Hong Kong Data Protection Authority Looks Back on 2015—and Ahead


Last year wasn’t the best for data security in Hong Kong, with an 18-fold increase in the number of people victimized by a rising tide of data breaches.

Over 12 percent of Hong Kong’s population was impacted by data breaches in 2015, with 871,000 being affected by 98 separate data breach incidents, according to a report by the Privacy Commissioner for Personal Data (PCPD). The number of breaches itself increased 40 percent from 2014, and the number of individuals affected rose by over 1,850 percent—from 47,000 in 2014. 

In addition to these numbers, there were a record number of privacy complaints received by the PCPD. Those complaints rose from 1,702 in 2014 to 1,971 in 2015, an increase of 16 percent. Most of the complaints, which were related to use of personal data without consent and manner of data collection, were aimed at the private sector, specifically the financial industry. The PCPD looked on the sunny side, interpreting the numbers as “indicating an increase in public awareness on personal data privacy protection.”

The numbers reflect a year that had a number of high-profile data security crises. Hong Kong-based children’s education company V-Tech suffered one of the most high profile data breaches of the year, with approximately 5 million accounts and over 6.6 million children’s profiles affected. And Hong Kong-based Sanrio Digital Limited fell victim to a breach affecting 3.3 million members of its website.

PCPD’s enforcement has seen an uptick that’s in line with the increase in breaches and complaints. The number of cases referred for criminal investigation and prosecution increased by 50 percent—from 20 in 2014 to 30 in 2015—and the number of prosecutions climbed from one to six over the same period.

The report was not only a rehash of bad news from 2015, however. PCPD laid out its strategic focus for 2016, with four areas of emphasis: (1) comparative research and analysis; (2) promoting good practices; (3) public education campaigns; and (4) supporting the Electronic Health Record Sharing System.

Research and analysis will focus on the progress of the European Union General Data Protection Regulation to ensure that Hong Kong’s 20-year-old privacy law doesn’t fall behind international standards. The PCPD also plans to research the Internet of Things and big data, two phenomena that continue to make more personal data available to more people, companies and governments. 

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.