Cybersecurity—Hong Kong—Q&A guide [Archived, 2019 edition]

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Hong Kong—Q&A guide [Archived, 2019 edition]
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Hong Kong—Q&A guide [Archived, 2019 edition]

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Hong Kong published as part of the Lexology Getting the Deal Through series by Law Business Research (published: December 2019).

Authors: Mayer Brown—Gabriela Kennedy; Karen H. F. Lee

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

There is no dedicated statute in Hong Kong that specifically addresses cybersecurity. However, the Personal Data (Privacy) Ordinance (PDPO) and guidelines issued by the Office of the Privacy Commissioner for Personal Data (PCPD) are relevant if personal data privacy issues are concerned. Also, various ordinances provide for a number of cybercrimes (see ‘Scope and jurisdiction’), and regulatory bodies in certain sectors have issued guidelines, circulars or good practice guides, etc, in relation to cybersecurity.

2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?

The banking, securities, insurance and public health sectors, and the public sector in general, in Hong Kong have led the way when it comes to cybersecurity initiatives in the form of guidelines and codes of practice.

Over the past few years, the Hong Kong Monetary Authority (HKMA) has issued various non-binding cybersecurity guidelines for authorised institutions. In 2016, it launched the Cyber Resilience Assessment Framework (C-RAF) under the Cybersecurity Fortification Initiative, which requires all authorised institutions to conduct

Popular documents