 2019. Organizations and companies are facing a rising wave of cyberattacks, with CEO fraud and ransomware attacks being two of the most common types. The PDPO therefore adopts an initial implied consent approach. On November 14, the Cyberspace Administration of China (CAC) released the draft Regulations on the Administration of Network Data Security . 2022 Hong Kong news - Independent, non-profit, impartial. 1. the Hong Kong police) of the payment in advance and obtains consent, or if the victim notifies an authorised officer as soon as it is reasonable to do so after making the payment. Cloud computing is both a rapidly growing market in China as well as subject to this increasing regulatory regime. CAC extends cybersecurity review to Hong Kong IPOs China is set to require PRC companies undergo a cybersecurity review before listing in Hong Kong on national security grounds. 2 following the cybersecurity law, the cac issued the measures for This country-specific Q&A provides an overview of Data Protection & Cyber Security Law laws and regulations applicable in South Korea. Unauthorised access to a computer by telecommunication: Under section 27A of the Telecommunications Ordinance (Chapter 106 of the Laws of Hong Kong) it is an offence to use telecommunications1 to affect a computer to obtain unauthorised access to any program or data held in a computer. Table of contents Hong Kong was always meant to have a security law, but could never pass one because it was so unpopular. Sections 20 and 24 of the PDPO provide certain exceptions to a data users obligation to comply with data access or correction requests, for example where the data subject does not supply enough information to verify his/her identity. Hong Kong's higher education is placed in the England's structure as well as international systems. Authorities in Hong Kong are planning a new law regulating cybercrime, in a move that could lay the groundwork for China-style censorship of the city's internet. The PDPO does not include a definition for, nor specifically regulate, cross-contextual behavioural advertising, although the PCPD has provided guidance on online behavioural tracking. 486). Further details on the proposed cyber legislation are provided below. Hong Kong court denies bail to pro-democracy singer facing sedition charge, Covid-19: Hong Kong court rejects bid to challenge legal amendment which invalidated jab exemption certificates, Portuguese man charged under Hong Kong sedition law over online posts denied bail, Hong Kong activist changes plea to guilty in national security case against 47 democrats, Hong Kong justice dept appeals against court decision to let UK lawyer represent media tycoon Jimmy Lai, Covid-19: Finance chief Paul Chan tested positive on return to Hong Kong but not quarantined, govt says, Eviction of historic Hong Kong mahjong tile shop halted as govt considers construction plans, Canadas public broadcaster CBC shuts China bureau citing lack of visa, Shaping a sustainable recovery: Social Enterprise Summit explores how we can bounce forward post-pandemic, Covid-19: Hong Kong October arrivals down 97% compared to pre-pandemic 2019 data, Exclusive: University of Hong Kong makes library users register to access some politically sensitive books, Explainer: Hong Kongs national security crackdown month 28, Team of journalists resigned after SCMP axed 3-part series on Xinjiang abuses, ex-editor says, Hong Kong hoists T8 storm signal as Severe Tropical Storm Nalgae nears, Don't bet against China and Hong Kong and don't read too much foreign news, top Chinese regulator tells banking summit, Covid-19: Finance chief Paul Chan tested positive on return to Hong Kong but not quarantined, gov't says, Proudly powered by Newspack by Automattic. While Hong Kong has yet to enact specific legislation on cybercrime or cybersecurity, this will soon change with the announcement of the proposal to enact a new cybersecurity law during the Chief Executive's 2021 Policy Address ("2021 Policy Address") and the issuance of a consultation paper on "Cyber-dependent crimes and jurisdictional issues" ("Consultation Paper") by the Hong Kong Law Reform Commission (HKLRC). See questions 1 and 13 above. This has highlighted the need for more robust, updated and comprehensive cyber legislation in Hong Kong. The PDPO has been under review since the publication of a government paper in January 2020 (LC Paper No CB(2)512/19-20(03)), to strengthen the protection of data subjects. The Amendment Ordinance also contains additional investigation powers in respect of the two-tier doxxing offences. by way of background, china's cybersecurity law 1 for the first time raised the requirement of cybersecurity review for critical information infrastructure operators' (the " ciio ") activities of purchasing network products and services, which may influence national security. The local cybersecurity legislation may potentially adopt the concept of "critical information infrastructure operators" under the PRC's national Cybersecurity Law, who are subject to heightened security measures such as undergoing national security review when purchasing network products and services that may impact national security, and storing personal information and critical data within the territory. The PCPD recommends that organisations conduct yearly risk assessments to ensure their privacy policies comply with the PDPO and privacy impact assessments before launching any new projects, products or services to determine potential privacy risks at an early stage (and make any necessary changes and improvements). The past decade has seen a huge increase in the incidents of cyber crime in Hong Kong. Other recommendations by the HKLRC include the following: The HKLRC has also requested submissions to a series of questions relating to whether there should be defenses and exemptions to the proposed New Cybercrime Offences and the appropriate scope of such exemptions. Currently, Hong Kong does not have any specific offence applicable to cybercrime. Please see question 28 above. No. U Law Hong Kong. where there was a reasonable belief that the disclosure was necessary for preventing or detecting crime; where there was a reasonable belief that the data subject gave their consent to the disclosure; where there was a reasonable belief that disclosure was in the public interest and was made for news activity purposes; and. Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) HKCERT is the centre for coordination of computer security incident responses for SMEs and Internet users, to facilitate information dissemination, provide advice on preventive measures against security threats and promote information security awareness. Risk advice We help clients manage legal risks related to cybersecurity, privacy, data governance, eDiscovery, information technology, eCommerce and intellectual property. We also use third-party cookies that help us analyze and understand how you use this website. There is currently no obligation to consult with the PCPD, or to issue data breach notifications to the PCPD. The Draft Regulations are intended to implement portions of three existing laws: the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law. a marketing call to the unidentified owner of a particular telephone number (which is regulated under the Unsolicited Electronic Messages Ordinance (Cap. DPP4 requires data users to take all practicable steps to protect personal data from unauthorised or accidental access, processing, erasure, loss or use. In a typical CEO fraud scam, the scammer would usually get a good working understanding of the company's hierarchy and its money, trade and logistical movement patterns. Further guidance can be found in the PCPDs Guidance for Data Users on the Collection and Use of Personal Data through the Internet. As with all legislative change, the devil will be in the detail. a data subject through the civil courts, where the data subject can show that they have suffered damage resulting from a data users infringement of the data subjects rights. It is currently unknown which (if any) of these proposals would be included in further amendment legislation and when any such changes would come into effect. There is no definition of sensitive personal data under the PDPO, although the PCPD uses the term in its guidance. The PCPD recommends that organisations: Online tracking information held by data users should be accurate, should not be kept for longer than necessary, and should only be used for the purposes originally stated at the time of collection. In addition to these provisions, it is recommended for data users and data processors to keep records of data processing activities in order to be able to respond promptly and comprehensively to any enquiry or investigation by the PCPD into compliance with the DPPs, or to any complaint by a data subject. The details that will define the policy effect and direction of the proposed laws will be: the proposed scope of terms such as CII operators. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. while hong kong has yet to enact specific legislation on cybercrime or cybersecurity, this will soon change with the announcement of the proposal to enact a new cybersecurity law during the chief executive's 2021 policy address (" 2021 policy address ") and the issuance of a consultation paper on "cyber-dependent crimes and jurisdictional issues" We are expecting further updates and guidance around cybersecurity and cybercrime legislation. Build a Morning News Brief: Easy, No Clutter, Free! The PCPD generally has no direct power to sanction a breach of a DPP, although breach of certain provisions of the PDPO (about which see question 37 below) is a criminal offence, punishable by fines and/or imprisonment. Offences of a less serious nature may be dealt with summarily with a jail term of two years or less. The Securities and Futures Commission (SFC) has also issued guidance and FAQs and circulars on cybersecurity most recently in relation to internet trading, remote office arrangements, and use of external electronic data storage. Search regulations by topic. 486) (the " PDPO ") is a comprehensive set of laws that is technology-neutral and provides a set of Data Protection Principles outlining how data users should collect, handle and use personal data. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. As a result, the Cybersecurity Law of the People's . If a website deploys third-party cookies, regardless of whether any personal data is involved, it should state clearly what kind of information the cookies collect, to whom the information may be transferred and for what purposes. Under the New Cybercrime Offences, ransomware would be considered an offence of making available or possessing a device or data for committing a crime. i The China Cyber Security Law. However, these provisions have never been brought into effect. Hong Kong There are no minimum contract terms, or standard contractual clauses, required for processors of personal data. See further details on this below. Violations of the law, with serious consequences may be penalized up to 5% of the prior year's turnover, and/or the ceasing of . In addition to the general personal data protection framework under the PDPO, there are sector-specific personal data protection requirements imposed by some industry regulators (see question 28 below). This country-specific Q&A provides an overview of Data Protection & Cyber Security Law laws and regulations applicable in Hong Kong. Under DPP1(3) PDPO, on or before the collection of personal data from a data subject, the data user must take all practicable steps to inform the data subject various information about the processing of the data, including: Exemptions to this rule exist, including where the personal data was not collected directly from the data subject or if the data could not be used to re-identify the data subject.
Elements Of Ecology, 9th Edition, Deteriorating Crossword Clue, Long Search Crossword Clue 5 Letters, Sharply Outline Crossword Clue, Button Group Accessibility, Are Patient Initials Considered Phi,