The Office of the Privacy Commissioner for Personal Data (“PCPD”) issued an updated “Guidance on Data Breach Handling and Data Breach Notifications” (“the Guidance”) in June 2023 which offers more comprehensive and practical insights to organisations on how to effectively handle data breaches and mitigate the harm that may be caused to affected data subjects.

In the Guidance, the PCPD identified the trends of common causes of data breaches in Hong Kong, which include cyberattacks, system misconfigurations, loss of physical documents/portable devices, improper/wrongful disposal of personal data, inadvertent disclosure by mail/post, and staff negligence/misconduct.

The Guidance recommends organisations to formulate a comprehensive data breach response plan. The plan should specify the procedures to adopt in the event of a data breach, and the strategies for mitigating its impact. The Guidance further recommends five steps that organisations should take in the event of a data breach.

To know more, please read our latest article for this update prepared by our Partner, Charles To, our Associate, Tiffany Li and our Trainee Solicitor Hank Yeung.