Hong Kong Personal Data (Privacy) Ordinance (PDPO)

On 12 May 2022, the Hong Kong Privacy Commissioner for Personal Data (PCPD) issued a Guidance Note on the Recommended Model Contractual Clauses for Cross-border Transfers of Personal Data (2022 Guidance).

The 2022 Guidance is split into three “parts”:

  1. Part 1 is an introduction of the 2022 Guidance and the rationale underpinning it;
  2. Part 2

The European Union (EU) General Data Protection Regulation 2016 (GDPR) came into force on 25 May 2018. A brief summary of the GDPR can be found here: https://www.mayerbrown.com/The-GDPR-The-Changes-That-Will-Affect-Your-Business-05-25-2018/.

Organisations in Hong Kong may need to comply with the GDPR if it (1) has an establishment in the EU, where personal data is processed in

A recent possible hack of the Hong Kong Department of Health’s (DH) record system in Hong Kong may affect 17,000 patients.

On 19 July 2016, the DH discovered suspicious files on the computer server hosting its Immunisation Record System. The suspicious files were believed to have been saved on the server after a

Hong Kong’s Privacy Commissioner has issued a revised Code of Practice on Human Resource Management (the “Code”) and a revised Privacy Guidelines for Monitoring and Personal Data Privacy at Work (the “Guidelines”).

Neither the new Code nor the new Guidelines include any material change from their existing versions. The only changes are the new Code

Bloomberg BNA’s World Data Protection Report re-publishes article by Gabriela Kennedy on David Webb involving the re-use of personal data collected from the public domain.

Gabriela Kennedy takes a look at the decision made by The Administrative Appeals Board (AAB) on 27 October 2015, rejecting an appeal filed by activist David Webb (Webb) against an

On 30 December 2015, an individual was convicted for breaching the direct marketing provisions under the Hong Kong Personal Data (Privacy) Ordinance (PDPO). This conviction closely follows three earlier convictions in September and November 2015, and marks the first conviction against an individual for the transfer of personal data to a third party for use

On 14 November 2015, VTech Holdings Limited (VTech) was hacked, resulting in the personal data of about 6.4 million children and 4.9 million parents being compromised worldwide. Out of the more than 11 million people involved, 5 million of them had their data stolen. This is the largest cyber attack affecting children’s data worldwide. Investigations

On 9 and 14 September 2015, Hong Kong Broadband Network Limited and Links International Relocation Limited respectively were convicted for breaching the direct marketing provisions under the Personal Data (Privacy) Ordinance (“PDPO“). These are the first set of convictions issued under the direct marketing provisions in Hong Kong which came into effect on

In May 2015, the Hong Kong Privacy Commissioner announced the results of a study carried out in October 2014, which revealed that children are now going online at a much younger age than ever before. The study revealed a fundamental lack of awareness on the part of the children themselves, their parents and teachers alike