Anna Gamvros (HK) and Edward Yau (HK) of Norton Rose Fulbright write:
As data breaches and cyber attacks continue to surge and attackers become more sophisticated, organisations are well aware that the need for robust data security measures is becoming increasingly important.
In Hong Kong, the Office of the Privacy Commissioner for Personal Data (the PCPD) recently published a Guidance Note on Data Security Measures for Information and Communications Technology (the Guidance Note) to provide data users with recommended data security measures to facilitate their compliance with the requirements under the Personal Data (Privacy) Ordinance (PDPO) as well as good practices in strengthening their data security systems.
The purpose of the Guidance Note is to provide practical guidance and recommendations for complying with the PDPO. Specifically, Data Protection Principle 4(1) of the PDPO requires a data user to take “all practicable steps” to ensure that any personal data held by it is protected against unauthorised or accidental access, processing, erasure, loss or us, having regard to a number of factors such as data type, potential harm, data storage location and measures taken to secure data transmission.
Read more at Data Protection Report.